Job DescriptionWhat is the Opportunity?The Cloud Security Architect will lead the design, engineering, and delivery of cloud security solutions across RBC's enterprise environment with primary focus on Azure, multi-cloud Kubernetes (AKS, EKS, OpenShift), and AI infrastructure platforms. This role owns end-to-end security architecture and hands-on implementation, drives enterprise-scale operationalization of Wiz CNAPP, embeds security into CI/CD pipelines and infrastructure-as-code, and partners with Regulatory, Compliance, and Audit functions to ensure controls meet OSFI and industry standards. The ideal candidate combines deep technical expertise with a delivery mindset equally comfortable whiteboarding architecture and writing the Terraform to implement it and thrives in a fast-paced environment securing cloud platforms at scale.
What Will You Do? - Lead the design, implementation, and maturation of Azure cloud security architecture across RBC's enterprise environment, serving as the primary security subject matter expert for Azure-native services, identity, networking, and data protection controls
- Architect and drive security strategy for multi-cloud Kubernetes platforms (AKS, EKS, and OpenShift Container Platform), including cluster hardening, admission control, runtime security, image assurance, network policy, secrets management, and workload identity
- Define and implement security controls for cloud infrastructure supporting AI/ML workloads across public and private platforms, including compute provisioning, networking, storage, identity, and platform services (Microsoft Foundry / Azure OpenAI Service, AWS Bedrock, SageMaker infrastructure)
- Lead the enterprise deployment and operationalization of Wiz CNAPP, including CSPM, CWPP, CIEM, DSPM, and container/Kubernetes security capabilities driving policy-as-code, risk prioritization, and remediation workflows at scale
- Embed security into CI/CD pipelines and software supply chain (GitHub Actions, Terraform, ArgoCD, Helm) through automated scanning, policy enforcement, IaC security validation, and shift-left developer tooling
- Architect, engineer, and deploy cloud security solutions end-to-end owing the full lifecycle from design through implementation, testing, and production delivery - and partner with DevSecOps teams for ongoing control development, automation, and operational deployment at scale
- Partner with Regulatory, Compliance, and Audit teams to ensure cloud security controls satisfy OSFI, SOX, PCI-DSS, and internal risk frameworks translating regulatory expectations into technical control implementations and evidence automation
- Conduct threat modeling, security architecture assessments, and cloud service security reviews to ensure alignment with industry best practices and RBC's risk appetite
- Build automated reporting, monitoring, and feedback mechanisms that enable development teams to identify and remediate security gaps early in the development lifecycle
- Communicate and collaborate across engineering, platform, and application teams to drive remediation of security vulnerabilities and configuration drift
- Lead, execute, and deliver on Cloud Security strategy and initiatives with measurable outcomes
What Do You Need to Succeed?
Must Have:- 7+ years of demonstrated experience in Cyber Security, with 5+ years focused on cloud security architecture and engineering
- Deep hands-on expertise with Microsoft Azure security (Defender for Cloud, Entra ID, Azure Policy, Network Security Groups, Private Link, Key Vault)
- Strong experience securing Kubernetes at scale across at least two of: AKS, EKS, or OpenShift Container Platform including admission controllers, OPA/Gatekeeper/Kyverno, service mesh security, and runtime protection
- Hands-on experience with Wiz CNAPP (or equivalent CNAPP platform) in a large enterprise environment, including policy authoring, risk scoring, and integration with ticketing/remediation workflows
- Experience securing CI/CD pipelines and infrastructure-as-code GitHub Actions, terraform (including Sentinel/OPA policy), container image pipelines, artifact signing, and SBOM generation
- Demonstrated ability to work with regulatory and audit functions (OSFI, SOX, PCI-DSS, SOC 2) to map cloud security controls to comply with requirements and produce audit-ready evidence
- Demonstrated ability to operate as both a security architect and hands-on practitioner willing to roll up sleeves and write IaC, policy-as-code, automation scripts, or pipeline configurations when needed, not solely a design-and-delegate role
- Experience making architectural decisions based on simplicity, industry frameworks, scalability, and reusability
- Ability to partner effectively with key stakeholders on complex programs with excellent communication, facilitation, and presentation skills
Nice-to-Have:- Experience securing cloud infrastructure for AI/ML workloads GPU-enabled VMs/node pools, high-bandwidth networking, large-scale storage, and managed AI platform services from a compute, network, and identity perspective
- Experience with GCP security (Security Command Center, Cloud Armor, VPC Service Controls, IAM, Chronicle) multi-cloud breadth across Azure, AWS, and GCP is an asset
- Kubernetes certifications (CKS, CKA) or Wiz certifications
- Azure security certifications (AZ-500, SC-100) or equivalent cloud certifications
- Industry certifications (CISSP, CCSP, CCSK)
- Experience with runtime security tooling (Falco, Prisma Cloud Compute, Aqua, or Wiz Runtime Sensor)
- Familiarity with software supply chain security frameworks (SLSA, NIST SSDF, Sigstore)
- Strong understanding of security technologies: CNAPP, CSPM, CWPP, CIEM, SIEM, WAF, API security, IAM, secrets management, PKI, and zero-trust networking
- Undergraduate degree in a technical field or equivalent experience
What's In It for You? - A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable
- Leaders who support your development through coaching and managing opportunities
- Ability to make a difference and lasting impact
- Work in a dynamic, collaborative, progressive, and high-performing team
- A world-class training program in financial services
- Opportunities to do challenging work at the intersection of cloud, security, and AI
- Opportunities to take on progressively greater accountabilities
#LI-POST
#Techpj
Job SkillsAI Agent Security, AI for Cybersecurity, Architectural Modeling, Cloud Computing, Cloud Computing Architecture, Cloud Infrastructure, Cloud Platform, Cloud Security Architecture, Critical Thinking, Cybersecurity Analytics, Kubernetes, Microsoft Azure, Multi-Level Communication
Additional Job DetailsAddress:16 YORK ST:TORONTO
City:Toronto
Country:Canada
Work hours/week:37.5
Employment Type:Full time
Platform:TECHNOLOGY AND OPERATIONS
Job Type:Regular
Pay Type:Salaried
Posted Date:2026-05-21
Application Deadline:2026-07-27
Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above