Cloud Security Governance is responsible for implementing, overseeing, and maintaining effective governance of cloud-related security controls and risk management practices within the bank.
This role ensures all cloud adoption initiatives align with internal security policies, relevant regulatory requirements (e.g., BNM RMiT, MAS), and best practices (e.g., CSA, NIST, ISO/IEC 27017 & 27018).
Job Responsibilities
Govern and enforce security policies and standards for cloud services (AWS, Azure, etc.) used within the bank.
Define and oversee cloud-specific controls in collaboration with architecture, DevSecOps, and IT operations teams.
Maintain Cloud Security Baseline for Cloud adoption for all types (SaaS, PaaS IaaS, etc.).
Implement cloud security policies, standards, guidelines, and procedures aligned with industry best practices (e.g., NIST CSF, ISO 27001, CSA CCM), regulatory requirements (e.g., GDPR, HIPAA, PCI DSS, RMiT, etc. where relevant), and organizational objectives.
Establish and maintain a comprehensive inventory of cloud services and resources.
Develop and implement processes for monitoring and enforcing adherence to cloud security policies.
Conduct security risk assessments on proposed cloud initiatives and provide actionable recommendations.
Ensure compliance with relevant security regulations, standards, and legal frameworks in the cloud environment.
Ensure adherence to the Bank's Cloud Strategy and compliance with BNM RMiT, especially Appendix 10 Cloud Services and applicable regulatory requirements.
Manage and support cloud security audits and assessments.
Provide cloud security advisory to project teams, application owners, and developers.
Collaborate with Cloud CoE (Center of Excellence), Enterprise Architecture, and Legal/Compliance teams to embed security into cloud governance.
Maintain visibility into cloud adoption via cloud security posture management (CSPM) or CASB tools.
Define and track KPIs/metrics for cloud security compliance, incidents, and misconfigurations.
Prepare regular reports on cloud security risks and posture.
Educate and train staff on cloud security best practices and risk management.
Stay up-to-date on the latest cloud security trends, threats, and best practices.
Continuously evaluate and improve the cloud security governance framework based on evolving risks and business needs.
Identify opportunities for automation and process optimization in cloud security governance.
Job Requirements
A professional qualification with a recognised Master/ Degree in Information Technology, Computer Science, Cyber Security IT or a related discipline.
Professional certifications are highly preferred: Required/Preferred: CCSP, CISM, CISSP, AWS/Azure Security Specialty, ISO 27001/27017 Lead Implementer or Auditor or other related professional IT certifications (Cloud Security) will be an added advantage.
Proven experience as a Cloud Security Governance role.
Strong understanding of cloud computing and its security aspects. This includes knowledge of various cloud service models (IaaS, PaaS, SaaS) and deployment models (Public, Private, Hybrid, Community).
Experience in implementing and managing security controls in cloud environments, ensuring adherence to regulations and compliances.
Ability to design, develop and implement security strategies and governance in cloud environments, including risk assessments and mitigation strategies.
Strong understanding of cloud security architectures and shared responsibility models.
Hands-on experience with cloud platforms (e.g., AWS, Azure, GCP) and security tools (e.g., CSPM, CASB).
Knowledge of current cyber threats, defenses, and tools specific to the cloud environment. This includes understanding of encryption, intrusion detection systems, firewalls, and data loss prevention.
Proficiency in a variety of security frameworks (e.g., ISO 27001, NIST, CIS), laws, and regulations that impact cloud security.
