This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
The Principal Cloud Security Architect will lead the design, engineering, and delivery of cloud security solutions across RBC's Azure enterprise environment. This role owns end-to-end security architecture and hands-on implementation, drives enterprise-scale operationalisation of cloud security capabilities, embeds security into CI/CD pipelines and infrastructure-as-code, and partners with Regulatory, Compliance, and Audit functions to ensure controls meet regulatory frameworks and industry standards. The ideal candidate combines deep technical expertise with strategic leadership—equally comfortable whiteboarding architecture, writing the Terraform to implement it, and guiding teams through complex security transformations at scale.
Job Responsibility
Lead efforts to secure Azure cloud platform at RBC Brewin Dolphin, serving as the primary security subject matter expert for Azure-native services, identity, networking, and data protection controls
Lead, execute, and deliver on Cloud Security strategy and initiatives with measurable outcomes
Build, innovate, and mature Cloud Security Capabilities at RBC Brewin Dolphin
Lead the development of end-to-end technical cloud security design and architecture to ensure safe application on-boarding to meet sponsor/stakeholder needs, without impacting planned time to market timelines
Conduct threat modeling, security architecture assessments, and cloud service security reviews to ensure alignment with industry best practices and RBC's risk appetite
Architect and drive security strategy for Azure Kubernetes Service (AKS) and OpenShift Container Platform, including cluster hardening, admission control, runtime security, image assurance, network policy, secrets management, and workload identity
Define and implement security controls for Azure infrastructure supporting AI/ML workloads, including compute provisioning, networking, storage, identity, and platform services (Microsoft Foundry/Azure OpenAI Service, Azure Machine Learning)
Lead the enterprise deployment and operationalisation of Wiz CNAPP, including CSPM, CWPP, CIEM, DSPM, and container/Kubernetes security capabilities—driving policy-as-code, risk prioritisation, and remediation workflows at scale
Embed security into CI/CD pipelines and software supply chain (GitHub Actions, Terraform, ArgoCD, Helm) through automated scanning, policy enforcement, IaC security validation, and shift-left developer tooling
Lead and build preventative and detective controls/measures according to RBC Brewin Dolphin's cloud control objectives while using modern automation, config as code, and TDD principles to bring reliability
Lead and build automated reporting and monitoring solutions to provide feedback to developers and help them shift left and recognise security gaps early
Experience in hardening and safeguarding cloud services and preventing config drift with native or third-party tools (CSPM, IaaC, linter)
Architect, engineer, and deploy cloud security solutions end-to-end—owning the full lifecycle from design through implementation, testing, and production delivery
Partner with Regulatory, Compliance, and Audit teams to ensure cloud security controls satisfy industry standards, SOX, PCI-DSS, and internal risk frameworks—translating regulatory expectations into technical control implementations and evidence automation
Communicate and collaborate with application developers to remediate security vulnerabilities for their applications and/or resources
Work with cloud stakeholders to design, build, and validate Cloud Security controls
Ability to partner effectively with key stakeholders on complex projects with excellent communication, facilitation, and presentation skills.
Requirements
Demonstrable experience in Cyber Security, with a focus on cloud security architecture and engineering
Deep hands-on expertise with Microsoft Azure security (Defender for Cloud, Entra ID, Azure Policy, Network Security Groups, Private Link, Key Vault)
Strong knowledge and experience of cloud security frameworks and governance practices with extensive hands-on experience with Azure cloud platform
Strong experience securing Kubernetes at scale with AKS and/or OpenShift Container Platform—including admission controllers, OPA/Gatekeeper/Kyverno, service mesh security, and runtime protection
Hands-on experience with Wiz CNAPP (or equivalent CNAPP platform) in a large enterprise environment, including policy authoring, risk scoring, and integration with ticketing/remediation workflows
Experience securing CI/CD pipelines and infrastructure-as-code—GitHub Actions, Terraform (including Sentinel/OPA policy), container image pipelines, artifact signing, and SBOM generation
Demonstrated ability to operate as both a security architect and hands-on practitioner—willing to roll up sleeves and write IaC, policy-as-code, automation scripts, or pipeline configurations when needed
Demonstrated experience making architectural decisions based on simplicity, industry frameworks, scalability, and reusability
Ability to partner effectively with key stakeholders on complex programs with excellent communication, facilitation, and presentation skills.
Nice to have
Experience securing Azure infrastructure for AI/ML workloads—GPU-enabled VMs/node pools, high-bandwidth networking, large-scale storage, and managed AI platform services from a compute, network, and identity perspective
Recognisable security-related industry certifications (CISSP, CCSP, CCSK, OSCP)
Azure security certifications (SC-500, SC-100)
Kubernetes certifications (CKA, CKS) or Wiz certifications.
What we offer
A comprehensive Total Rewards Program including bonuses, flexible benefits and competitive compensation
Leaders who support your development through coaching and managing opportunities
Opportunities to work with the best in the field
Ability to make a difference and lasting impact
Work in a dynamic, collaborative, progressive, and high-performing team
A world-class training program in financial services.