Cloud Security Manager

Job Description

Accountabilities:

• Cloud Security Governance & Policy - Establish, maintain, and enforce cloud security policies, standards, and governance frameworks to ensure secure cloud adoption across the organization.

• Secure Cloud Architecture & Design Assurance - Review and approve cloud solution designs, ensuring secure-by-design principles, threat modeling, and compliance with best practices and reference architectures.

• Identity & Access Management (IAM) Control - Own and govern cloud IAM strategy, enforcing least privilege, strong authentication, privileged access control, and periodic access reviews.

• Cloud Security Operations & Monitoring - Oversee continuous monitoring of cloud environments, ensuring timely detection and remediation of misconfigurations, vulnerabilities, and security threats.

• Compliance, Audit & Risk Management - Ensure cloud environments meet regulatory, legal, and internal compliance requirements; manage risk assessments, audits, and cloud security reporting.

• Incident Response & Forensics - Lead cloud security incident response, including investigation, containment, recovery, and root cause analysis for cloud-related security events.

• Leadership, Stakeholder Engagement & Continuous Improvement - Provide cloud security expertise to stakeholders, lead security teams, manage security tools/vendors, and drive cloud security capability enhancements.

Responsibilities:

• Cloud Security Governance & Strategy - Develop and maintain AWS cloud security policies, standards, and frameworks; lead security strategy aligned with business and regulatory requirements; enforce AWS Well-Architected, CIS, and Zero Trust principles.

• Cloud Security Architecture & Engineering - Design, review, and approve secure AWS architectures; guide secure cloud-native implementations; govern IAM (RBAC, least privilege, automated remediation); oversee network security controls including WAF, Shield, and service mesh.

• Cloud Security Operations, Monitoring & Incident Response - Manage continuous monitoring with AWS-native tools and SIEM; oversee vulnerability management and misconfiguration remediation; lead incident response including detection, investigation, containment, and recovery; automate security guardrails and remediation workflows.

• Compliance, Risk Management & Audit Assurance - Ensure compliance with regulatory and internal requirements (SOC 2, GDPR, MAS TRM, PDPA); conduct cloud risk assessments and threat modeling; coordinate penetration testing; prepare documentation and evidence for audits.

• Data Protection & Cloud Security Controls - Ensure effective protection of sensitive data through encryption, access governance, classification, and DLP controls; manage cloud data exposure risks and ensure secure storage and handling of information across AWS services.

• Leadership, Collaboration & Security Culture - Serve as AWS cloud security SME; collaborate with Cloud, DevOps, Network, and Cybersecurity teams to embed security-by-design; mentor teams and promote a strong security culture through training and stakeholder engagement

Team Scope/ Stakeholders:

• Reports to the Head of Cybersecurity : The candidate will work closely with the Head of Cybersecurity to design, implement, support, and maintain cybersecurity systems that safeguard the organization’s digital assets. This includes contributing to architecture design, operational readiness, system optimization, and ensuring alignment with security policies and operational objectives.

• Vendor & Service Provider Management: The candidate will lead, manage, and coordinate external vendors responsible for supporting cybersecurity systems. This includes ensuring vendors meet contractual obligations, service levels, operational standards, and deliver quality support for security tools, platforms, and related infrastructure.

• Cross-Functional Collaboration: The role will collaborate with internal stakeholders such as IT Infrastructure, Network Engineering, SOC Analysts, Incident Response Teams, Governance/Risk/Compliance (GRC), and Application Teams to ensure the effective operation, integration, and continuous improvement of cybersecurity systems.

• Business & Operational Stakeholders: The candidate will engage with business units to understand operational requirements, communicate potential risks, and ensure security systems support business continuity, performance, and compliance needs.

Minimum Profile/ Track Record:

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field; Master’s degree is a plus.

• 5–10 years of cybersecurity experience, with at least 3+ years focused on AWS cloud security and cloud security architecture.

• Strong expertise in AWS security services (e.g., IAM, Security Hub, GuardDuty, CloudTrail, Config, Macie, KMS, WAF, Shield).

• Hands-on experience in cloud security architecture, DevSecOps, and infrastructure-as-code (Terraform, CloudFormation).

• Proven ability to implement IAM governance, least privilege, encryption controls, network security, and secure cloud design principles.

• Experience with cloud compliance frameworks and audits (ISO 27001, SOC 2, CIS, MAS TRM, NIST) and conducting cloud risk assessments.

• Strong leadership and communication skills, with experience managing cloud security initiatives and collaborating with multi-disciplinary teams.

• Relevant professional certifications such as AWS Certified Security – Specialty, AWS Solutions Architect, CISSP, CISM, or CCSP.

#LI-SM1