Senior Cloud Security Architect (10+ years) to design and mature CNAPP architecture across multi-cloud environments using GCP, Azure, and AWS-40848

Our financial services client is seeking a Senior Cloud Security Architect (10+ years) to design and mature CNAPP architecture across multi-cloud environments using GCP, Azure, and AWS-40848

Location Address: Toronto/ Hybrid, 2 days in the office per week.

Contract Duration: ASAP to Oct 31st (Possibility of extension)

Schedule Hours: 9 am-5 pm Monday-Friday; standard 37.5 hrs/week - No overtime.

Story Behind the Need

Business group: Information security control - securing the cloud-based environments like GCP or Azure, and securing the cloud-based services using a solution, usually a vendor.

The Cloud Security Architect ensures continuity and maturity of Cloud Security and CNAPP architecture, including CSPM, CIEM, CWPP, and IaC controls, which are foundational to securing bank's cloud platforms. This strategic senior role owns day‑to‑day architecture decisions, platform integrations, and risk-driven design aligned with enterprise security standards.

Key Responsibilities

• Lead CNAPP architecture & rollout across multi-cloud and Hybrid solutions, including integration patterns and operationalization design.
• Design multi-cloud / hybrid security solutions covering data protection, IAM, and threat management for enterprise workloads and global user base.
• Define security controls through policy as Code (e.g., OPA, CNAPP tool's OOTB policies, Cloud Fabric policies), aligned to enterprise standards and design its integrations points to ensure posture security, vulnerability management and remediation workflows are in place.
• Define and publish Security Reference Architectures and reusable patterns (secure-by-design) for engineering adoption across platforms and products.
• Partner with platform engineering / DevSecOps teams to integrate scanning and controls into CI/CD (e.g., Terraform Cloud, GitHub Actions, Azure DevOps), including risk decisions and exceptions.
• Own cloud security architecture artifacts (diagrams, deep dives, capability views) and communicate target/current state to stakeholders.
• Provide advisory and architecture reviews (TRA / governance forums), identify gaps, recommend pragmatic remediation, and align to delivery timelines.
• Support audit and compliance evidence through control documentation, traceability to NIST / CSA / CIS, and responses for internal/external reviews.
• Coordinate cloud security integrations requiring network/service-boundary controls) for vendor/tool onboarding.
• Define enterprise AI security reference architectures

Must have requirements:

• 10 years of experience in cloud security architecture across GCP, Azure, or AWS, including deep understanding of cloud platform services and enterprise-scale design patterns.
• Proven experience designing, implementing, and scaling CNAPP capabilities (such as CSPM, CWPP, CIEM, IaC scanning) in production-grade cloud environments.
• Strong experience integrating DevSecOps controls into CI/CD pipelines such as GHA, Jenkins, including secure infrastructure provisioning using tools such as Terraform Cloud.
• Strong understanding of cryptography, IAM, data protection and Network architecture
• Experience with cloud-native workload security: containers/Kubernetes (e.g., GKE,AKS,EKS) and runtime controls (CWPP-style).

Nice to Have

• Strong experience designing and implementing security controls aligned to frameworks such as NIST and CIS.
• Familiarity with common security toolchain integrations (e.g., CNAPP, SSPM, SAST/DAST, logging/monitoring).
• Certifications or equivalent depth (e.g., CISSP, CCSP) and comfort operating in regulated / audit-driven environments.

Education:

• Post-secondary degree or diploma preferred.

Best VS. Average Candidate:

The best candidate is someone with experience with cloud architecture and can add security to it. Someone who knows about GCP and cloud services and the following concepts in detail so can easily add the security part: IAM, Network, and Cryptography

Candidate Review & Selection

1ST round- Video call- 45 mins - Hiring manager- Technical interview - Behavioral or situational and go through experience, and role overview.

2nd round

Video call - 30 mins - Hiring manager and Director- Cultural fit and technical questions.