Lead the architecture and implementation of GCP Entitlement and Access Control systems, including IAM policies, service account governance, and least-privilege access models
Design and deliver a self-serve Landing Zone framework that enables Platform Engineering teams to provision and manage cloud environments consistently and at scale
Co-lead delivery of a Platform Ops Portal, covering management functions such as environment provisioning, access requests, cost visibility, and operational workflows
Partner with client engineering and security teams to align the access control model with regulatory and compliance requirements in a financial services context
Define and enforce GCP governance guardrails, including organization policies, resource hierarchy design, and VPC Service Controls
Drive technical review, identify gaps, and shape the delivery approach before the project kicks off
Enable internal teams through documentation, runbooks, and knowledge transfer that outlast the engagement Requirements
7+ years in cloud engineering or architecture, with at least 4 years hands-on with GCP in a lead or architect capacity
Deep expertise in GCP IAM, including workload identity, service account management, custom roles, and policy inheritance
Proven experience designing Landing Zones or platform engineering frameworks on GCP (Cloud Foundation Toolkit, blueprints, or equivalent)
Experience building or contributing to internal developer portals or Platform Ops tooling (Backstage, custom portals, or similar)
Strong command of Infrastructure-as-Code, primarily Terraform on GCP
Ability to engage directly with client stakeholders and translate technical architecture decisions into clear recommendations
Nice to Have Experience with GCP Security Command Center, Chronicle, or Access Transparency
Familiarity with GCP Assured Workloads or sovereign cloud configurations for regulated industries
Background in multi-cloud environments where GCP is the primary landing zone
Google Cloud Professional certifications (Cloud Architect, Security Engineer, or equivalent)