Architect & Cloud & Networking Manager

Role Purpose The Architect, Cloud & Networking Manager serves as the primary technical authority for the design, structural integrity, and governance of the enterprise Azure ecosystem. This role is tasked with the strategic transformation and optimization of the current environment, aligning it with the Microsoft Cloud Adoption Framework (CAF) and transitioning legacy configurations into a robust, scalable Azure Landing Zone. As a functional lead, this role provides the architectural "North Star" for IT Operations, defining the standards, networking rules, and governance guardrails that ensure a secure, resilient, and high-performing cloud platform.

• Microsoft Cloud Adoption Framework (CAF) Implementation: Lead the architectural alignment with the CAF to ensure the environment is ready for enterprise-scale growth and innovation.
• Landing Zone Orchestration: Design and evolve the Azure Landing Zone (Enterprise-Scale) to provide standardized, governed foundation for all business workloads.
• Environment Optimization: Proactively identify and remediate legacy technical-debt, consolidating resources and modernizing infrastructure, with execution performed by IT Operations, to improve reliability and security.

• Connectivity Architecture: Design and govern complex hybrid networking solutions, including Hub-and-Spoke topologies, Azure Virtual WAN, ExpressRoute, and VPN gateways.
• Zero-Trust Networking: Architect and enforce security boundaries, working closely with the InfoSec Governance & Operation team, using Azure Firewall, NSG, Application Gateway WAF, and a comprehensive private link strategy to secure PaaS.
• Traffic management: Optimize global and regional traffic flow to ensure high availability and low latency for critical business applications.
• Compliance: Design architectures and controls to enable compliance with regulatory and security frameworks (ISO 27001, SOC 2, NIST), while compliance execution and evidence collection remain with IT operations and Infosec.

• Guardrails: Define and enforce global Azure Policies and Management Group structures to ensure compliance.
• Identify & Access Governance: Own the architecture of Microsoft Entra ID, including Privilege Access Management, Conditional Access, RBAC models, to maintain a strict “least Privilege” posture.
• FinOps: Define FinOps architecture, tagging standards, and cost-allocation models, operational cost execution remains with IT Operation.
• Resilience & Disaster Recovery (DR): Architect high-availability (HA) and DR patterns and solutions, required to meet RTO and RPO. DR execution, testing, and operational readiness are owned by IT Operations.

• Architectural Synergy: Collaborate closely with the Software Architecture & Development Manager to align cloud infrastructure delivery with the Application Development Lifecycle (SDLC).
• CI/CD Pipeline Governance: Design the "Guardrails" for deployment pipelines (Azure DevOps/GitHub Actions) to ensure that automated deployments meet security, networking, and compliance standards without slowing down development velocity.
• Platform Engineering: Build the foundational "Self-Service" capabilities that allow developers to provision approved environments within the Azure Landing Zone autonomously.

• Architectural Guidance: Produce comprehensive High-Level (HLD) and Low-Level Designs (LLD) to serve as the blueprint for IT Operations and project teams.
• Standardization: Develop and maintain the official "Cloud Standards" library, providing IT Operations with the networking rules and playbooks required for consistent execution.
• Modernization Strategy: Lead the shift from manual configuration to an Automation-First culture, providing the technical vision required to drive repeatable and error-free deployments.
• Infrastructure as Code (IaC) Standards: Define the governance for IaC (Terraform/Bicep), ensuring that infrastructure patterns are modular, reusable, and easily consumed by development teams.

• IT Operations & Service Management Alignment: Define operational hand-off procedures and create the technical standards/SOPs that enable the Ops team to maintain the environment.
• Software Architecture & Development Partnership: Ensure the cloud platform supports modern application patterns (AKS, Serverless) and meets developer experience (DevEx) requirements.
• InfoSec Governance & Operation Partnership: Translate security policies provided by InfoSec into automated cloud guardrails, ensuring the environment is "compliant-by-design."
• Platform (Application) Owner Advocacy: Ensure application requirements (performance, availability, and scalability) are met within the cloud architecture while maintaining alignment with broader platform goals.
• Architecture Authority: Chair ARB as standing authority in Group Architecture Review Board and Change Advisory Board (CAB) for all cloud, network-related change, including application deployment.

• Required: Microsoft Certified: Azure Solutions Architect Expert (AZ-305).
• Framework Mastery: Deep understanding of the Microsoft Cloud Adoption Framework (CAF).

• Azure Specialist: Extensive experience architecting Azure environments with a proven track record of implementing Azure Landing Zones and CAF methodologies.
• Network Authority: Deep technical expertise in routing (BGP, UDR), DNS, load balancing, and network security.
• DevOps Strategist: High proficiency in Terraform/Bicep and experience governing Azure DevOps or GitHub Actions.
• Strategic Partner: Proven ability to balance the agility needs of Software Development and Platform Owners with the strict security requirements of InfoSec.

• 10–12+ years in IT Infrastructure, with at least 5 years specifically focused on Azure.
• Transformation Leadership: Proven track record of leading a large-scale migration or "re-platforming" project from legacy/unmanaged cloud setups to a CAF-aligned Landing Zone.
• Networking Heavyweight: Extensive experience managing complex global networks, including ExpressRoute, SD-WAN integration, and large-scale Hub-and-Spoke VNet.
• Regulated Environments: Experience working in environments with strict compliance needs (e.g., ISO 27001, NIST, or SOC2), where security is not optional.
• DevOps at Scale: Hands-on experience implementing Infrastructure as Code (Terraform/Bicep) within a shared-services model.

• Expert Level: Deep understanding of the Azure Well-Architected Framework (WAF).