Cloud Security Analyst -Canto -Insurance- 3M Contract- 42k

We’re looking for an IT Controls Analyst, Governance, Risk & Compliance to join our ETS Control and Governance team from Hong Kong. In this role, you are expected to assist a team focusing on infrastructure security to enforce security protections.

Key Responsibilities:

• Support security activities related to segregation and isolation of systems and environments, including implementation of network segmentation and access restrictions as required
• Assist in reviewing and validating access controls across cloud environments to ensure appropriate levels of access are maintained
• Work with application, infrastructure, and cloud teams to identify and track security control gaps, and follow through on remediation actions
• Support implementation and validation of security controls across infrastructure domains, including network security configurations and cloud access controls
• Assist with security control testing, evidence collection, and documentation, supporting audit and compliance requirements
• Coordinate with internal teams and third-party vendors to track security-related tasks and ensure timely delivery of agreed actions
• Maintain documentation of configurations, exceptions, and temporary arrangements to ensure transparency and auditability
• Provide general support to infrastructure security initiatives, including: Network security reviews (e.g., firewall rules, NSGs), Cloud access control governance (e.g., RBAC, privileged access).
• Tracking of security improvements and remediation activities
• Where applicable, support the team in automation of repetitive security processes, including using scripting or AI-assisted tools to improve efficiency in areas such as access review, reporting, and remediation tracking

Qualifications:

• 3-5 years of experience on cloud engineering or architecture or DevOps on public cloud such as Azure and AWS.
• 2 – 4 years of progressive experience related to cloud security including cloud network security.
• Strong security mindset, Knowledge and understanding of any industry standard Access Management Framework, Principal of Least Privileged Access, Just-in-Time Access, RBAC and ABAC etc.
• Strong “automation-first” mindset. Writes automation(s) to streamline common tasks, tests, and workflows.
• Knowledge of following cloud platforms and Devop tools: AWS, Terraform, Github, GitHub Actions, Python, JIRA, Confluence,
• Self-driven, able to meet objectives with a minimal amount of managerial oversight/supervision.
• A team player who can interact with various internal functions such as business unit security officers, security engineers, reliability engineers, DevOps engineers.
• Advocate constant learning from both success and failure, and encourages openness to change and continuous improvement
• Proficient in English, both verbal and written

Argyll Scott Asia is acting as an Employment Business in relation to this vacancy.