About the Role
We are seeking an experienced AWS / Cloud Security Manager to lead the design, governance, and continuous improvement of cloud security across enterprise AWS environments for a Singapore-based financial services organization.
The role focuses on AWS security architecture, multi-account governance, cloud threat detection, secure workload design, DevSecOps security, cloud compliance, and risk management in a highly regulated environment.
Key Responsibilities
AWS Security Architecture & Governance
⢠Design, govern, and enhance secure AWS cloud architectures aligned with business, risk, and regulatory requirements.
⢠Establish AWS multi-account security governance using AWS Organizations, Control Tower, SCPs, account baselines, and security guardrails.
⢠Define cloud security standards, reference architectures, onboarding patterns, and reusable security controls for AWS workloads.
⢠Lead cloud security architecture reviews for new workloads, migration projects, digital platforms, APIs, and third-party integrations.
⢠Drive defense-in-depth and zero-trust principles across AWS identity, network, workload, data, logging, and monitoring layers.
AWS Identity & Access Security
⢠Govern IAM, IAM Identity Center, federation, role-based access, permission boundaries, and least-privilege access models.
⢠Define privileged access management controls for AWS administrators, DevOps teams, application teams, and third-party users.
⢠Review IAM roles, policies, service-linked roles, access keys, cross-account access, and temporary access patterns.
⢠Establish access review, entitlement governance, and remediation processes for AWS accounts and workloads.
AWS Network & Perimeter Security
⢠Design secure VPC architectures including private subnets, route tables, NACLs, security groups, VPC endpoints, and private connectivity.
⢠Govern AWS network security patterns across Transit Gateway, VPC peering, hybrid connectivity, DNS security, and centralized inspection models.
⢠Manage perimeter security controls including AWS WAF, AWS Shield, API Gateway security, CloudFront security, load balancer security, and API protection.
⢠Define secure connectivity and segmentation standards for financial services workloads and cloud-connected infrastructure.
AWS Threat Detection, Logging & Monitoring
⢠Implement and enhance AWS threat detection using GuardDuty, Security Hub, CloudTrail, AWS Config, Inspector, Macie, Detective, CloudWatch, and EventBridge.
⢠Establish centralized logging, immutable audit trails, security telemetry collection, SIEM integration, and alert routing for AWS environments.
⢠Define detection use cases for suspicious IAM activity, data exposure, network anomalies, malware indicators, vulnerable workloads, and misconfigurations.
⢠Drive alert tuning, incident response playbooks, cloud investigation procedures, and continuous improvement of cloud detection capabilities.
AWS Data Protection & Workload Security
⢠Govern encryption, key management, secrets management, certificate management, and data protection controls using KMS, Secrets Manager, ACM, Macie, and S3 security controls.
⢠Define secure workload patterns for EC2, S3, RDS, Lambda, ECS/EKS, API Gateway, CloudFront, and serverless applications.
⢠Lead vulnerability management, patch governance, hardening baselines, container/image scanning, and remediation tracking for AWS workloads.
⢠Ensure backup security, recovery readiness, logging retention, and resilience controls are built into cloud workloads.
DevSecOps & Automation
⢠Integrate security into CI/CD pipelines, Infrastructure-as-Code workflows, cloud deployment processes, and release governance.
⢠Review Terraform and IaC templates for insecure configurations, excessive permissions, exposed services, weak encryption, and logging gaps.
⢠Implement automation for compliance checks, security alerts, remediation workflows, tagging governance, and operational reporting.
⢠Collaborate with DevOps, platform engineering, application, and infrastructure teams to embed cloud security into delivery practices.
Cloud Compliance & Risk Management
⢠Ensure AWS security controls align with MAS TRM, MAS Cyber Hygiene, PDPA, ISO 27001, NIST CSF, CIS Controls, and internal cloud security standards.
⢠Support cloud risk assessments, audit evidence collection, regulatory reviews, security exceptions, and remediation plans.
⢠Maintain cloud security metrics, risk dashboards, control maturity reporting, and management updates.
⢠Act as the cloud security liaison for audit, risk, compliance, infrastructure, application, and senior management stakeholders.
Vendor & Service Management
⢠Manage AWS security-related service providers, MSSPs, cloud partners, and technology vendors.
⢠Evaluate cloud security tools, CSPM/CWPP capabilities, threat detection platforms, and security automation solutions.
⢠Manage service reviews, SLAs, operational performance, renewals, and cloud security budget inputs.
Leadership & Stakeholder Management
⢠Lead and mentor cloud security engineers, analysts, and platform security contributors.
⢠Provide cloud security advisory to senior management, technology teams, risk committees, and project stakeholders.
⢠Translate AWS security risks into business impact, regulatory exposure, and actionable remediation priorities.
⢠Drive continuous improvement of AWS security maturity across people, process, technology, and governance.
Required Qualifications & Experience
Education & Experience
⢠Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Cloud Computing, or a related discipline.
⢠8-12 years of cybersecurity, cloud security, infrastructure security, or security architecture experience.
⢠At least 3-5 years of hands-on AWS security architecture, cloud governance, or cloud security leadership experience.
⢠Experience in financial services, banking, insurance, fintech, or regulated enterprise environments in Singapore or APAC.
AWS Technical Expertise
⢠Strong hands-on knowledge of AWS IAM, IAM Identity Center, Organizations, Control Tower, SCPs, Security Hub, GuardDuty, CloudTrail, Config, KMS, WAF, Shield, Inspector, Macie, Detective, CloudWatch, EventBridge, Secrets Manager, ACM, and Systems Manager.
⢠Strong understanding of AWS VPC security, Transit Gateway, VPC endpoints, private connectivity, DNS security, routing, segmentation, and hybrid cloud security.
⢠Experience securing AWS workloads including EC2, S3, RDS, Lambda, ECS/EKS, API Gateway, CloudFront, load balancers, and serverless architectures.
⢠Knowledge of Terraform, CI/CD security, IaC scanning, secrets detection, policy-as-code, and automated remediation.
Governance & Compliance Knowledge
⢠Strong understanding of MAS TRM, MAS Cyber Hygiene, PDPA, ISO 27001, NIST CSF, CIS Controls, and cloud risk management practices.
⢠Experience managing cloud security assessments, architecture reviews, audit remediation, compliance evidence, and risk reporting.
Soft Skills
⢠Strong leadership, communication, stakeholder management, and technical advisory skills.
⢠Ability to work with senior management, audit, risk, infrastructure, DevOps, application, and vendor teams.
⢠Strong analytical, problem-solving, documentation, and decision-making capabilities.
⢠Ability to operate effectively during cloud security incidents, urgent remediation efforts, and regulatory reviews.
Preferred Qualifications
⢠AWS Certified Security - Specialty.
⢠AWS Certified Solutions Architect - Professional or Associate.
⢠CISSP, CISM, CCSP, or equivalent cloud/security certification.
⢠Experience with CSPM, CWPP, CNAPP, SOAR, cloud detection engineering, threat hunting, container security, Kubernetes security, and policy-as-code.
⢠Familiarity with AI/ML workload security on AWS, including secure use of Amazon Bedrock, data protection, access governance, and logging controls.
Working hours:
Mon to Fri 9am - 6pm