Cloud Security Architect at Equity Bank Kenya

Role Description:

The Cloud Security Architect will be responsible for designing, implementing, and maintaining the security architecture for Equity’s cloud environments. This role requires a deep understanding of cloud platforms, security best practices, and a proactive approach to safeguarding Equity’s assets in the cloud. The Cloud Security Architect will work closely with development, operations, and security teams to ensure the cloud infrastructure and applications are secure, compliant, and resilient against modern threats.

Responsibility:

• Design and implement a comprehensive security architecture for cloud platforms such as Oracle Cloud Infrastructure, Azure, and Huawei Cloud Platform (HCP), ensuring it aligns with the overall enterprise security strategy.
• Define and implement security controls for cloud services, including identity and access management (IAM), encryption, key management, data protection, and network security.
• Establish cloud security policies, standards, and procedures to ensure compliance with regulatory requirements (GDPR, PCI-DSS, HIPAA, etc.) and security best practices.
• Conduct security assessments, vulnerability scans, and penetration testing to identify security risks in the cloud infrastructure. Provide recommendations for risk mitigation and security improvements.
• Lead efforts to harden cloud services and environments by configuring appropriate security settings, monitoring access controls, and enforcing security baselines.
• Design and implement IAM frameworks, role-based access control (RBAC), and multi-factor authentication (MFA) for secure user and application access to cloud resources.
• Work with DevOps and development teams to integrate security into CI/CD pipelines and cloud-native application development (DevSecOps). Implement automation to ensure security is maintained across cloud deployments.
• Collaborate with the Security Operations Center (SOC) and Incident Response teams to monitor, detect, and respond to cloud-specific security threats. Implement cloud-native security monitoring solutions if required.
• Ensure cloud environments comply with internal security policies and external regulatory standards. Work with compliance teams to implement audit controls and manage third-party audits of cloud infrastructure.
• Provide cloud security guidance and best practices to technical teams and ensure that secure coding, deployment, and management practices are followed.
• Advise on the security implications of migrating on-premises workloads to the cloud. Provide security guidance for hybrid and multi-cloud environments, ensuring consistency in security controls.
• Maintain documentation for cloud security architectures, configurations, and processes. Produce regular reports on cloud security posture and recommend actions for improvements.

Qualifications:

• Education: A Degree in Computer Science, Information Security, Cybersecurity, or a related field (Masters’ degree, an added advantage).
• Experience: Minimum of 5-8 years of hands-on experience in information security, with at least 2+ years focused on cloud security.
• Proven experience designing and securing cloud-native services such as containers (Docker, Kubernetes), serverless architectures (AWS Lambda, Azure Functions), and microservices.
• Familiarity with cloud security frameworks and guidelines (e.g., Cloud Well-Architected Framework, CIS Benchmarks, Cloud Security Alliance Cloud Control Matrix).
• Experience with cloud-native security tools and services.
• Expertise in deploying and managing secure network architectures in cloud environments (Azure, HCP, OCI).
• Knowledge of secure cloud networking (VPCs, security groups, network peering) and data protection practices.
• Expertise in designing secure cloud infrastructure using Infrastructure-as-Code (IaC) tools like Terraform, CloudFormation, and Ansible.
• Deep understanding of cloud security controls, including identity and access management (IAM), Data Encryption, Keys & Secrets Management, Firewalls, VPNs, and security groups.
• Certifications (Preferred):
  • Certificate of Cloud Security Knowledge (CCSK) or Certified Cloud Security Professional (CCSP).
  • Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).
  • AWS Certified Security – Specialty or Microsoft Azure Security Architect or Microsoft Azure Security Engineer.