Cloud Security Manager

As an experienced Cloud Security Manager, you will play a pivotal role in ensuring the security and integrity of our cloud-based infrastructure and services. You will supervise a small team of cloud security practitioners, ensuring the efficient and effective use of security technologies to protect our assets, mitigate risks, and preserve the confidentiality, integrity, and availability of our information systems.

This role involves a blend of technical expertise, stakeholder management skills, and communication capabilities to ensure the company's security posture is robust, efficient, and compliant with industry standards and regulations.

We’re quite passionate about protecting our colleagues and the ASOS brand, so we would love someone who can thrive and develop on an ever growing and changing security landscape.

Responsibilities:

• Lead a small team of cloud security practitioners, providing guidance, support, and mentorship to foster professional growth
• Contribute to and implement an overarching cloud security strategy aligned with business objectives, industry best practices, and regulatory requirements.
• Implement and maintain security controls and configurations for cloud-based environments, including but not limited to AWS, Azure, and Google Cloud Platform.
• Conduct risk assessments and security audits to identify vulnerabilities, threats, and compliance gaps within our cloud infrastructure.
• Develop a suite of metrics that allow the organisation to track vulnerabilities across multiple platforms and applications, while also tracking remediation progress and providing insight into key trends.
• Develop and enforce cloud security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
• Collaborate with cross-functional teams, including IT, DevOps, and development teams, to integrate security into the entire SDLC, cloud development lifecycle and cloud projects when needed.

Requirements

Qualifications/Experience/Skills

• Proven experience in cloud security expertise
• Azure Kubernetes Service (AKS) experience, alongside Kubernetes, Docker, policy as code and securing containers expertise
• In-depth knowledge of security frameworks, standards, and best practices (e.g., ISO 27001, NIST Cloud Security Framework, CIS hardening and the CSA CCM).
• Proven knowledge of “service wrappers” as they pertain to best practice around product/platform lifecycles
• Experience working with Microsoft cloud security technologies, especially Sentinel, Defender and Purview
• Experience working with other cloud security technologies and environments (e.g., AWS & GCP)
• Application security/DevSecOps knowledge is preferable, especially when applied to a Secure Software Development Life Cycle (SSDLC) framework