Apply now »

Cloud and DevSecOps Manager

Date:  6 Feb 2025
Location: 

Melbourne, VIC, AU

Department:  Technology & Transformation
Description: 

Job Requisition ID: 37241 

  • Flexible work arrangements - work in a way that suits you best.
  • Rewards platform - your hard work won't go unnoticed at Deloitte.
  • Training and development - at Deloitte we believe in investing in our best assets, the people! You will have access to world class training and funding towards industry and other professional certifications.

 

The Cloud and DevSecOps Manager will lead cloud security initiatives and DevSecOps practices in a banking or other highly regulated environment. This supervisory-level role ensures secure, scalable, and compliant cloud operations, focusing on modern cloud technologies and best practices. The manager will coordinate and assess cloud security strategies, guide teams in operationalising DevSecOps, and oversee compliance with industry standards.

This role is based in Melbourne, with a requirement to work on-site at the client’s office three days per week.

 

Key Responsibilities:

  1. Cloud Security Leadership
    • Lead the implementation and assessment of cloud security frameworks and strategies across Microsoft Azure (preferred), AWS, and Google Cloud.
    • Drive secure cloud adoption by guiding the team in building, monitoring, and optimising infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS) environments.
    • Provide expertise in core cloud security principles while ensuring alignment with business objectives.
    • Preferred certifications:
      • Microsoft Azure: AZ-900 (Fundamentals) and AZ-500 (Security Engineer Associate).
      • AWS: AWS Certified Solutions Architect – Associate.
      • Google Cloud: Google Cloud Digital Leader.
  2. Cloud-Native Security Solutions
    • Lead the selection, integration, and operationalisation of Cloud-Native Application Protection Platforms (CNAPP), including tools for:
      • Cloud Security Posture Management (CSPM).
      • Infrastructure-as-Code (IaC) Scanning.
      • Kubernetes Security Posture Management (KSPM).
      • Cloud Infrastructure Entitlement Management (CIEM).
      • Software Bill of Materials (SBOM) for supply chain security.
    • Tools expertise: Prisma Cloud, Wiz.io, Snyk.io, Microsoft Defender, Azure Policy, GitHub Advanced Security, CrowdStrike.
  3. DevSecOps Leadership and Governance
    • Oversee the design and operationalisation of the DevSecOps Software Factory, implementing pipelines to embed security in the development lifecycle.
    • Develop and execute a DevSecOps RACI model, operating model, and governance framework to define roles, responsibilities, and accountability across teams.
    • Coordinate threat modelling, automated testing, and secure coding practices to ensure the delivery of secure, high-quality software.
  4. Continuous Monitoring and Incident Response
    • Lead the development of a robust monitoring and incident response program for cloud environments using tools like Azure Monitor, AWS CloudTrail, and Google Operations Suite.
    • Supervise the creation and execution of incident response playbooks for misconfigurations, data leaks, unauthorised access, and other cloud-native threats.
    • Ensure visibility and oversight of cloud environments to proactively identify and remediate potential risks.
  5. Compliance Management and Governance
    • Ensure compliance with Australian regulatory standards such as Essential Eight, IRAP, and APRA CPS 234 (Prudential Standard), as well as global standards like ISO 27001, PCI-DSS, and SOC 2.
    • Lead audits and assessments to ensure adherence to data sovereignty, risk management, and regulatory obligations within a highly regulated environment.
    • Oversee identity and access management (IAM), encryption, key management, and secure configurations as part of compliance and governance strategies.
  6. Infrastructure-as-Code (IaC) Security
    • Lead the team in securing IaC tools like Terraform, Azure Resource Manager (ARM), and AWS CloudFormation.
    • Oversee processes for identifying and remediating misconfigurations in IaC templates, minimising security risks in automated deployments.
  7. Collaboration, Stakeholder Engagement, and Leadership
    • Work independently and lead cross-functional teams (developers, IT, and security specialists) to deliver secure, scalable cloud solutions.
    • Translate technical security strategies into actionable business outcomes and present to senior management and stakeholders.
    • Foster an environment of collaboration to achieve security goals while aligning with business priorities.

Skills and Experience Required:

  • Cloud Expertise: Strong leadership in Microsoft Azure (preferred), AWS, and Google Cloud technologies, including IaaS, PaaS, and SaaS.
  • Cloud Security Tools: Proficiency in Wiz.io, Snyk.io, Prisma Cloud, Azure Defender, Azure Policy, GitHub Advanced Security, and CrowdStrike.
  • Compliance Knowledge: Deep understanding of Australian and global regulatory standards, including APRA CPS 234, Essential Eight, IRAP, ISO 27001, PCI-DSS, and SOC 2.
  • DevSecOps Governance: Experience in establishing and operationalising a DevSecOps governance framework, including the RACI model and Software Factory design.
  • Incident Response: Leadership in incident response planning and monitoring for cloud-native environments.

 

Additional Requirements:

  • This role is based in Melbourne. Candidates must have the ability to work on-site at the client’s office three days per week while maintaining flexibility for remote collaboration.

 

Why Deloitte

 At Deloitte, we focus our energy on interesting and impactful work. We’re always learning, innovating, and setting the standard; making a positive difference to our clients and our society. We put coaching at the heart of what we do, helping our people grow their careers in any direction – whether it be up, moving into something new, or even moving across the world.  

We embrace diversity, equity, and inclusion. We have a diverse collection of people from different backgrounds, with different experiences, gender identities, abilities and thinking styles. What binds us together is a shared commitment to value everyone’s perspective and to cultivate inclusion; so that our work environment is a safe space we can all belong. 

We prioritise flexibility and choice. At Deloitte, you get trust on Day 1. We know our people get their best work done when they’re in control of where and how they work, designing their work week around their client, team, and personal commitments.

 We help you live and work well. To support your personal and professional life, we offer a range of perks and benefits, including retail discounts, wellbeing leave, paid volunteering days, twelve flexible working options, market-leading parental leave and return to work support package. 

 

Next Steps

Sound like the sort of role for you? Apply now, we’d love to hear from you!

 

 

 

 

 

By applying for this job, you’ll be assessed against the Deloitte Talent Standards. We’ve designed these standards so that you can grow in your career, and we can provide our clients with a consistent and exceptional Deloitte employee experience globally. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.

Apply now »