Enterprise Cyber Security Solution Architect

Enterprise Cyber Security Solution Architect

Company:
Tampa Electric Company

Location:

Bearss Operations Center, Ybor City, Florida

Shift: 4 days per week in office / 1 remote

Hiring Manager: [[hiring

Manager

Name]]

Recruiter:
Mark Koener

The Enterprise Cyber Security Solution Architect is responsible for designing, maturing, and governing enterprise‑wide cybersecurity solutions that protect Tampa Electric’s critical information assets and infrastructure. This role serves as a solution architect and technical authority, defining future state architectures, security standards, and multi‑year roadmaps while partnering with engineering teams, system integrators, and Managed Security Services for execution and operations.

This position provides architectural leadership across Identity and Access Management (IAM) and Identity Governance (IGA), Privileged Access Management (PAM), Data Loss Prevention (DLP), Application Security, Public Key Infrastructure (PKI), and other cross‑tower cybersecurity capabilities. The role focuses on architecture, integration, and governance and does not perform hands‑on implementation or day‑to‑day administration.

• Responsible for the enterprise architecture, strategy, and maturity of IAM and IGA capabilities.
• Define and maintain IAM and IGA reference architectures, standards, and roadmaps aligned with Zero Trust and least‑privilege principles.
• Provide solution architecture leadership for Microsoft Entra , including passwordless authentication, Conditional Access, advanced SSO, and identity federation patterns.
• Architect and mature Saviynt IGA capabilities, including RBAC models, enterprise role catalogs, entitlement management, and access certifications.
• Design identity controls to mitigate BYOD exposure, leveraging Conditional Access, session controls, and device trust strategies.
• Lead enterprise integrations with Cyber Ark PAM, