Cloud Security Lead (Africa) at KPMG

Responsibilities

Strategy

• Provide support to the Africa region around cloud security initiatives 
• Leverage regional alliances with technology partners (e.g. Microsoft, Oracle, IBM, AWS, Google, etc) to drive proactive leads generation, joint pitch, pipeline management and conversions where required
• Manage, expand, and scale a team of security architects and engineers
• Participate in the development and publication of thought leadership
• Leverage local and global KPMG artefacts, SMEs, and other network assets to advance the firm’s platform agenda
• Provide domain expertise in cloud security and compliance and be a trusted technical advisor to customers. Solve cloud security and compliance challenges
• Create and deliver best practices recommendations, tutorials, blog articles, sample code, and technical presentations adapting to different levels of business and technical stakeholders

Client Impact

• Manage disparate executive stakeholders within customer environments to deliver consensus and lead positive customer outcomes
• Review and advise on best practices for security policies, procedures, and standards developed for client’s cloud infrastructure
• Provide subject matter expertise on security best practices and industry standards to the client’s technical teams
• Work with customers to design and develop cloud security architectures and solutions to meet and exceed their security requirements, through discussions, strategic presentations or recommendations, and implementation in Cloud environment
• Conduct regular security assessments of the cloud infrastructure to identify and mitigate security risks and vulnerabilities
• Develop and maintain incident response plans and procedures for the cloud infrastructure
• Manage the cloud infrastructure's access controls, including authentication and authorization mechanisms
• Monitor and analyse cloud infrastructure security logs and alerts to identify and respond to security incidents
• Develop and maintain disaster recovery plans and procedures for the cloud infrastructure
• Ensure that the cloud infrastructure meets compliance requirements such as SOC 2 and relevant data privacy regulations
• Stay up to date with the latest cloud security threats, vulnerabilities, and countermeasures

Finance

• Deliver on targets and goals (including sales goals)
• Provide annual budget input for the area of responsibility for approval and integration into service line/ growth area budget
• Manage the annual budget, including costs for designated area 

Requirements

• Bachelor's or Master’s degree in Computer Science, Electrical Engineering, Computer Engineering, Information Technology, or any other relevant field
• Minimum of 10 years’ experience in cloud security or related security roles
• Strong technical knowledge of cloud computing platforms such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)
• Expertise in cloud security tools such as CloudTrail, CloudWatch, Security Hub, GuardDuty, and Azure Security Center
• Experience in technical consulting and working with cross-functional teams and customers.
• Experience in Cloud Security delivered within the context of internal or customer facing roles
• Experience in recruiting and managing a team of experienced engineers on projects
• Strong knowledge of network security concepts such as firewalls, intrusion detection and prevention systems (IDPS), and virtual private networks (VPNs)
• Expertise in security incident response, including incident detection, analysis, containment, and recovery
• Familiarity with security testing tools and techniques such as vulnerability scanning, penetration testing, and threat modeling
• Experience with security information and event management (SIEM) systems such as Splunk and ELK
• Knowledge of authentication and authorization mechanisms such as OAuth, SAML, and LDAP
• Experience with security compliance frameworks such as SOC 2, relevant data privacy regulations, PCI-DSS etc
• Knowledge of container security and experience with container orchestration platforms such as Kubernetes
• Experience with Infrastructure-as-Code (IaC) tools such as Terraform and CloudFormation
• Strong communication and interpersonal skills to communicate technical information to both technical and non-technical stakeholders
• Experience leading cloud security projects and managing security teams
• Strong knowledge of cloud security best practices and industry standards
• Confident, tactful, and able to effectively influence others and deal effectively with senior leaders
• Critical thinking, presentation and analytical skills will be an advantage
• Strong communicator, including listening skills with an ability to translate insights across business and technology teams and to develop and present new ideas and conceptualize new approaches and solutions