Sr Enterprise Cloud Architect – AWS Governance, Standards & FinOps

If you’re passionate about building a better future for individuals, communities, and our country—and you’re committed to working hard to play your part in building that future—consider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.

The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:
 

Pay Range: $157,000.00 - $243,400.00

Job Description

We are seeking a highly skilled Enterprise Cloud Architect – AWS Governance, Standards & FinOps to lead the design, implementation, and management of secure, scalable, and compliant cloud architectures. The ideal candidate will have extensive experience in cloud governance, security, multi-tenancy, compliance, and cost optimization within AWS environments.

This role requires a deep understanding of AWS security best practices, regulatory compliance frameworks, identity & access management, and cloud networking. The AWS Cloud Architect will work closely with DevOps, security, application, and infrastructure teams to establish cloud governance models while ensuring operational efficiency and security.

Key Responsibilities

Cloud Architecture & Design

• Design and implement highly available, scalable, and secure AWS cloud architectures for enterprise applications.

• Develop multi-tenant architectures, ensuring proper isolation, cost-efficiency, and security for different clients or business units.

• Architect AWS Landing Zones, Control Tower, and multi-account strategies for cloud governance.

• Optimize cloud resources for performance, reliability, and cost efficiency using AWS Well-Architected Framework principles.

Cloud Security & Compliance

• Implement AWS security controls such as IAM, AWS KMS, Security Hub, GuardDuty, AWS WAF, AWS Config, and CloudTrail.

• Develop and enforce cloud governance frameworks with proper security policies, access controls, and regulatory compliance.

• Ensure regulatory compliance (HIPAA, GDPR, SOC 2, ISO 27001, PCI DSS, FedRAMP, etc.) through security best practices and automation.

• Manage network security in AWS, including VPC design, firewall policies, network ACLs, private endpoints, VPNs, and transit gateways.

• Define and enforce IAM roles, policies, and permissions models across a multi-account AWS environment.

Multi-Tenancy & Cost Optimization

• Architect and implement multi-tenant solutions with proper tenancy models (e.g., shared vs. isolated resources).

• Implement cost allocation strategies using AWS tagging, cost and usage reports, and consolidated billing.

• Optimize cloud costs through auto-scaling, right-sizing, and AWS Savings Plans or Reserved Instances.

Automation & DevOps Integration

• Automate infrastructure provisioning using Infrastructure-as-Code (IaC) tools such as Terraform, AWS CloudFormation, or AWS CDK.

• Work closely with DevOps teams to integrate CI/CD pipelines, security controls, and monitoring solutions.

• Design and manage disaster recovery (DR) and high-availability (HA) strategies to ensure business continuity.

Monitoring & Incident Response

• Implement SIEM solutions and centralized logging for threat detection and incident response.

• Set up automated security monitoring with AWS CloudWatch, AWS Config, and AWS Security Hub.

• Define incident response plans, disaster recovery procedures, and security remediation workflows.

Collaboration & Leadership

• Provide technical leadership and mentorship to cloud engineers, developers, and security teams.

• Collaborate with stakeholders, business leaders, and compliance teams to align AWS strategies with business goals.

• Conduct architecture reviews, security assessments, and risk evaluations for cloud deployments.

• Stay updated on AWS advancements and industry trends to recommend best practices and new technologies.

Required Skills & Qualifications

• 10+ years of experience in cloud architecture and security, with at least 5+ years in AWS.

• Strong expertise in AWS Well-Architected Framework, AWS Organizations, SCPs, IAM, and Control Tower.

• Hands-on experience with multi-tenancy architectures and cost-effective multi-account AWS environments.

• Deep knowledge of AWS security services (IAM, KMS, GuardDuty, Security Hub, CloudTrail, AWS WAF, AWS Config, etc.).

• Strong experience with network architecture, including VPCs, security groups, NACLs, VPNs, Direct Connect, and Transit Gateway.

• Familiarity with Infrastructure as Code (IaC) tools like Terraform, AWS CloudFormation, and AWS CDK.

• Proven track record in cloud governance, security frameworks, compliance, and risk management.

• Knowledge of container orchestration (EKS, ECS, Kubernetes), serverless (Lambda, API Gateway), and microservices architectures.

• Experience integrating cloud logging and monitoring solutions (AWS CloudWatch, ELK stack, SIEM tools).

• Strong scripting and automation experience using Python, Bash, PowerShell, or AWS SDKs.

• Excellent problem-solving, communication, and leadership skills.

Preferred Certifications

• AWS Certified Solutions Architect – Professional

• AWS Certified Security – Specialty

• AWS Certified Advanced Networking – Specialty

• Certified Information Systems Security Professional (CISSP)

• Certified Cloud Security Professional (CCSP)

• AWS Certified DevOps Engineer – Professional

Preferred Skills

• Experience with infrastructure-as-code tools (e.g., Terraform, CloudFormation).

• Knowledge of container orchestration tools (e.g., Kubernetes, Docker).

• Experience working in highly regulated industries (e.g., finance, healthcare)

#LI-ZARD

Position & Application Details

Full-Time Regular Positions (classified as regular and working 40 standard weekly hours): This is a full-time, regular position (classified for 40 standard weekly hours) that is eligible for bonuses; medical, dental, vision, telehealth and mental healthcare; health savings account and flexible spending account; basic and voluntary life insurance; disability coverage; accident, critical illness and hospital indemnity supplemental coverages; legal and identity theft coverage; retirement savings plan; wellbeing program; discounted WGU tuition; and flexible paid time off for rest and relaxation with no need for accrual, flexible paid sick time with no need for accrual, 11 paid holidays, and other paid leaves, including up to 12 weeks of parental leave.

How to Apply: If interested, an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.

Additional Information

Disclaimer: The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive.

Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at recruiting@wgu.edu.

Equal Opportunity Employer: We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. #DEI