The Staff, Cloud Security Architect will lead the design, engineering, and delivery of cloud security solutions across RBC's enterprise environment, with a primary focus on Azure, multi-cloud Kubernetes (AKS, EKS, OpenShift), and AI infrastructure platforms. This role owns end-to-end security architecture and hands-on implementation, drives enterprise-scale operationalisation of Wiz CNAPP, embeds security into CI/CD pipelines and infrastructure-as-code, and partners with Regulatory, Compliance, and Audit functions to ensure controls meet OSFI and industry standards. The ideal candidate combines deep technical expertise with a delivery mindset, equally comfortable whiteboarding architecture and writing the Terraform to implement it, thriving in a fast-paced environment securing cloud platforms at scale.
Key Responsibilities
You will lead the design, implementation, and maturation of Azure cloud security architecture across RBC's enterprise environment, serving as the primary security subject matter expert for Azure-native services, identity, networking, and data protection controls. You will also architect and drive the security strategy for multi-cloud Kubernetes platforms, including cluster hardening, admission control, runtime security, image assurance, network policy, secrets management, and workload identity. Additionally, you will define and implement security controls for cloud infrastructure supporting AI/ML workloads across public and private platforms, covering compute provisioning, networking, storage, identity, and platform services such as Microsoft Foundry / Azure OpenAI Service, AWS Bedrock, and SageMaker infrastructure.
This role involves leading the enterprise deployment and operationalisation of Wiz CNAPP, encompassing CSPM, CWPP, CIEM, DSPM, and container/Kubernetes security capabilities, driving policy-as-code, risk prioritisation, and remediation workflows at scale. You will embed security into CI/CD pipelines and the software supply chain through automated scanning, policy enforcement, IaC security validation, and shift-left developer tooling. Furthermore, you will architect, engineer, and deploy cloud security solutions end-to-end, owning the full lifecycle from design through implementation, testing, and production delivery, partnering with DevSecOps teams for ongoing control development, automation, and operational deployment at scale.
You will partner with Regulatory, Compliance, and Audit teams to ensure cloud security controls satisfy OSFI, SOX, PCI-DSS, and internal risk frameworks, translating regulatory expectations into technical control implementations and evidence automation. Conducting threat modelling, security architecture assessments, and cloud service security reviews will be crucial to ensure alignment with industry best practices and RBC's risk appetite. You will also build automated reporting, monitoring, and feedback mechanisms that enable development teams to identify and remediate security gaps early in the development lifecycle, communicating and collaborating across engineering, platform, and application teams to drive remediation of security vulnerabilities and configuration drift. Ultimately, you will lead, execute, and deliver on Cloud Security strategy and initiatives with measurable outcomes.
Qualifications & Experience
To succeed in this role, you must have 7+ years of demonstrated experience in Cyber Security, with at least 5 years focused on cloud security architecture and engineering. Deep hands-on expertise with Microsoft Azure security, including Defender for Cloud, Entra ID, Azure Policy, Network Security Groups, Private Link, and Key Vault, is essential. Strong experience securing Kubernetes at scale across at least two platforms like AKS, EKS, or OpenShift Container Platform, including admission controllers, OPA/Gatekeeper/Kyverno, service mesh security, and runtime protection, is also required. You should have hands-on experience with Wiz CNAPP or an equivalent CNAPP platform in a large enterprise environment, covering policy authoring, risk scoring, and integration with ticketing/remediation workflows. Experience securing CI/CD pipelines and infrastructure-as-code, such as GitHub Actions, Terraform (including Sentinel/OPA policy), container image pipelines, artifact signing, and SBOM generation, is critical. Demonstrated ability to work with regulatory and audit functions like OSFI, SOX, PCI-DSS, and SOC 2 to map cloud security controls to comply with requirements and produce audit-ready evidence is necessary. The ideal candidate can operate as both a security architect and a hands-on practitioner, willing to write IaC, policy-as-code, automation scripts, or pipeline configurations when needed, not solely a design-and-delegate role. Experience making architectural decisions based on simplicity, industry frameworks, scalability, and reusability, coupled with the ability to partner effectively with key stakeholders on complex programs with excellent communication, facilitation, and presentation skills, completes the essential qualifications.
Valuable assets for this role include experience securing cloud infrastructure for AI/ML workloads, covering GPU-enabled VMs/node pools, high-bandwidth networking, large-scale storage, and managed AI platform services from a compute, network, and identity perspective. Experience with GCP security, such as Security Command Center, Cloud Armor, VPC Service Controls, IAM, and Chronicle, demonstrating multi-cloud breadth across Azure, AWS, and GCP, would be beneficial. Relevant certifications like Kubernetes certifications (CKS, CKA), Wiz certifications, Azure security certifications (AZ-500, SC-100), or equivalent cloud certifications, along with industry certifications such as CISSP, CCSP, or CCSK, are a plus. Familiarity with runtime security tooling like Falco, Prisma Cloud Compute, Aqua, or Wiz Runtime Sensor, and software supply chain security frameworks such as SLSA, NIST SSDF, or Sigstore, would be advantageous. A strong understanding of security technologies, including CNAPP, CSPM, CWPP, CIEM, SIEM, WAF, API security, IAM, secrets management, PKI, and zero-trust networking, is also desirable. An undergraduate degree in a technical field or equivalent experience is preferred.
What We Offer
At RBC, we thrive on the challenge to be our best, fostering progressive thinking to keep growing, and working together to deliver trusted advice that helps our clients thrive and communities prosper. We care deeply about each other, supporting everyone in reaching their potential, making a difference to our communities, and achieving mutual success. You will join a dynamic, collaborative, progressive, and high-performing team where you can make a lasting impact.
We offer a comprehensive Total Rewards Program, including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable. Leaders are committed to supporting your development through coaching and managing opportunities. You will find a world-class training program in financial services and opportunities to engage in challenging work at the intersection of cloud, security, and AI, with pathways to take on progressively greater accountabilities.
