Logo-of-Flintex-Consulting--hiring-for-jobs-in-Malaysia-on-GrabJobs

AWS /Cloud Security Manager

Penerangan Pekerjaan - AWS /Cloud Security Manager




About the Role



We are seeking an experienced AWS / Cloud Security Manager to lead the design, governance, and continuous improvement of cloud security across enterprise AWS environments for a Singapore-based financial services organization.



The role focuses on AWS security architecture, multi-account governance, cloud threat detection, secure workload design, DevSecOps security, cloud compliance, and risk management in a highly regulated environment.







Key Responsibilities



AWS Security Architecture & Governance



• Design, govern, and enhance secure AWS cloud architectures aligned with business, risk, and regulatory requirements.



• Establish AWS multi-account security governance using AWS Organizations, Control Tower, SCPs, account baselines, and security guardrails.



• Define cloud security standards, reference architectures, onboarding patterns, and reusable security controls for AWS workloads.



• Lead cloud security architecture reviews for new workloads, migration projects, digital platforms, APIs, and third-party integrations.



• Drive defense-in-depth and zero-trust principles across AWS identity, network, workload, data, logging, and monitoring layers.







AWS Identity & Access Security



• Govern IAM, IAM Identity Center, federation, role-based access, permission boundaries, and least-privilege access models.



• Define privileged access management controls for AWS administrators, DevOps teams, application teams, and third-party users.



• Review IAM roles, policies, service-linked roles, access keys, cross-account access, and temporary access patterns.



• Establish access review, entitlement governance, and remediation processes for AWS accounts and workloads.







AWS Network & Perimeter Security



• Design secure VPC architectures including private subnets, route tables, NACLs, security groups, VPC endpoints, and private connectivity.



• Govern AWS network security patterns across Transit Gateway, VPC peering, hybrid connectivity, DNS security, and centralized inspection models.



• Manage perimeter security controls including AWS WAF, AWS Shield, API Gateway security, CloudFront security, load balancer security, and API protection.



• Define secure connectivity and segmentation standards for financial services workloads and cloud-connected infrastructure.







AWS Threat Detection, Logging & Monitoring



• Implement and enhance AWS threat detection using GuardDuty, Security Hub, CloudTrail, AWS Config, Inspector, Macie, Detective, CloudWatch, and EventBridge.



• Establish centralized logging, immutable audit trails, security telemetry collection, SIEM integration, and alert routing for AWS environments.



• Define detection use cases for suspicious IAM activity, data exposure, network anomalies, malware indicators, vulnerable workloads, and misconfigurations.



• Drive alert tuning, incident response playbooks, cloud investigation procedures, and continuous improvement of cloud detection capabilities.







AWS Data Protection & Workload Security



• Govern encryption, key management, secrets management, certificate management, and data protection controls using KMS, Secrets Manager, ACM, Macie, and S3 security controls.



• Define secure workload patterns for EC2, S3, RDS, Lambda, ECS/EKS, API Gateway, CloudFront, and serverless applications.



• Lead vulnerability management, patch governance, hardening baselines, container/image scanning, and remediation tracking for AWS workloads.



• Ensure backup security, recovery readiness, logging retention, and resilience controls are built into cloud workloads.







DevSecOps & Automation



• Integrate security into CI/CD pipelines, Infrastructure-as-Code workflows, cloud deployment processes, and release governance.



• Review Terraform and IaC templates for insecure configurations, excessive permissions, exposed services, weak encryption, and logging gaps.



• Implement automation for compliance checks, security alerts, remediation workflows, tagging governance, and operational reporting.



• Collaborate with DevOps, platform engineering, application, and infrastructure teams to embed cloud security into delivery practices.







Cloud Compliance & Risk Management



• Ensure AWS security controls align with MAS TRM, MAS Cyber Hygiene, PDPA, ISO 27001, NIST CSF, CIS Controls, and internal cloud security standards.



