Cybersecurity Architect

Summary

The Cybersecurity Architect leads and supports the Chief Information Security Officer in maintaining visibility and providing oversight and guidance of technical cybersecurity aspects of projects, products, systems, applications, and services. This position collaborates with the Enterprise Architecture team to understand business goals and objectives and provide leadership to guide technology toward secure configuration and management. It also creates deliverables for managing the security architecture of systems and technology throughout the organization.

• Leads the development of roadmaps for strategic planning and long‑term goals, ensuring technology is designed and implemented according to cybersecurity best practices and sound enterprise architecture principles for all environments, including cloud and on‑premises infrastructure.
• Creates governing cybersecurity architecture standards, including practices for data encryption and tokenization based on the organization's data classification criteria.
• Collaborates with the management team to develop or recommend updates to cybersecurity standards to be reviewed and approved by executive management and/or formally authorized by the Chief Information Security Officer (CISO).
• Leads the creation, development, and maintenance of security architecture artifacts (models, templates, standards, and procedures), leveraging the Enterprise Architecture tool to integrate security capabilities in projects and operations.
• Identifies needs and leads the performance of appropriate security reviews, identifying gaps in security architecture, and developing a security risk management plan for addressing these gaps.
• Validates IT infrastructure and other reference architectures for security best practices and recommends changes to enhance security and reduce risks.
• Establishes and builds relationships with the Enterprise Architecture team to develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities aligned with business, technology, and threat drivers.
• Establishes and builds relationships with IT management and teams to foster a collaborative environment for defining and ensuring systems are built to baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, identity and access management (IAM), and cloud deployments.
• Guides collaboration and coordination with data, security, and architecture teams to document data flows of sensitive information (e.g., PII or ePHI) and recommend controls to ensure adequate security (e.g., encryption and tokenization).
• Leads the research and coordination with vendor management (VM) teams’ security assessments of new, prospective, or emerging technologies, especially those with which the organization shares intellectual property (IP) and regulated or protected data.
• Evaluates statements of work (SOWs) and master services agreements (MSAs) to ensure adequate security protections.
• Liaises with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security‑related controls.

• Knowledge and experience with financial regulations such as PCI‑DSS, SOX, GLBA, NIST Cybersecurity Framework, CIS Critical Security Control, and other cybersecurity frameworks, architecture, and technology.
• Experience in using architecture frameworks such as TOGAF.
• Direct, hands‑on experience or strong working knowledge of managing security infrastructure such as firewalls, intrusion prevention systems (IPS), web application firewalls (WAF), endpoint protection, SIEM and log management technology, and vulnerability management tools.
• Knowledge of defense in depth and zero‑trust network architecture (ZTNA).
• Full‑stack knowledge of IT infrastructure: applications, databases, operating systems (Windows, Unix, Linux), hypervisors, IP networks (WAN and LAN), storage networks (Fibre Channel, iSCSI, NAS), backup networks and media, containers/Kubernetes, public cloud services, and securing public cloud services.
• Knowledge of various aspects of an enterprise technology…