Cloud Security Governance is responsible for implementing, overseeing, and maintaining effective governance of cloud-related security controls and risk management practices within the bank.
This role ensures all cloud adoption initiatives align with internal security policies, relevant regulatory requirements (e.g., BNM RMiT, MAS), and best practices (e.g., CSA, NIST, ISO/IEC 27017 & 27018).
Job Responsibilities
Maintain cloud security governance across multi-cloud environments.
Continuously monitor and update cloud guardrails for multi-cloud environments, review configuration findings, enforce baseline controls, and escalate issues to relevant parties.
Monitor multi-cloud security compliance tools and policy compliance, triage findings, coordinate remediation, track posture metrics, maintain dashboards, and provide posture insights.
Support exemption request intake, document risks, validate compensating controls, track exemption lifecycle, and highlight recurring patterns for systemic improvements for multi-cloud environments.
Conduct routine cloud security compliance checks, collect evidence for key controls, support internal assurance activities, report cloud security compliance gaps, and maintain accurate, audit ready evidence repositories across multi-cloud environments.
Prepare audit documentation and evidence, validate accuracy before escalation, support remediation of cloud audit findings, and contribute to regulatory submissions related to cloud security compliance.
Maintain clear cloud security governance documentation and evidence workflows and identify recurring misconfigurations for escalation and continuous improvement.
Job Requirements
Possess professional qualification with minimum Bachelor's degree in IT, Computer Science, Cybersecurity, or equivalent.
Professional certifications are highly preferred: Required/Preferred: CCSP, CISM, CISSP, AWS/Azure Security Specialty, ISO 27001/27017 Lead Implementer or Auditor or other related professional IT certifications (Cloud Security) will be an added advantage.
Proven experience as a Cloud Security Governance role.
Strong understanding of cloud computing and its security aspects. This includes knowledge of various cloud service models (IaaS, PaaS, SaaS) and deployment models (Public, Private, Hybrid, Community).
Experience in implementing and managing security controls in cloud environments, ensuring adherence to regulations and compliances.
Ability to design, develop and implement security strategies and governance in cloud environments, including risk assessments and mitigation strategies.
Strong understanding of cloud security architectures and shared responsibility models.
Hands-on experience with cloud platforms (e.g., AWS, Azure, GCP) and security tools (e.g., CSPM, CASB).
Knowledge of current cyber threats, defenses, and tools specific to the cloud environment. This includes understanding of encryption, intrusion detection systems, firewalls, and data loss prevention.
Proficiency in a variety of security frameworks (e.g., ISO 27001, NIST, CIS), laws, and regulations that impact cloud security.
