Summary
Overview
Work History
Skills
Certification
Websites
Timeline
Hi, I’m

Pavan Kumar Shambhu

Cloud Governance & Security Engineer
Stockholm, Sweden
Pavan Kumar Shambhu

Summary

Cloud Governance and Security Engineer with 13+ years of experience enabling secure, compliant, and cost-optimized multi-cloud environments across AWS, GCP, and Azure. Specialized in cloud strategy, Governance frameworks, IAM and FinOps. Proven success leading ISO 27001 readiness, driving SSO-based IAM federation (Azure Entra ID + AWS SSO), standardizing multi-account architectures with SCP guardrails, GCP Landing zone and operating CSPM platforms (Prisma Cloud, Wiz). Experienced in Terraform-driven IaC and cross-functional leadership with Security, Audit and Finance teams to deliver compliant and scalable cloud foundations.

Overview

16
years of professional experience
6
Certifications

Work History

Sinch (RTC Team → Cloud Governance Team)

Cloud Governance & Security Engineer
11.2019 - Current

Job overview

  • Led ISO 27001 audit readiness for RTC within 3.5 months, translating ISMS audit controls into actionable requirements.
  • Conducted AWS security posture assessments using open-source tooling to identify misconfigurations and prioritize remediations.
  • Implemented compliance and visibility services (Config, GuardDuty, Security Hub, Inspector, SSM Session Manager) via Terraform.
  • Designed observability and alerting by integrating AWS Security Hub and GuardDuty events into Datadog dashboards.
  • Co-founded Sinch’s Global Cloud Governance Team to drive account consolidation, Guardrails and FinOps practices from Jan 2021.
  • Designed and implemented SSO-based access integrating AWS SSO with Azure Entra ID via Terraform; migrated users to federated logins.
  • Trained and coordinated 15+ teams on IAM workflow adoption ensuring consistent access management across AWS accounts.
  • Architected AWS multi-account organization structure with segmentation, tagging, cost-center alignment, and SCP enforcement.
  • Led GCP Landing Zone deployment using Google Fast Fabric (Terraform) with Google Enterprise Support and Rackspace,implementing Org policies, Tag frameworks and centralized logging.
  • Conducted Game Days across teams to identify and clean up misconfigured or unused resources, improving security posture and reducing costs.
  • Apptio Cloudability for FinOps – analyzed cost anomalies, converted recommendations into actionable tasks and enabled RBAC-based team access for cost tracking.
  • Evaluated and implemented Prisma Cloud (CSPM/CWPP), later led migration to Wiz, maintaining alerting and grouping structures.
  • Supported external penetration testing by providing inventories of public AWS resources across accounts.
  • Developed and implemented security policies to safeguard cloud infrastructure.
  • Collaborated with cross-functional teams to enhance security protocols.
  • Evaluated and integrated security tools for improved threat detection.

Cognizant & Hays (Client: UBS AG)

DevOps Engineer / Linux System Administrator
04.2017 - 10.2019

Job overview

  • Part of Cognizant’s AWS strategic Cloud team driving client cloud adoption initiatives.
  • Trained and certified in AWS Cloud technologies as part of Cognizant’s cloud consulting program.
  • Involved in Proofs of Concept (POCs) for enterprise clients, architecting secure and scalable solutions on AWS.
  • Collaborated with cross-functional teams to validate migration approaches and design cloud-ready infrastructures.

Cognizant (Client: UBS AG)

System Administrator
12.2010 - 03.2017

Job overview

  • Administered Unix/Linux servers globally. Delivered incident/change management, performed OS upgrades, patching,Storage migration and physical-to-virtual migrations.

Rofous (Client: Google Maps)

GIS Specialist
04.2010 - 10.2010

Job overview

  • Developed and validated map data using Ground Truth tools and satellite imagery.

Skills

Cloud platform management: AWS (Organizations, SCPs, Config, GuardDuty, Security Hub,SSO), GCP (IAM, Org Policies), Azure (Entra ID)

Governance & Security: IAM Federation, CSPM/CWPP, ISO 27001, CIS & NIST Frameworks, SCP Guardrails, FinOps

Automation & Infrastructure: Terraform, CloudFormation, Ansible, CI/CD (GitLab)

Observability & Monitoring: Datadog, AWS CloudWatch, Prisma Cloud, Wiz

Scripting: Python, Bash, YAML

Certification

AWS Certified Cloud Practitioner

Websites

Timeline

Cloud Governance & Security Engineer

Sinch (RTC Team → Cloud Governance Team)
11.2019 - Current

Red Hat Specialist in Ansible Automation

08-2018
AWS Certified Cloud Practitioner
04-2018

DevOps Engineer / Linux System Administrator

Cognizant & Hays (Client: UBS AG)
04.2017 - 10.2019

Red Hat Certified Engineer (RHEL 6)

01-2013

Red Hat Certified System Administrator

01-2013

System Administrator

Cognizant (Client: UBS AG)
12.2010 - 03.2017

GIS Specialist

Rofous (Client: Google Maps)
04.2010 - 10.2010
Pavan Kumar ShambhuCloud Governance & Security Engineer