Senior Cloud Security Lead / Project Manager

Role Overview

This is the most senior role in the India office and serves as the on-ground leadership position. The Senior Cloud Security Lead will be responsible for designing, implementing, and governing MK Techs cloud security posture across Azure and Microsoft 365, with deep expertise in Microsoft Defender for Cloud. Simultaneously, this individual will act as the Project Manager for the India team, coordinating deliverables, sprint planning, stakeholder communication, and ensuring alignment with the Australian development team.

This role is critical to the ISO 27001 certification programme and will own the security controls, risk assessments, and audit readiness from a technical perspective.

Key Responsibilities

Lead the India office team of 5 members; manage workload allocation, mentoring, and performance reviews.

Act as the primary Project Manager: run daily stand-ups, sprint planning, retrospectives, and maintain project boards (Github Projects).

Serve as the single point of contact between the India operations team and the Australian development/leadership team.

Own MK Techs corporate security architecture: M365 tenant hardening, Entra ID identity and access (Conditional Access, PIM), Defender for Endpoint on employee devices, and DLP across M365 workloads.

Provide governance-level ofersight of product security on Vercel + AWS: review IAM posture, OIDC federation, Vercel WAF configuration, AWS Security Hub / GuardDuty findings, and Datdog-based monitoring coverage. Day-to-day operations are executed by the SOC Analyst + Cloud Engineers.

Establish and enforce security policies, RBAC models, conditional access policies, and data loss prevention (DLP) rules across cloud services.

Drive the ISO 27001 certification programme: develop the Statement of Applicability (SoA), risk treatment plans, and technical controls mapping.

Conduct periodic security assessments, vulnerability scans, penetration test coordination, and remediation tracking.

Oversee incident response processes, escalation procedures, and post-incident reviews.

Collaborate with the SOC Analyst + Cloud Engineers to build a unified SOC workflow covering detection, investigation, and response.

Produce executive security reports, dashboards, and compliance status updates for Australian leadership.

Required Skills & Expertise

Deep hands-on expertise with Microsoft 365 security.

Strong working knowledge of at least one public cloud security programme end-to-end, ideally exposure to both Microsoft Defender for Cloud and AWS Security Hub / Guard Duty / IAM Access Analayzer; able to reason about CSPM findings on either.

Comfort with serverless and SaaS platform security concepts: Vercel, AWS Lambda-style execution, OIDC federation between Vercel and AWS, edge WAFs.

Experience with ISO 27001:2022 implementation, ISMS documentation, and audit preparation.

Proven project management skills: Agile/Scrum methodology, stakeholder management, and cross-timezone coordination.

Proficiency in security frameworks: NIST CSF, CIS Benchmarks, MITRE ATT&CK.

Experience managing teams of 5+ people in a distributed/hybrid work model.

Excellent written and verbal communication skills for executive-level reporting.

Hands-on scripting ability (PowerShell, KQL) for automation and security analysis.

Nice to Have

PMP, PRINCE2, or Certified ScrumMaster (CSM) certification.

Microsoft Certified: Security Operations Analyst Associate (SC-200) or Cybersecurity Architect Expert (SC-100).

AWS Certified Security: Speciality or (ISC) CCSP

Experience in SaaS product companies or PropTech/EdTech domains.

Familiarity with CI/CD pipeline security in GitHub Actions and Azure DevOps.

Qualifications

Bachelors or Masters degree in Computer Science, Information Security, or a related field.

810 years of total IT experience with at least 5 years in cloud security and 2+ years in a team lead or PM capacity.

Industry certifications such as CISSP, CISM, AZ-500, SC-100, or AWS Security Specialty are strongly preferred.