SVP Cloud Security Engineer

We are BNY, a leading global financial services company at the center of the worlds financial system, influencing nearly 20% of global investible assets. Our culture supports employee growth and success, and we are known for bringing together bold ideas, advanced technology, and exceptional talent to shape the future of finance. This Senior Vice President, Cloud Security Engineer role sits on our Cloud Security team and is based in New York, NY or Pittsburgh, PA. In this position, we offer competitive compensation, comprehensive benefits, wellbeing programs, generous paid leave, and paid volunteer time, along with flexible global resources to support your personal and professional goals. We are also proud to be an equal opportunity employer and have been recognized for innovation, admiration, and social impact through recent industry awards.

- We need 6–10 years of experience in cloud security engineering, security engineering, DevSecOps, infrastructure security, or a closely related field.
- We require strong hands-on expertise securing workloads and services in AWS, Azure, or GCP.
- We expect a solid grasp of cloud security principles across IAM, networking, encryption, secrets management, logging, workload protection, resilience, and secure service consumption.
- We are looking for someone who can identify, evaluate, and champion AI use cases that improve cloud security outcomes.
- We require experience with security automation, orchestration, analytics, and AI-enabled security tools.
- We value experience implementing cloud security controls at scale in enterprise or regulated environments.
- We need familiarity with NIST SP 800-53, MCSB, and related control areas, including AC, AU, CM, IA, IR, RA, SC, and SI.
- We expect a strong understanding of Cloud Security Posture Management concepts such as continuous compliance monitoring, misconfiguration detection, exposure analysis, and governance workflows.
- We require experience with CSPM/CNAPP platforms such as Wiz, Prisma Cloud, Orca, Lacework, or similar solutions.
- We value hands-on experience with cloud-native policy and posture services such as AWS Config, AWS Security Hub, AWS Organizations SCPs, Azure Policy, Microsoft Defender for Cloud, GCP Organization Policy, and Google Security Command Center.
- We need experience building or supporting policy-as-code and automated guardrails using OPA/Rego or comparable frameworks.
- We require strong Infrastructure as Code and automation skills with Terraform, CloudFormation, ARM, Bicep, Python, or similar tools.
- We expect experience with container security, Kubernetes security, API security, vulnerability management, and cloud-native control implementation.
- We value experience supporting cloud security strategy, governance, standards, exception handling, remediation tracking, and risk reporting.
- We need strong technical judgment, problem-solving ability, and effective cross-functional collaboration skills.
- We require excellent written and verbal communication skills, including the ability to explain technical controls in business and risk terms.
- We need a bachelors degree in computer science, engineering, cybersecurity, or a related field, or equivalent practical experience.
- We prefer experience in a regulated industry such as financial services.
- We value familiarity with CIS Benchmarks, CSA CCM, OWASP, or NIST CSF.
- We prefer experience supporting remediation workflows tied to cloud security findings.
- We value exposure to architecture review, risk assessments, or cloud governance processes.
- We prefer relevant certifications such as AWS Security Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer, or CCSP.
- We need fluency working with tools and technologies such as KQL, Wiz, Splunk, Azure Policies, Bash, PowerShell, gcloud, Terraform, Log Analytics, Microsoft Sentinel, and GitLab in an enterprise environment.

- We lead the design, implementation, and continuous enhancement of cloud security controls across identity, network, encryption, key management, secrets management, logging, monitoring, and workload protection in AWS, Azure, or GCP.
- We identify and promote AI-enabled approaches that improve cloud security effectiveness.
- We support AI-driven capabilities for threat detection, risk analysis, automation, incident response, and security operations.
- We translate security and control requirements into repeatable engineering solutions and practical implementation standards.
- We design and implement technical controls aligned with NIST SP 800-53 and related enterprise requirements.
- We drive security for containers, Kubernetes, APIs, and cloud-native workloads.
- We mature Cloud Security Posture Management capabilities to uncover misconfigurations, policy breaches, excessive permissions, exposed assets, and control drift.
- We partner with engineering and cyber teams to optimize Wiz and similar CSPM/CNAPP platforms, including workflow integration, prioritization, remediation support, and reporting.
- We strengthen cloud-native posture and policy services such as AWS Config, AWS Security Hub, AWS Organizations SCPs, Azure Policy, Microsoft Defender for Cloud, GCP Organization Policy, and Security Command Center.
- We define and implement policy-as-code, automated guardrails, and Infrastructure as Code patterns to increase consistency and reduce manual effort.
- We provide senior technical guidance to cloud engineers, DevSecOps practitioners, and application teams on secure implementation practices.
- We collaborate with cloud architects and governance stakeholders to improve standards adoption, exception handling, and control coverage.
- We help establish cloud security metrics, remediation priorities, and technical reporting that support governance and risk management.
- We contribute to audits, regulatory reviews, and control assessments by explaining technical implementations, evidence, and remediation progress.
- We maintain and improve documentation for cloud security standards, design patterns, engineering procedures, and operating guidance.
- We support reviews of high-risk cloud initiatives and document residual risk, exceptions, and compensating controls.
- We participate in governance forums and audits with clear, defensible engineering rationale.
- We balance security, resilience, cost, and engineering usability in our decisions.
- We support cloud security strategy and governance through technical leadership, control implementation, and reporting inputs.
- We contribute to standards adoption, remediation governance, exception management, and security maturity initiatives.
- We work with stakeholders to improve control effectiveness and enable risk-based decision-making.
- We drive posture management processes across third-party and cloud-native capabilities.
- We improve the detection, prioritization, and remediation of misconfigurations, policy violations, and exposure risks.
- We help operationalize Wiz and similar tools alongside native cloud policies and governance workflows.
- We partner with engineering, platform, and security teams to embed AI capabilities into cloud security operations and decision-making.
- We streamline cloud security tools, processes, and workflows through intelligent automation and AI-driven insights.
- We promote the responsible use of AI as a force multiplier for cloud security effectiveness, scalability, and operational maturity.