About this role
Grow your career with us
Here at Averis, our common purpose is to improve lives by developing resources sustainably. Our people are crucial in helping us to realise our vision to be one of the best Global Business Solution (GBS) organization to support our customers in creating value for the Community, Country, Climate, Customer and Company.
Responsibilities: We are the Global Shared Services Centre for a major client RGE (Royal Golden Eagle), one of the world’s largest resource-based manufacturing groups with diversified business in Pulp and Paper, Palm Oil (upstream & downstream), Viscose Fiber, FMCG, Energy, and other business segments. As Cybersecurity Architect, you will be the authority on securing the Group’s rapidly expanding cloud footprint across AWS, and hybrid environments. You will define cloud security architecture, standards, and reference patterns that protect enterprise workloads, data, and identities as the organisation migrates SAP S/4HANA (RISE), M365, infrastructure, and business applications to the cloud. This is a hands-on architectural role bridging cybersecurity strategy with cloud engineering execution.
You are on a journey to join an exciting Company and be part of our success story. Here we will equip you with the know-how and experience that will define your growth. In this role that you are about to embark on, you are required to carry out the following responsibilities:
• Provide the overall technical direction for cybersecurity strategy and architecture, across a hybrid on-premise and cloud landscape • Design and maintain the Group’s cloud security reference architecture across AWS and hybrid environments, covering landing zones, network security, identity, data protection, and workload security. • Define cloud security standards, guardrails, and policies aligned with frameworks such as NIST CSF, CIS Benchmarks, ISO 27001, and CSA Cloud Controls Matrix; ensure adoption across all cloud deployments. • Architect identity and access management (IAM) solutions for hybrid environments including Entra ID, conditional access, privileged identity management (PIM), and zero-trust architecture principles. • Lead cloud security posture management (CSPM) strategy using tools such as Microsoft Defender for Cloud, AWS Security Hub, or third-party CSPM platforms; drive continuous compliance monitoring and remediation. • Design secure network architectures for cloud: micro-segmentation, WAF, DDoS protection, private endpoints, service endpoints, and hybrid connectivity security (ExpressRoute / Direct Connect / VPN). • Provide security architecture guidance for SAP RISE / S/4HANA cloud migration, M365 tenant hardening, and cloud-native application development (containers, serverless, API security). • Develop an AI agentic-first security review and vulnerability management pipeline to strenghtn our security posture while enabling automation. • Define and operationalise cloud security monitoring, detection, and response capabilities, integrating cloud logs and alerts into the Group’s SIEM/SOAR platform. • Collaborate with Infrastructure/Network Ops on secure cloud landing zone deployment, IaC security (Terraform, ARM), and DevSecOps pipeline integration (SAST, DAST, SCA). • Provide technical leadership on cloud data protection: encryption at rest and in transit, key management (AWS KMS), DLP policies, and data classification enforcement. • Stay current with emerging cloud threats, vulnerabilities, and attack techniques; advise leadership on evolving risk posture and recommend mitigation strategies.
To be successful in this role, it is recommended that you should have the following skills and qualifications: • A degree in the related job field. • At least 8 years or more working exposure or experience in a similar role. • Willing to relocate to the job location.
When you send us your resume and personal details, it is deemed you have provided your consent for us to keep or store your information in our database. All the information you have provided is only used for the recruitment process. Averis will only collect, use, process or disclose personal information where and when allowed to under applicable laws. Only shortlisted candidates will be contacted for an interview. We endeavour to respond to every applicant. However, if you receive no response from us within 60 days, please consider your application for this specific position unsuccessful. We may contact you in the future if there are opportunities that match your qualifications and experience. Thank you for considering a career with Averis.