Senior Consultant - Cloud Security Architect
KPMG · Dubai, Dubai, United Arab Emirates
Accounting · 10,001+ employees
About the role
The role involves designing and implementing secure cloud architectures and landing zones across Azure, AWS, and OCI. You will advise clients on secure cloud adoption, regulatory compliance, and security transformation programs.
What they look for
Requirements
Candidates must have a strong track record in cloud security architecture, specifically with Azure and Microsoft 365, and previous Big4 consulting experience. Proficiency in IAM, DevSecOps, and various security frameworks like NIST and ISO is required.
Full description
Responsibilities
You will help deliver high-quality client engagements by:
- Understanding clients’ business challenges, cloud ambitions, regulatory requirements, and threat landscape
- Advising clients on secure cloud adoption, lift-and-shift migration, and landing zone security design
- Designing and implementing security controls across Azure landing zones, including identity, networking, logging, governance, encryption, workload protection, and monitoring
- Supporting security architecture across Azure, Microsoft 365, AWS, and OCI environment
- Helping clients navigate cybersecurity regulations, security frameworks, and cloud compliance requirements
- Advising on cloud security governance, operating models, control frameworks, and risk management
- Assessing existing cloud environments against security baselines such as CIS, NIST, ISO, CAF, and cloud provider best practices
- Helping clients optimize their digital and technical security controls across multiple layers of the cloud architecture stack
- Using security architecture to define and support broader security transformation programs
- Delivering automation of security controls, security posture reporting, and risk dashboards where relevant
- Supporting small and medium-sized engagements independently and participating as a key team member in larger transformation programs
- Supporting presales, proposal development, and business development activities
- Building constructive and trusted relationships with clients, both at technical and senior stakeholder level
- Acting as a trusted advisor and role model for quality, integrity, and risk management practices
- Contributing to the continued development of KPMG’s cloud security services and professional network
The Person
We are looking for someone with a strong track record in cloud security architecture and consulting, with the ability to combine hands-on technical experience with strong client advisory skills.
The ideal candidate should have:
- Proven experience in cloud security architecture, preferably with strong hands-on experience in Microsoft Azure and Microsoft 365
- Practical experience with secure cloud migration, lift-and-shift scenarios, and Azure landing zone design or implementation
- Strong understanding of Azure landing zone security, including management groups, subscriptions, RBAC, Azure Policy, Defender for Cloud, logging, network security, private endpoints, Key Vault, backup, and workload protection
- Experience assessing, designing, or implementing security controls across multiple layers of the IT architecture stack
- Strong knowledge of Identity and Access Management, including Microsoft Entra ID, Conditional Access, Privileged Identity Management, workload identities, and identity governance
- Experience with cloud security assessments, security configuration reviews, privacy and regulatory risk assessments, and control framework mapping
- Experience with DevSecOps concepts, infrastructure-as-code, policy-as-code, security automation, and continuous control monitoring is highly desirable
- Experience delivering cybersecurity services in a commercial or consulting environment
- Experience in one or more cloud service provider environments: Microsoft Azure, AWS, OCI, or GCP
- Ability to analyze complex problems, identify core issues, and recommend practical and proportionate solutions
- Ability to communicate clearly with both technical teams and senior stakeholders
- Ability to translate complex cybersecurity topics into clear business risk, impact, and remediation advice
- Ability to work at sustained levels of high intensity while maintaining quality, structure, and professionalism
- Previous Big4 experience is a must for this role
Qualifications and Certifications
The candidate should ideally have a combination of cloud, security, and architecture certifications. We do not expect every candidate to hold all certifications, but one or more of the following would be highly valued.
- Microsoft Certified: Cybersecurity Architect Expert – SC-100
- Microsoft Certified: Cloud and AI Security Engineer Associate – SC-500
- Microsoft Certified: Identity and Access Administrator Associate – SC-300
- Microsoft Certified: Information Security Administrator Associate – SC-401
- Microsoft Azure architecture or administrator certifications such as AZ-104 or AZ-305 are also beneficial
- AWS Certified Security – Specialty
- AWS Certified Solutions Architect – Professional
- Google Cloud Professional Cloud Security Engineer
- CISSP, CISM, CCSP, or comparable cybersecurity experience
- SABSA, TOGAF, or comparable architecture experience is preferred