Principal, Cloud Security Architect (Director Level), Global Cyber Security, RBC Brewin Dolphin[…]

Job Description

The Principal Cloud Security Architect will lead the design, engineering, and delivery of cloud security solutions across the company’s Azure enterprise environment.

This role owns end-to-end security architecture and hands‑on implementation, drives enterprise‑scale operationalisation of cloud security capabilities, embeds security into CI/CD pipelines and infrastructure‑as‑code, and partners with Regulatory, Compliance and Audit functions to ensure controls meet regulatory frameworks and industry standards.

The ideal candidate combines deep technical expertise with strategic leadership—equally comfortable whiteboarding architecture, writing the Terraform to implement it, and guiding teams through complex security transformations at scale.

The position is permanent, full‑time, and requires four days at our 10 Fenchurch Avenue, London office.

What will you do?

Strategic Leadership & Architecture

• Lead efforts to secure Azure cloud platform at the company Brewin Dolphin, serving as the primary security subject matter expert for Azure‑native services, identity, networking, and data protection controls.
• Lead, execute and deliver on Cloud Security strategy and initiatives with measurable outcomes.
• Build, innovate and mature Cloud Security Capabilities at the company Brewin Dolphin.
• Lead the development of end‑to‑end technical cloud security design and architecture to ensure safe application on‑boarding to meet sponsor/stakeholder needs, without impacting planned time to market timelines.
• Conduct threat modeling, security architecture assessments and cloud service security reviews to ensure alignment with industry best practices and the company’s risk appetite.

Hands‑On Technical Implementation

• Architect and drive security strategy for Azure Kubernetes Service (AKS) and OpenShift Container Platform, including cluster hardening, admission control, runtime security, image assurance, network policy, secrets management and workload identity.
• Define and implement security controls for Azure infrastructure supporting AI/ML workloads, including compute provisioning, networking, storage, identity and platform services (Microsoft Foundry/Azure OpenAI Service, Azure Machine Learning).
• Lead the enterprise deployment and operationalisation of Wiz CNAPP, including CSPM, CWPP, CIEM, DSPM and container/Kubernetes security capabilities—driving policy‑as‑code, risk prioritisation and remediation workflows at scale.
• Embed security into CI/CD pipelines and software supply chain (GitHub Actions, Terraform, ArgoCD, Helm) through automated scanning, policy enforcement, IaC security validation and shift‑left developer tooling.

Automation & Controls Development

• Lead and build preventative and detective controls/measures according to the company Brewin Dolphin’s cloud control objectives while using modern automation, config‑as‑code and TDD principles to bring reliability.
• Lead and build automated reporting and monitoring solutions to provide feedback to developers and help them shift left and recognise security gaps early.
• Experience in hardening and safeguarding cloud services and preventing config drift with native or third‑party tools (CSPM, IaC, linter).
• Architect, engineer and deploy cloud security solutions end‑to‑end—owning the full lifecycle from design through implementation, testing and production delivery.

Collaboration & Governance

• Partner with Regulatory, Compliance and Audit teams to ensure cloud security controls satisfy industry standards, SOX, PCI‑DSS and internal risk frameworks—translating regulatory expectations into technical control implementations and evidence automation.
• Communicate and collaborate with application developers to remediate security vulnerabilities for their applications and/or resources.
• Work with cloud stakeholders to design, build and validate Cloud Security controls.
• Ability to partner effectively with key stakeholders on complex projects with excellent communication, facilitation and presentation skills.

What do you need to succeed?

Must‑have

• Demonstrable experience in Cyber Security, with a focus on cloud security architecture and engineering.
• Deep hands‑on expertise with Microsoft Azure security (Defender for Cloud, Entra ID, Azure Policy, Network Security Groups, Private Link, Key Vault).
• Strong knowledge and experience of cloud security frameworks and governance practices with extensive hands‑on experience with Azure cloud platform.
• Strong experience securing Kubernetes at scale with AKS and/or OpenShift Container Platform—including admission controllers, OPA/Gatekeeper/Kyverno, service mesh security and runtime protection.
• Hands‑on experience with Wiz CNAPP (or equivalent CNAPP platform) in a large enterprise environment, including policy authoring, risk scoring and integration with ticketing/remediation workflows.
• Experience securing CI/CD pipelines and infrastructure‑as‑code—GitHub Actions, Terraform (including Sentinel/OPA policy), container image pipelines, artifact signing and SBOM generation.
• Demonstrated ability to operate as both a security architect and hands‑on practitioner—willing to roll up sleeves and write IaC, policy‑as‑code, automation scripts or pipeline configurations when needed.
• Demonstrated experience making architectural decisions based on simplicity, industry frameworks, scalability and reusability.
• Ability to partner effectively with key stakeholders on complex programs with excellent communication, facilitation and presentation skills.

Nice‑to‑have

• Experience securing Azure infrastructure for AI/ML workloads—GPU‑enabled VMs/node pools, high‑bandwidth networking, large‑scale storage and managed AI platform services from a compute, network and identity perspective.
• Recognisable security‑related industry certifications (CISSP, CCSP, CCSK, OSCP).
• Azure security certifications (SC‑500, SC‑100).
• Kubernetes certifications (CKA, CKS) or Wiz certifications.

What is in it for you?

We thrive on the challenge to be our best—progressive thinking to keep growing and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A comprehensive Total Rewards Programme including bonuses, flexible benefits and competitive compensation.
• Leaders who support your development through coaching and management opportunities.
• Opportunities to work with the best in the field.
• Ability to make a difference and lasting impact.
• Work in a dynamic, collaborative, progressive and high‑performing team.
• A world‑class training programme in financial services.

#J-18808-Ljbffr…