• Support cloud risk assessments, audit evidence collection, regulatory reviews, security exceptions, and remediation plans.



• Maintain cloud security metrics, risk dashboards, control maturity reporting, and management updates.



• Act as the cloud security liaison for audit, risk, compliance, infrastructure, application, and senior management stakeholders.







Vendor & Service Management



• Manage AWS security-related service providers, MSSPs, cloud partners, and technology vendors.



• Evaluate cloud security tools, CSPM/CWPP capabilities, threat detection platforms, and security automation solutions.



• Manage service reviews, SLAs, operational performance, renewals, and cloud security budget inputs.







Leadership & Stakeholder Management



• Lead and mentor cloud security engineers, analysts, and platform security contributors.



• Provide cloud security advisory to senior management, technology teams, risk committees, and project stakeholders.



• Translate AWS security risks into business impact, regulatory exposure, and actionable remediation priorities.



• Drive continuous improvement of AWS security maturity across people, process, technology, and governance.







Required Qualifications & Experience



Education & Experience



• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Cloud Computing, or a related discipline.



• 8-12 years of cybersecurity, cloud security, infrastructure security, or security architecture experience.



• At least 3-5 years of hands-on AWS security architecture, cloud governance, or cloud security leadership experience.



• Experience in financial services, banking, insurance, fintech, or regulated enterprise environments in Singapore or APAC.



AWS Technical Expertise



• Strong hands-on knowledge of AWS IAM, IAM Identity Center, Organizations, Control Tower, SCPs, Security Hub, GuardDuty, CloudTrail, Config, KMS, WAF, Shield, Inspector, Macie, Detective, CloudWatch, EventBridge, Secrets Manager, ACM, and Systems Manager.



• Strong understanding of AWS VPC security, Transit Gateway, VPC endpoints, private connectivity, DNS security, routing, segmentation, and hybrid cloud security.



• Experience securing AWS workloads including EC2, S3, RDS, Lambda, ECS/EKS, API Gateway, CloudFront, load balancers, and serverless architectures.



• Knowledge of Terraform, CI/CD security, IaC scanning, secrets detection, policy-as-code, and automated remediation.



Governance & Compliance Knowledge



• Strong understanding of MAS TRM, MAS Cyber Hygiene, PDPA, ISO 27001, NIST CSF, CIS Controls, and cloud risk management practices.



• Experience managing cloud security assessments, architecture reviews, audit remediation, compliance evidence, and risk reporting.







Soft Skills



• Strong leadership, communication, stakeholder management, and technical advisory skills.



• Ability to work with senior management, audit, risk, infrastructure, DevOps, application, and vendor teams.



• Strong analytical, problem-solving, documentation, and decision-making capabilities.



• Ability to operate effectively during cloud security incidents, urgent remediation efforts, and regulatory reviews.







Preferred Qualifications



• AWS Certified Security - Specialty.



• AWS Certified Solutions Architect - Professional or Associate.



• CISSP, CISM, CCSP, or equivalent cloud/security certification.



• Experience with CSPM, CWPP, CNAPP, SOAR, cloud detection engineering, threat hunting, container security, Kubernetes security, and policy-as-code.



• Familiarity with AI/ML workload security on AWS, including secure use of Amazon Bedrock, data protection, access governance, and logging controls.







Working hours:



Mon to Fri 9am - 6pm



Original job AWS /Cloud Security Manager posted on GrabJobs ©. To flag any issues with this job please use the Report Job button on GrabJobs.
Share Job
Share Job

Similar AWS Cloud Security Manager Jobs in Malaysia

GrabJobs ialah portal pekerjaan no1 di Malaysia, menghubungkan anda dengan beribu-ribu pekerjaan dengan pantas! Cari kerja terbaik di Malaysia, mohon dalam 1 klik dan dapatkan pekerjaan hari ini!

Aplikasi Mudah Alih

Copyright © 2026 Grabjobs Pte.Ltd. All Rights Reserved.