Designate an account as the delegated Amazon GuardDuty administrator account, enable GuardDuty for all accounts in the organization, create an SNS topic in the GuardDuty administrator account, subscribe the SecOps team's email to the SNS topic, and create an Amazon EventBridge rule in the same account with an event pattern for GuardDuty findings targeting the SNS topic.

Create an AWS CloudFormation template that sets up an SNS topic and subscribes the SecOps team’s email to it, includes an Amazon EventBridge rule with an event pattern for CloudTrail activity related to s3:PutBucketPublicAccessBlock, and deploys the stack to all accounts in the organization using CloudFormation StackSets.

Enable AWS Config across the organization, create an SNS topic in the delegated administrator account, subscribe the SecOps team's email to the SNS topic, and deploy a conformance pack using the s3-bucket-level-public-access-prohibited AWS Config managed rule in each account, with an AWS Systems Manager document to publish an event to the SNS topic notifying the SecOps team.

Enable Amazon Inspector across the organization, create an SNS topic in the Amazon Inspector delegated administrator account, subscribe the SecOps team’s email to the SNS topic, and create an Amazon EventBridge rule in the same account with an event pattern for public network exposure of the S3 bucket, publishing an event to the SNS topic to notify the SecOps team.