Principal Security Architect

Location:

Memphis, TN

Weekly

Schedule:

Monday
- Friday, 9am-5pm

• Manages solution design from conception, through ARB, to delivery
• Primarily responsible for producing architecture documentation for security applications as assigned and as projects and programs of work dictate
• Maintains First Horizon’s Security Architecture Pattern Inventory (across identity, data, application, network, and cloud) as a member of the Core Enterprise Architecture Team
• Leads security design workshops and POC efforts for new (security) capabilities
• Validates 3rd Party/Vendor Solutions for security concerns
• Aligns Information Security Technology strategy and planning with First Horizon’s business goals and objectives
• Promotes the use of a shared infrastructure and application roadmap to reduce costs and improve how assets are secured
• Builds and maintains technical trusted advisor relationships with influential technical decision makers within Technology
• Works with engineers to ensure that technical solutions as delivered align with Information Security Standards and Policies
• Works with Portfolio technology leaders to include IT Risk and Security Exception initiatives in portfolio roadmap
• Manage Encryption Standards: key management, tokenization for payments, DLP/classification/handling; architect PCI DSS segmentation boundaries and compensating controls
• Manage Network/Zero Trust Standards: microsegmentation across Azure and colocation; secure branch/office connectivity; define workload identity and continuous verification patterns; enforce least privilege
• Detection/telemetry:
  Publish Splunk logging schema, retention, and correlation strategies; onboard logs from Azure, Colo, API Gateways, IAM, Cyber Ark, MFaaS, and core platforms; drive ATT&CK‑aligned detections and forensic readiness
• Secure SDLC and supply chain:
  Operationalize threat modeling; collaboratively define CI/CD control overlays with Dev Ops; establish artifact signing/SBOM standards; ensure secrets handling and container/Kubernetes baselines where applicable
• Governance and risk:
  Maintain control overlays mapped to FFIEC/GLBA/PCI/NIST; lead design reviews; manage exceptions with remediation timelines; produce audit‑ready decision records in partnership with the CISO team
• Payments and third‑party/SaaS:
  Define intake and security requirements for MFaaS, Salesforce, Service Now, FIS/Fiserv/Bottomline integrations—identity, logging, data handling, and PCI scoping
• Physical security integration:
  Align building access, video, and visitor systems with identity and logging patterns; coordinate incident playbooks with Corporate/Physical Security
• Enablement and influence:
  Mentor senior architects and engineering associates; lead communities of practice; communicate strategy, benefits, and trade‑offs to executives and delivery teams

• Bachelor’s degree in Computer Science, Management Information Systems, or related field
• (12+) years of Information Security experience
• (7+) years of Security Architecture
• Experience in regulated financial services
• Experience with Azure security architecture across multi‑tenant/region and hybrid environments; strong Zero Trust and network segmentation expertise
• Regulatory fluency: FFIEC, GLBA, PCI DSS; practical NIST CSF/800‑53 mapping; MITRE ATT&CK‑aligned detection design
• Experience with technical documentation like interaction diagrams, process diagrams, network topologies and other architectural content
• Experience with Agile/SAFe methodologies
• Experience with Enterprise Architecture Governance: ARB/design councils, exception handling, and audit narratives; ability to set and harmonize enterprise standards

• Strongly preferred: CISSP or CompTIA Security+
• Microsoft Azure Security Engineer or Azure Solutions Architect Expert
• Preferred: CCSP; CISM or CRISC; SANS GCSA or GCLD; PCI Professional (PCIP) or equivalent GIAC enterprise defense/IR certifications

• Ability to adapt to new technologies and learn quickly
• Enterprise architectural leadership across identity, cloud, application, data, and network security
• IAM for associates (Entra , Active Directory) and clients (Transmit Security, Forge…