The Lead for Cloud Infrastructure and Security Technology will join the Technology Security division within the Group Strategy & Transformation function, reporting directly to the Group Head of Enterprise & Cloud Security.
This role serves as both a subject matter expert (SME) and technical leader, responsible for overseeing and ensuring the effective design and delivery of cloud services and projects at East-West Seed. This strategic position is crucial for driving the implementation of new projects, transformations, and initiatives, facilitating the smooth integration of cloud services throughout the organization.
Key Responsibilities:
Cloud Foundation Design and Implementation
- Serve as the technical lead and SME for cloud architecture and security, providing expert guidance on best practices for cloud architecture, design, and deployment.
- To support business initiatives, design and implement a secure and scalable cloud foundation across one or more cloud providers (e.g., Azure, AWS, and GCP).
- Define and implement cloud landing zone and security best practices and controls across the cloud foundation, including account structures, identity and access management (IAM), network topologies, security configuration, data protection and governance policies, standards, and procedures compliance with global regulations such as GDPR, ISO 27001, and NIST.
- Implement cost optimization strategies to monitor and control cloud spending and maintain a cloud cost management framework, including budgeting, forecasting, and reporting.
Cloud Security Technology
- Led the implementation of the One Identity solution to centralize and streamline identity management across EWS.
- Designed and oversaw the IAM service for Microsoft Entra ID (formerly Azure AD) and Google Directory, including technology selection, security architecture, and 1 II. Roles and Responsibilities integration with EWS ICT services to ensure robust authentication, authorization, and auditing capabilities.
- Focus on the analytical aspects of IAM, including user access reviews, policy enforcement, and reporting.
Privileged Access Management (PAM)
- Design, implement, and maintain the overall PAM service to protect and control elevated organizational access.
- Ensure secure provisioning, management, and monitoring of privileged accounts, and enforce session recording, password vaulting, and Just-In-Time (JIT) access to minimize risks associated with privileged accounts.
Service Management
- As a service owner, take responsibility for the entire lifecycle management of Cloud, IAM, and PAM services.
- Contribute to developing and aligning the service strategy with the EWS ICT strategy.
- Define Service Level Agreements (SLAs) and Key Performance Indicators (KPIs) to measure service performance. Collaborate with relevant ICT teams, service providers, and vendors to ensure service availability and quality comply with the defined SLAs and KPIs.
- Establish and maintain comprehensive documentation for design, implementation, and configuration ready for handing over to the ICT operation team.
- Stay up-to-date with the latest Cloud, IAM and PAM technologies, trends, and best practices with knowledge sharing with the related teams.
- Work cross-functionally with relevant ICT teams (e.g., Infrastructure and Digital applications) to enable service integrations, complying with security-by-design principles.
Key deliverables & success factors
- Ensure that a well-architected cloud foundation, cloud governance framework, cloud integration, and cost optimization strategy are delivered.
- Ensure access controls and privileged account security are fully operational, meet the organization's security policies, and align with compliance frameworks such as GDPR, ISO 27001, and NIST.
- Ensure quick identification, reporting, and mitigation of incidents related to the services.
Requirements & Qualification
- Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
- ICT Certificates
-CompTIA A+, Network+ or Security+ or CCNA or CCSA and
-Certified Solution Architect of AWS, Azure, or GCP
- Preferred certificates: Certified Cloud Security Professional (CCSP), Azure Security Engineer Associate preferred, or AWS Certified Security
- 5+ years of experience in infrastructure-related roles, with a strong foundation in IT systems, networking, and security.
- 3+ years of experience in cloud or related roles, with hands-on experience in Azure, AWS, or GCP.
- Proficiency in managing Microsoft Entra ID and other cloud identity and access management solutions, with hands-on experience in Microsoft Entra ID.
- Strong understanding of Privileged Access Management (PAM) solutions, their integration with cloud environments, and hands-on experience in PAM products.
- Experience with cloud security frameworks such as CIS Benchmarks and NIST guidelines.
- Knowledge of cloud security tools like Azure Security Center, AWS Security Hub, and Google Cloud Security Command Center.
