Cloud Security Assurance Analyst at Equity Bank Kenya

Job Purpose:

The Cloud Security Assurance Analyst will be responsible for providing oversight, assurance, and governance of the bank’s cloud security architecture. This role focuses on reviewing, validating, and assuring that security designs, controls, and implementations within Equity’s cloud environments meet regulatory requirements, industry best practices, and the bank’s internal security standards.

Key emphasis will be on evaluating proposed solutions, identifying risks, recommending improvements, and providing independent assurance that cloud deployments and services safeguard the bank’s assets and customer data.

The Cloud Security Assurance Analyst will work closely with development, operations, and security teams to ensure the cloud infrastructure and applications are secure, compliant, and resilient against modern threats.

Job Responsibilities/ Accountabilities:

Cloud Governance and Technical Assurance:

• Provide governance and technical assurance over the security architecture of cloud platforms (Oracle Cloud Infrastructure, Azure, Huawei Cloud Platform), ensuring that proposed and implemented designs align with the enterprise security strategy, regulatory requirements, and industry best practices.
• Provide assurance and oversight on the definition and effectiveness of security controls for cloud services—including identity and access management (IAM), encryption, key management, data protection, and network security—ensuring they are properly designed, implemented, and aligned with enterprise security policies and regulatory requirements.
• Oversee and provide assurance on the establishment and maintenance of cloud security policies, standards, and procedures, ensuring they drive compliance with regulatory requirements (e.g., GDPR, PCI-DSS, HIPAA) and align with recognized security best practices.
• Conduct security assessments, vulnerability scans, and penetration testing to identify security risks in the cloud infrastructure. Provide recommendations for risk mitigation and security improvements.
• Lead efforts to harden cloud services and environments by configuring appropriate security settings, monitoring access controls, and enforcing security baselines.
• Provide oversight and technical assurance on the design and effectiveness of IAM frameworks, role-based access control (RBAC), and multi-factor authentication (MFA) to ensure secure and compliant user and application access to cloud resources.
• Work with DevOps and development teams to integrate security into CI/CD pipelines and cloud-native application development (DevSecOps). Implement automation to ensure security is maintained across cloud deployments.
• Collaborate with the Security Operations Center (SOC) and Incident Response teams to monitor, detect, and respond to cloud-specific security threats. Implement cloud-native security monitoring solutions if required.
• Ensure cloud environments comply with internal security policies and external regulatory standards. Work with compliance teams to implement audit controls and manage third-party audits of cloud infrastructure.
• Provide cloud security guidance and best practices to technical teams and ensure that secure coding, deployment, and management practices are followed.
• Advise on the security implications of migrating on-premises workloads to the cloud. Provide security guidance for hybrid and multi-cloud environments, ensuring consistency in security controls.
• Maintain documentation for cloud security architectures, configurations, and processes. Produce regular reports on cloud security posture and recommend actions for improvements.

Qualifications

Knowledge and Experience

• Education: A Degree in Computer Science, Information Security, Cybersecurity, or a related field (Masters’ degree, an added advantage). 
• Experience: Minimum of 4-6 years of hands-on experience in information security, with at least 2+ years focused on cloud security. 
• Proven experience designing and securing cloud-native services such as containers (Docker, Kubernetes), serverless architectures (AWS Lambda, Azure Functions), and microservices. 
•  Familiarity with cloud security frameworks and guidelines (e.g., Cloud Well-Architected Framework, CIS Benchmarks, Cloud Security Alliance Cloud Control Matrix). · 
• Experience with cloud-native security tools and services. 
•  Expertise in deploying and managing secure network architectures in cloud environments (Azure, HCP, OCI).
• Knowledge of secure cloud networking (VPCs, security groups, network peering) and data protection practices. ·
• Expertise in designing secure cloud infrastructure using Infrastructure-as-Code (IaC) tools like Terraform, CloudFormation, and Ansible. 
•  Deep understanding of cloud security controls, including identity and access management (IAM), Data Encryption, Keys & Secrets Management, Firewalls, VPNs, and security groups. 

Certifications (Preferred) ·

• Certificate of Cloud Security Knowledge (CCSK) or Certified Cloud Security Professional (CCSP) ·
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA)
•  AWS Certified Security – Specialty or Microsoft Azure Security Architect or Microsoft Azure Security Engineer.

Key Critical Competencies 

• Strong analytical, problem-solving, and critical-thinking abilities. 
• Excellent written and verbal communication skills. 
• Ability to work independently and collaboratively with cross-functional teams. 
• Strong organizational skills and attention to detail. 
• Ability to translate technical security concepts into business-friendly language. 
• Mentoring and teaching. 
• Technology Awareness and Management.