Principal Governance Analyst - Application Security

About this role

Requirements

• Strong understanding of cloud security (e.g., AWS), container security, and container orchestration (Kubernetes preferred)
• Working knowledge of AI/ML security risks, model lifecycle considerations, and emerging regulatory expectations
• Experience translating technical designs, risks, and controls into documentation suitable for auditors, regulators, and senior leadership
• Experience writing or maintaining policies, standards, or control documentation in a regulated environment
• Ability to challenge respectfully, influence decision makers, and take a clear position when ambiguity exists
• Demonstrated ability to partner effectively with senior engineers and architects without needing to be the deepest SME
• Strong understanding of audit processes and what mature controls and evidence look like
• Excellent communication skills, with the ability to simplify complex technical topics for diverse audiences

Responsibilities

• Lead the governance framework for cloud, container, orchestration, and AI security ensuring alignment with regulatory expectations, audit requirements, and internal control frameworks
• Drive the development, simplification, and consolidation of policies and standards across cloud, containerization, virtualization, orchestration, and AI/ML platforms
• Act as the authoritative reviewer for third-party governance responses, assessing non-conforming items and partnering with SMEs
• Execute structured governance review cycles with engineering leaders for security tooling, guardrails, and platform standards
• Represent Information Security in Bank-wide and cross-functional working groups providing strong views on secure-by-design principles
• Improve governance workflows for scale and consistency supporting growth, resiliency, and engineer-friendly execution