Staff Cloud Security Architect (Global Security)

Job Description

What is the Opportunity?

The Staff, Cloud Security Architect will lead the design, engineering, and delivery of cloud security solutions across RBC's enterprise environment with primary focus on Azure, multi-cloud Kubernetes (AKS, EKS, OpenShift), and AI infrastructure platforms. This role owns end-to-end security architecture and hands-on implementation, drives enterprise-scale operationalization of Wiz CNAPP, embeds security into CI/CD pipelines and infrastructure-as-code, and partners with Regulatory, Compliance, and Audit functions to ensure controls meet OSFI and industry standards. The ideal candidate combines deep technical expertise with a delivery mindset equally comfortable whiteboarding architecture and writing the Terraform to implement it and thrives in a fast-paced environment securing cloud platforms at scale.

What Will You Do?

• Lead the design, implementation, and maturation of Azure cloud security architecture across RBC's enterprise environment, serving as the primary security subject matter expert for Azure-native services, identity, networking, and data protection controls
• Architect and drive security strategy for multi-cloud Kubernetes platforms (AKS, EKS, and OpenShift Container Platform), including cluster hardening, admission control, runtime security, image assurance, network policy, secrets management, and workload identity
• Define and implement security controls for cloud infrastructure supporting AI/ML workloads across public and private platforms, including compute provisioning, networking, storage, identity, and platform services (Microsoft Foundry / Azure OpenAI Service, AWS Bedrock, SageMaker infrastructure)
• Lead the enterprise deployment and operationalization of Wiz CNAPP, including CSPM, CWPP, CIEM, DSPM, and container/Kubernetes security capabilities driving policy-as-code, risk prioritization, and remediation workflows at scale
• Embed security into CI/CD pipelines and software supply chain (GitHub Actions, Terraform, ArgoCD, Helm) through automated scanning, policy enforcement, IaC security validation, and shift-left developer tooling
• Architect, engineer, and deploy cloud security solutions end-to-end owing the full lifecycle from design through implementation, testing, and production delivery — and partner with DevSecOps teams for ongoing control development, automation, and operational deployment at scale
• Partner with Regulatory, Compliance, and Audit teams to ensure cloud security controls satisfy OSFI, SOX, PCI-DSS, and internal risk frameworks translating regulatory expectations into technical control implementations and evidence automation
• Conduct threat modeling, security architecture assessments, and cloud service security reviews to ensure alignment with industry best practices and RBC's risk appetite
• Build automated reporting, monitoring, and feedback mechanisms that enable development teams to identify and remediate security gaps early in the development lifecycle
• Communicate and collaborate across engineering, platform, and application teams to drive remediation of security vulnerabilities and configuration drift
• Lead, execute, and deliver on Cloud Security strategy and initiatives with measurable outcomes
  

What Do You Need to Succeed?
Must Have:

• 7+ years of demonstrated experience in Cyber Security, with 5+ years focused on cloud security architecture and engineering
• Deep hands-on expertise with Microsoft Azure security (Defender for Cloud, Entra ID, Azure Policy, Network Security Groups, Private Link, Key Vault)
• Strong experience securing Kubernetes at scale across at least two of: AKS, EKS, or OpenShift Container Platform including admission controllers, OPA/Gatekeeper/Kyverno, service mesh security, and runtime protection
• Hands-on experience with Wiz CNAPP (or equivalent CNAPP platform) in a large enterprise environment, including policy authoring, risk scoring, and integration with ticketing/remediation workflows
• Experience securing CI/CD pipelines and infrastructure-as-code GitHub Actions, terraform (including Sentinel/OPA policy), container image pipelines, artifact signing, and SBOM generation
• Demonstrated ability to work with regulatory and audit functions (OSFI, SOX, PCI-DSS, SOC 2) to map cloud security controls to comply with requirements and produce audit-ready evidence
• Demonstrated ability to operate as both a security architect and hands-on practitioner willing to roll up sleeves and write IaC, policy-as-code, automation scripts, or pipeline configurations when needed, not solely a design-and-delegate role
• Experience making architectural decisions based on simplicity, industry frameworks, scalability, and reusability
• Ability to partner effectively with key stakeholders on complex programs with excellent communication, facilitation, and presentation skills
  

Nice-to-Have:

• Experience securing cloud infrastructure for AI/ML workloads GPU-enabled VMs/node pools, high-bandwidth networking, large-scale storage, and managed AI platform services from a compute, network, and identity perspective
• Experience with GCP security (Security Command Center, Cloud Armor, VPC Service Controls, IAM, Chronicle) multi-cloud breadth across Azure, AWS, and GCP is an asset
• Kubernetes certifications (CKS, CKA) or Wiz certifications
• Azure security certifications (AZ-500, SC-100) or equivalent cloud certifications
• Industry certifications (CISSP, CCSP, CCSK)
• Experience with runtime security tooling (Falco, Prisma Cloud Compute, Aqua, or Wiz Runtime Sensor)
• Familiarity with software supply chain security frameworks (SLSA, NIST SSDF, Sigstore)
• Strong understanding of security technologies: CNAPP, CSPM, CWPP, CIEM, SIEM, WAF, API security, IAM, secrets management, PKI, and zero-trust networking
• Undergraduate degree in a technical field or equivalent experience
  

What's In It for You?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable
• Leaders who support your development through coaching and managing opportunities
• Ability to make a difference and lasting impact
• Work in a dynamic, collaborative, progressive, and high-performing team
• A world-class training program in financial services
• Opportunities to do challenging work at the intersection of cloud, security, and AI
• Opportunities to take on progressively greater accountabilities

#LI-POST

#Techpj

Job Skills

AI Agent Security, AI for Cybersecurity, AI Security, Architectural Modeling, Cloud Computing, Cloud Computing Architecture, Cloud Infrastructure, Cloud Platform, Cloud Security Architecture, Critical Thinking, Cybersecurity Analytics, Kubernetes, Microsoft Azure, Multi-Level Communication

Additional Job Details

Address:

16 YORK ST:TORONTO

City:

Toronto

Country:

Canada

Work hours/week:

37.5

Employment Type:

Full time

Platform:

TECHNOLOGY AND OPERATIONS

Job Type:

Regular

Pay Type:

Salaried

Posted Date:

2026-05-21

Application Deadline:

2026-06-15

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above

Our Employment Opportunities

At RBC, we are guided by living shared values of Client First, Integrity, Collaboration, Respect and Excellence and winning together as One RBC. We believe an inclusive workplace that has diverse perspectives is core to our continued growth as one of the largest and most successful banks in the world. Maintaining a workplace where our employees feel supported to perform at their best, effectively collaborate, drive innovation, and grow professionally helps to bring our Purpose to life and create value for our clients and communities. RBC strives to deliver this through policies and programs intended to foster a workplace based on respect, belonging and opportunity for all.

Join our Talent Community

Stay in-the-know about great career opportunities at RBC. Sign up and get customized info on our latest jobs, career tips and Recruitment events that matter to you.

Expand your limits and create a new future together at RBC. Find out how we use our passion and drive to enhance the well-being of our clients and communities at jobs.rbc.com.

RBC is presently inviting candidates to apply for this existing vacancy. Applying to this posting allows you to express your interest in this current career opportunity at RBC. Qualified applicants may be contacted to review their resume in more detail.