Cloud Security Assurance Consultant

Using your advanced expertise in cloud security architecture, assurance methodologies, and multi‑cloud environments, you will lead cloud security assessments, validate cloud control implementations, and provide authoritative guidance on cloud security posture while supporting enterprise cloud transformation and modernization initiatives across AWS, Azure, and GCP platforms.

• Lead comprehensive security architecture reviews for cloud-native and hybrid cloud solutions.
• Validate cloud security designs against industry frameworks including NIST CSF, CIS Benchmarks, and CSA CCM.
• Assess cloud architecture patterns for IaaS, PaaS, SaaS, and containerised workloads.
• Provide authoritative guidance on secure multi‑cloud and hybrid cloud architectures.
• Evaluate cloud migration security strategies and transformation roadmaps.
• Interface with cloud architects and enterprise architecture teams on security requirements.

• Design and execute cloud security assessments across AWS, Azure, and GCP environments.
• Conduct cloud configuration reviews and security posture assessments.
• Lead cloud penetration testing engagements following CREST and CHECK methodologies.
• Perform container and Kubernetes security assessments.
• Assess serverless and microservices security implementations.
• Validate Infrastructure as Code (IaC) security controls and deployment pipelines.

• Lead cloud compliance assessments against ISO 27017, ISO 27018, and SOC 2 requirements.
• Conduct cloud security audits for regulatory frameworks including GDPR, NIS2, and DORA.
• Assess cloud service provider security controls and shared responsibility models.
• Validate cloud governance frameworks and policy enforcement mechanisms.
• Review cloud security posture management (CSPM) implementations.
• Coordinate cloud security audits with internal and external audit teams.

• Assess cloud IAM architectures including Azure AD, AWS IAM, and GCP IAM.
• Validate privileged access management and just‑in‑time access controls.
• Review federated identity, SSO, and multi‑factor authentication implementations.
• Assess service account security and workload identity configurations.
• Evaluate cloud entitlement management and least privilege implementations.
• Validate identity governance and administration controls.

• Assess cloud data protection strategies including encryption at rest and in transit.
• Validate cloud key management service implementations and BYOK configurations.
• Review data residency, sovereignty, and cross‑border data transfer controls.
• Assess cloud backup, disaster recovery, and business continuity arrangements.
• Validate data classification and cloud DLP implementations.
• Review cloud database security and secrets management solutions.

• Assess security integration in cloud CI/CD pipelines and DevOps workflows.
• Validate shift‑left security practices and automated security testing.
• Review Infrastructure as Code security scanning and policy‑as‑code implementations.
• Assess container image security and registry vulnerability management.
• Evaluate cloud workload protection platforms and runtime security controls.

li>Mastery of cloud security across AWS, Azure, and GCP platforms.
• Expert knowledge of cloud security frameworks (CSA CCM, NIST SP 800‑53, CIS Benchmarks).
• Advanced experience in cloud security architecture review and validation.
• Deep understanding of cloud‑native security services and CSPM tools.
• Comprehensive knowledge of container security, Kubernetes, and serverless security.

• AWS Security: Security Hub, GuardDuty, IAM Access Analyzer, KMS, CloudTrail, Config.
• Azure Security: Defender for Cloud, Sentinel, Azure Policy, Key Vault, Monitor.
• GCP Security: Security Command Center, Cloud Armor, IAM, Cloud KMS, Logging.
• Multi‑cloud tools: Prisma Cloud, Wiz, Orca Security, CloudHealth, Dome9.
• IaC security: Terraform, CloudFormation, ARM templates, policy‑as‑code frameworks.

• Cloud security assessment frameworks and methodologies.
• Cloud penetration testing tools and techniques (Pacu, ScoutSuite, Prowler, CloudMapper).
• Threat modelling for cloud architectures (STRIDE, PASTA).
• Security control validation and effectiveness testing.
• Vulnerability assessment and remediation prioritisation.

• Senior‑level communication and presentation capabilities to technical and business stakeholders.
• Advanced facilitation skills for cloud security architecture reviews.
• Strategic thinking and cloud security roadmap development.
• Cross‑functional collaboration with DevOps, Platform Engineering, and Cloud CoE teams.
• Client consulting and advisory skills for cloud transformation programmes.

• CISSP (Certified Information Systems Security Professional) or CCSP (Certified Cloud Security Professional) — Mandatory.
• Cloud platform security certification: AWS Security Specialty, Azure Security Engineer, or GCP Professional Cloud Security Engineer — Required.
• CREST CRT or CCT (Cloud/Infrastructure) or equivalent penetration testing certification — Required.
• Kubernetes security certification (CKS, CKAD) — Preferred.
• Eligible: UK SC security clearance.

• Bachelor's degree in Computer Science, Information Security, Cybersecurity, or related field.
• Master's degree in a relevant discipline preferred.
• Advanced professional certifications in cloud security and assurance.

• 6+ years of progressive experience in information security focusing on cloud security.
• 3+ years conducting cloud security assessments and architecture reviews.
• Proven track record delivering cloud security assurance engagements for enterprise clients.
• Experience across multiple cloud platforms (AWS, Azure, GCP) in production environments.
• Hands‑on experience with cloud security tools, CSPM, and cloud penetration testing.

• Cloud security assessment program delivery and quality assurance.
• Cloud security methodology development and continuous improvement.
• Client advisory on cloud security transformation initiatives.

• CISSP or CCSP demonstrating strategic cloud security leadership.
• AWS Security Specialty, Azure Security Engineer, or GCP Professional Cloud Security Engineer for platform expertise.
• CREST CRT/CCT for recognized penetration testing authority.
• Continuous professional development in emerging cloud security technologies.

• Dynamic cloud security consulting environment with diverse client engagements.
• Regular interaction with cloud architects, DevOps teams, and IT leadership.
• Fast‑paced cloud transformation projects requiring continuous learning.

We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensures continuous growth and development opportunities for our people. We also offer flexible work options.

We are an equal opportunities employer. We believe in the fair treatment of all employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer—creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long‑term health conditions affecting their daily activities, ensuring that barriers are eliminated during the recruitment process. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.

NTT DATA is one of the world's largest global security service providers, partnering with some of the most recognised security technology brands. We are looking for passionate, curious, and motivated individuals to join our team. We are a business with a global reach that empowers local teams, undertakings hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues and clients on exciting projects.

Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well‑being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We also share a range of inclusion networks, including the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network, and the Parent Network.