diff --git a/groups/sig-release/groups.yaml b/groups/sig-release/groups.yaml
index 7a23ae00387..377200b1d2c 100644
--- a/groups/sig-release/groups.yaml
+++ b/groups/sig-release/groups.yaml
@@ -115,7 +115,6 @@ groups:
       - k8s-infra-prow-oncall@kubernetes.io
       - k8s-infra-release-editors@kubernetes.io
       - ameukam@gmail.com
-      - prow-build@k8s-infra-prow-build.iam.gserviceaccount.com
 
   - email-id: k8s-infra-staging-cip-test@kubernetes.io
     name: k8s-infra-staging-cip-test
diff --git a/infra/gcp/ensure-staging-storage.sh b/infra/gcp/ensure-staging-storage.sh
index 01058890675..8d5c91cdb01 100755
--- a/infra/gcp/ensure-staging-storage.sh
+++ b/infra/gcp/ensure-staging-storage.sh
@@ -274,3 +274,15 @@ for repo in "${WINDOWS_REMOTE_DOCKER_PROJECTS[@]}"; do
         done
     ) 2>&1 | indent
 done
+
+# Special case: In order for ci-kubernetes-build to run on k8s-infra-prow-build,
+#               it needs write access to gcr.io/k8s-staging-ci-images. For now,
+#               we will grant the prow-build service account write access. Longer
+#               term we would prefer service accounts per project, and restrictions
+#               on which jobs can use which service accounts.
+color 6 "Configuring special case for k8s-staging-ci-images"
+(
+    PROJECT="k8s-staging-ci-images"
+    SERVICE_ACCOUNT=$(svc_acct_email "k8s-infra-prow-build" "prow-build")
+    empower_svcacct_to_write_gcr "${SERVICE_ACCOUNT}" "${PROJECT}"
+)