KPMG

Senior Consultant - Cloud Security Architect

KPMG · Dubai, Dubai, United Arab Emirates

Accounting · 10,001+ employees

7 h ago
Senior (5-10 yrs) Full-time United Arab Emirates
Log in to apply, save this posting, or score it against your profile with AI.

About the role

The role involves designing and implementing secure cloud architectures and landing zones across Azure, AWS, and OCI. You will advise clients on secure cloud adoption, regulatory compliance, and security transformation programs.

What they look for

Cloud Security Architecture Microsoft Azure Microsoft 365 Azure Landing Zone Identity and Access Management DevSecOps Cloud Migration Security Governance Risk Management Infrastructure as Code Security Automation Cloud Compliance Network Security Microsoft Entra ID Security Assessments Stakeholder Management

Requirements

Candidates must have a strong track record in cloud security architecture, specifically with Azure and Microsoft 365, and previous Big4 consulting experience. Proficiency in IAM, DevSecOps, and various security frameworks like NIST and ISO is required.

Full description

Responsibilities

You will help deliver high-quality client engagements by:

  • Understanding clients’ business challenges, cloud ambitions, regulatory requirements, and threat landscape
  • Advising clients on secure cloud adoption, lift-and-shift migration, and landing zone security design
  • Designing and implementing security controls across Azure landing zones, including identity, networking, logging, governance, encryption, workload protection, and monitoring
  • Supporting security architecture across Azure, Microsoft 365, AWS, and OCI environment
  • Helping clients navigate cybersecurity regulations, security frameworks, and cloud compliance requirements
  • Advising on cloud security governance, operating models, control frameworks, and risk management
  • Assessing existing cloud environments against security baselines such as CIS, NIST, ISO, CAF, and cloud provider best practices
  • Helping clients optimize their digital and technical security controls across multiple layers of the cloud architecture stack
  • Using security architecture to define and support broader security transformation programs
  • Delivering automation of security controls, security posture reporting, and risk dashboards where relevant
  • Supporting small and medium-sized engagements independently and participating as a key team member in larger transformation programs
  • Supporting presales, proposal development, and business development activities
  • Building constructive and trusted relationships with clients, both at technical and senior stakeholder level
  • Acting as a trusted advisor and role model for quality, integrity, and risk management practices
  • Contributing to the continued development of KPMG’s cloud security services and professional network

The Person

We are looking for someone with a strong track record in cloud security architecture and consulting, with the ability to combine hands-on technical experience with strong client advisory skills.

The ideal candidate should have:

  • Proven experience in cloud security architecture, preferably with strong hands-on experience in Microsoft Azure and Microsoft 365
  • Practical experience with secure cloud migration, lift-and-shift scenarios, and Azure landing zone design or implementation
  • Strong understanding of Azure landing zone security, including management groups, subscriptions, RBAC, Azure Policy, Defender for Cloud, logging, network security, private endpoints, Key Vault, backup, and workload protection
  • Experience assessing, designing, or implementing security controls across multiple layers of the IT architecture stack
  • Strong knowledge of Identity and Access Management, including Microsoft Entra ID, Conditional Access, Privileged Identity Management, workload identities, and identity governance
  • Experience with cloud security assessments, security configuration reviews, privacy and regulatory risk assessments, and control framework mapping
  • Experience with DevSecOps concepts, infrastructure-as-code, policy-as-code, security automation, and continuous control monitoring is highly desirable
  • Experience delivering cybersecurity services in a commercial or consulting environment
  • Experience in one or more cloud service provider environments: Microsoft Azure, AWS, OCI, or GCP
  • Ability to analyze complex problems, identify core issues, and recommend practical and proportionate solutions
  • Ability to communicate clearly with both technical teams and senior stakeholders
  • Ability to translate complex cybersecurity topics into clear business risk, impact, and remediation advice
  • Ability to work at sustained levels of high intensity while maintaining quality, structure, and professionalism
  • Previous Big4 experience is a must for this role

Qualifications and Certifications

The candidate should ideally have a combination of cloud, security, and architecture certifications. We do not expect every candidate to hold all certifications, but one or more of the following would be highly valued.

  • Microsoft Certified: Cybersecurity Architect Expert – SC-100
  • Microsoft Certified: Cloud and AI Security Engineer Associate – SC-500
  • Microsoft Certified: Identity and Access Administrator Associate – SC-300
  • Microsoft Certified: Information Security Administrator Associate – SC-401
  • Microsoft Azure architecture or administrator certifications such as AZ-104 or AZ-305 are also beneficial
  • AWS Certified Security – Specialty
  • AWS Certified Solutions Architect – Professional
  • Google Cloud Professional Cloud Security Engineer
  • CISSP, CISM, CCSP, or comparable cybersecurity experience
  • SABSA, TOGAF, or comparable architecture experience is preferred