Associate Director, Cloud Security Architect - Remote

Job Description

KPMG is currently seeking a Cloud Security Architect to join our Digital Nexus organization. This is a remote work opportunity.

Responsibilities:

• Design secure cloud-native applications, platforms, core services and security controls across multiple public and private cloud environments including Azure, AWS, GCP and OpenShift; drive implementation efforts in a highly matrixed environment
• Serve as an internal senior trusted advisor providing security consulting services across multiple technical domains to project teams, the firm's partners and other senior members to provide advice on security and assist with compensating control alternatives where security requirements cannot be met; provide insights on multiple alternatives to solve challenges and explain trade-offs and risks
• Promote and foster collaboration and standardization across multiple internal federated technology groups based on common technology interests and priorities
• Develop and maintain effective working relationships with multiple public and private cloud vendors to advocate for product enhancements to meet the firm’s needs and inform internal stakeholders of forthcoming features of interest
• Develop and maintain effective working relationships with multiple internal federated technology groups at both a technical and leadership level to maintain alignment on technical strategies

Qualifications:

• Minimum eight years of recent security, application, and enterprise architecture experience, preferably within a professional services firm or similar environment
• Bachelor's degree from an accredited college or university; certifications requirements: CISSP and either CCSP or CCSK, or equivalent industry experience; other certifications of importance: MCSE: Cloud Platform and Infrastructure, AWS Certified Solutions Architect
• ​Deep technical expertise across multiple technical domains including application development, cloud computing, security, identity and access management and IT infrastructure; Experience in source code review, CI/CD tools, SAST and DAST tools and ability to provide consultation on vulnerability remediation and/or mitigation
• Experience in both designing and securing solutions in a complex and regulated enterprise environment to offer solutions in an “as-a-service” model; demonstrated ability to not only define security requirements but help teams implement them through collaborative architecture and engineering; demonstrated ability to design creative alternatives to work around gaps in vendor offerings to meet technical and security requirements
• Expert-level understanding of cloud computing architecture, technical design and implementations, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as Service (SaaS) and containerized delivery models across multiple different cloud vendors; Experience working with development and project teams to promote and ensure the use of secure coding practices; Provide guidance to developers on recommended controls and countermeasures
• Experience with modern delivery methodologies including Agile and DevSecOps; ability to work in a highly matrixed environment and influence teams through gathering consensus; experience with security related regulatory requirements, such as NIST, PCI, ISO 27001, HIPAA compliance