Position Overview

Leading FinTech company seeking a Zero Trust Architect to design and implement end-to-end Zero Trust security models across its cloud-native infrastructure. This high-impact role is focused on securing user identities, APIs, workloads, data, and developer environments- leveraging principles of least privilege, segmentation, continuous verification, and adaptive trust.

The ideal candidate has deep expertise in Zero Trust Architecture (ZTA), extensive experience in cloud security (GCP preferred), and a strong understanding of financial sector regulatory obligations.

What You'll Do

Zero Trust Architecture & Strategy

• Design and deploy a Zero Trust Architecture across the organisation, covering:
• User access
• Workload security
• Network segmentation Device trust
• Continuous authentication & posture-based access
• Develop and maintain enterprise-wide Zero Trust policies, control frameworks, and reference architectures.
• Guide the selection and integration of enabling technologies: identity providers (IdPs), IAM tools, policy engines, and segmentation platforms.
• Lead the creation of trust zones, least-privilege access models, and granular control boundaries across cloud environments.

Cloud & Identity Security

• Implement Zero Trust security within Google Cloud Platform (GCP), including:
• Identity-Aware Proxy (IAP) BeyondCorp Enterprise
• VPC Service Controls
• IAM Recommender and Context-Aware Access
• Enforce strong workload identity and federated access controls for internal services and APIs.
• Align all identity, device, and network layers to the principles of Zero Trust, ensuring secure-by-design development and operations.

Security Engineering & Governance

Work hands-on with engineering and platform teams to implement declarative access controls, security baselines, and secure CI/CD pipelines.

Create and maintain machine-readable policy templates (OPA/Gatekeeper, HashiCorp Sentinel). Define monitoring requirements for visibility into trust posture, access violations, and policy exceptions. Ensure Zero Trust implementations align with PCI-DSS, ISO 27001, SOC 2, and GDPR.

Who You Are

You are a cloud-native security architect with extensive experience in designing secure access models at scale. You understand the balance between developer productivity and robust control frameworks, and you have hands-on knowledge of how Zero Trust applies in real-world, production environments, especially within the FinTech or high-compliance sectors.

Essential Qualifications

• +5 years of experience in cybersecurity.
• Deep understanding of Zero Trust principles: segmentation, adaptive authentication, policy-based access control, continuous trust evaluation.
• Hands-on expertise with Google Cloud Platform (GCP) security architecture and native Zero Trust tools.
• Demonstrated experience with IAM architecture, SSO/MFA, IdPs, and federated identity frameworks (SAML, OIDC, SCIM).
• Familiarity with policy-as-code implementations (OPA, Rego, or Sentinel).
• Strong background in Kubernetes (GKE) and service mesh technologies (Istio, Linkerd).
• Experience aligning security models to compliance frameworks: PCI-DSS, NIST SP 800-207, ISO 27001.
• Excellent stakeholder communication skills, with ability to work cross-functionally across security, engineering, and GRC.

Nice to Have

Certifications:

• Google Professional Cloud Security Engineer
• Certified Zero Trust Architect (from CSA or vendor-specific) CISSP, CCSP, or CISM
• Experience with device trust enforcement and endpoint posture controls (CrowdStrike, BeyondCorp, Jamf, Microsoft Intune).
• Exposure to software-defined perimeter (SDP) tools or microsegmentation platforms ( Zscaler, Illumio, Appgate).
• Familiarity with confidential computing, remote browser isolation, and DLP in cloud environments. Background in secure remote work architecture and BYOD policy enforcement.

What You'll Gain

• Opportunity to design and lead Zero Trust implementation at the architecture level in a cutting-edge FinTech company.
• Work with global DevOps, Platform, and Security teams in a cloud-native, API-first environment.
• Ability to make architectural decisions that directly impact compliance, scale, and trust.
• Flexible, remote-first work culture with executive visibility.
• Greenfield opportunity to build a strategic control layer from the ground up.