Risk Consulting - Digital Risk - Manager - Cloud

Manager – Cloud (Risk Consulting – Digital Risk)

The opportunity

The objective of our Risk Consulting services is to provide clients with a candid and reliable overview of their risk landscape. Our solutions enable clients to build confidence and trust with customers, regulators, and the broader market.

Within Cloud Risk and Security, this role focuses on leading engagements that assess, test, and validate cloud security and risk controls across AWS, Azure, and Google Cloud Platform environments. The role involves working closely with IT, cloud engineering, security teams, and business stakeholders to ensure that cloud environments are secure, resilient, and aligned with business objectives and regulatory requirements.

Your key responsibilities

• Operate as a fieldwork leader, assisting clients in identifying, assessing, and monitoring cloud-related security and technology risks.
• Lead and execute cloud security and risk assessments, including control design and operating effectiveness testing across AWS, Azure, and GCP.
• Collaborate with engagement teams to plan engagements, develop work programs, timelines, risk assessments, and testing procedures.
• Serve as a fieldwork leader by directing daily testing activities, tracking engagement progress, and managing staff performance.
• Perform cloud architecture and configuration reviews covering landing zones, identity models, network segmentation, encryption and key management, logging and monitoring, and backup and disaster recovery.
• Assess cloud governance and security controls aligned to shared responsibility models and industry frameworks.
• Prepare high-quality deliverables, reports, and recommendations aligned with US work product quality standards.

Skills and attributes for success

• Strong fundamentals across cloud risk and cloud security, with hands-on experience across AWS, Azure, and Google Cloud Platform.
• Strong audit mindset with the ability to design, execute, and evidence control testing across cloud environments.
• Proven experience leading cloud security audits, risk assessments, architecture reviews, and maturity assessments.
• Practical experience assessing controls related to identity and access management, network security, encryption and KMS, logging and monitoring/SIEM, backup and disaster recovery, and data protection.
• Experience with containerized and cloud-native environments, including Kubernetes, serverless, and workload security.
• Proven ability to lead multi-location teams, manage delivery risks, and deliver high-quality outcomes within agreed timelines and budgets.
• Strong written and verbal communication skills in English (non-negotiable).
• Ability to manage time effectively and work in US time zones, as per project needs.
• Exposure to cyber-related risk or security activities is an added advantage.

Behavioral Skills

• Demonstrates adaptability and agility, with a strong commitment to continuous learning across cloud platforms and emerging technologies.
• Exhibits end-to-end engagement leadership, delivering cloud security audits and risk assessments across complex environments.
• Brings an innovation-oriented mindset, leveraging automation and analytics to enhance control testing efficiency and continuous monitoring.
• Actively contributes to practice-building initiatives, including development of accelerators, tools, and reusable assets.
• Proven ability to lead, mentor, and guide teams to deliver high-quality outcomes.
• Communicates effectively and manages stakeholder expectations across technical and business audiences.

To qualify for the role, you must have.

• Bachelor’s or Master’s degree with 7–12 years of total experience, including 3–5 years in cloud security or cloud risk roles.
• Cloud security certifications such as CCSP or CCSK, AWS Security Specialty, Azure Security Engineer, or equivalent.
• Demonstrated experience in cloud security audits, risk assessments, architecture reviews, and control testing.
• Experience designing and assessing controls across identity and access management, network security, encryption and KMS, logging and monitoring, backup and disaster recovery, and data protection.
• Familiarity with regulatory frameworks and compliance standards such as ISO 27001, NIST CSF, SOC 2, PCI DSS, and privacy expectations.
• Client-facing experience working with engineering, security, and risk stakeholders.

Ideally, you’ll also have

• Exposure to container security, Kubernetes, Zero Trust concepts, SASE/SSE, CASB, or cloud-native security tooling is preferred.
• Experience supporting regulated industries or large-scale cloud transformations or migrations is an added advantage.