Vacancies at Google

Minimum qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, a related technical field, or equivalent practical experience.
• 8 years of experience in a customer-facing advisory role designing multi-cloud environments (e.g., IaaS, PaaS, and SaaS).
• Experience in defining secure architectural patterns and integrating security practices across the software development lifecycle (DevSecOps).
• Experience automating security controls and processes, including Infrastructure as Code (IaC) tools.
• Experience in critical security domains (e.g., network security, identity security, data security, application security).
• Previous or currently active UK Developed Vetting (DV) security clearance.

Preferred qualifications:

• Certifications in CISSP, CCSP, or relevant cloud-specific security credentials.
• Experience leading comprehensive threat modeling exercises and conducting detailed risk assessments for customer systems to identify security vulnerabilities.
• Experience in securing modern cloud-native architectures, including containerisation technologies (e.g., Kubernetes, Docker) and serverless computing.
• Experience in evaluating the integration of a range of security tools, such as SIEM, WAF, DLP, and CSPM.
• Understanding of security concerns associated with Generative AI and suitable mitigation strategies.
• Ability to articulate security concepts and recommendations to both technical and non-technical executive stakeholders.

About the job

The UK Security Operations (SecOps) team in Google Public Sector delivers, operates and secures private cloud services. We aim to provide the flexibility, reliability, and scalability of public cloud for customers with exceptionally high security requirements that can only be met in a private cloud environment. We deliver and operate these private cloud deployments for the most critical customers, helping scale, secure and maintain the deployment whilst working closely with Google product teams to continually improve our technology. This Principal Security Architect role is pivotal in supporting and guiding Google's public sector customers by acting as their executive, trusted security advisor.

As a Principal Security Architect, you will directly advise customers at all levels, from C-suite to engineering, on security best practices, risk management, and compliance. You will be a key advisor and a primary point of contact for customer security strategy, translating technical concepts into clear, actionable recommendations. You will focus on building trusted relationships, fostering customer confidence, and ensuring their long-term success and security on our cloud services.

In this role, you will be responsible for collaborating with and guiding customers on the development and implementation of comprehensive security architectures on Google's cloud platforms. This involves defining secure patterns, standards, and best practices that ensure their infrastructure, applications, and data are resilient against evolving threats. You will provide architectural leadership for customer initiatives, conducting thorough security reviews of customer designs, and identifying opportunities to improve their security posture.

Responsibilities

• Act as the primary trusted security advisor for key public sector customers, providing consultation on security architecture, risk management, and compliance.
• Build and maintain, collaborative relationships with customer stakeholders (from technical teams to C-level), understanding their unique security needs and effectively communicating Google's security capabilities and best practices.
• Lead the design and review of secure solutions for customers on cloud platforms, ensuring secure configurations and demonstrating compliance pathways. Foster a security-aware culture within customer organisations, advocating security-by-design principles.
• Guide customers on security best practices, including embedding security into their CI/CD pipelines (DevSecOps) and adopting security automation.
• Guide customers in identifying, assessing, and mitigating cloud security risks specific to their environments and workloads. Translate security standards and regulations into practical, achievable implementation plans for customer architectures.

go to method of application »

Minimum qualifications:

• Bachelor's degree or equivalent practical experience.
• 10 years of experience in global compliance and risk management.
• Experience with anti-bribery laws compliance (e.g., the U.S. Foreign Practices Act, U.K. Bribery Act, etc.).
• Experience advising business teams on embedding controls (anti-bribery controls) into business operations.
• Experience with corporate compliance initiatives in the EMEA region.
• Experience in compliance program management principles, risk assessment methodologies, and internal control frameworks.

Preferred qualifications:

• Certification in Fraud Examiner (CFE), Certified Public Accountant (CPA), or Certified Internal Auditor (CIA).
• Experience with developing and implementing tooling for compliance frameworks.
• Knowledge of corporate compliance governance and infrastructure.
• Ability to identify potential risks and develop innovative solutions to ensure ongoing compliance and mitigate potential issues.
• Ability to communicate in English and one or more EMEA languages (i.e., Spanish, Italian, etc.) fluently to engage with local business stakeholders, supervisory boards, and external partners.

About the job

The Google Compliance team makes sure that our business is always consistent with the current financial regulations. Comprised of multitaskers, this team balances Google's legal and compliance requirements with the dynamic needs of our users and the values of our company. As part of this team, you proactively identify pain points and gaps in existing policy frameworks and find innovative solutions. You develop efficient compliance systems and work with teams to implement these across the organization. You are thorough in all you do and see to it that as Google pursues our next big idea, we always have our bases covered.

Ethics and Business Integrity (EBI) sits within the Risk, Compliance and Integrity (RCI) organization at Google. The global team leads a number of enterprise-wide regulatory compliance programs, including the anti-bribery compliance program, and helps shape Google's ethical culture to ensure the company effectively and meaningfully fulfills its social responsibility. The anti-bribery team is rooted in compliance with the Foreign Corrupt Practices Act (FCPA) and other global and local anti-bribery and corruption laws, but goes beyond compliance to address emerging risks and implement industry best practices.

Responsibilities

• Provide compliance guidance to internal clients on anti-bribery related issues and company policies.
• Provide program management and compliance advisory support in connection with regional compliance issues (e.g., member state implementation of European Union directives).
• Assist with various third-party risk mitigation activities, including in connection with anti-bribery due diligence processes and third-party audits.
• Continue assess anti-bribery risk in the EMEA region, including by assisting with regional risk assessment reviews and executing appropriate mitigation actions.
• Assist with other EBI program priorities, including regional government agreement issues, campaign finance for local elections, and ethical culture initiatives.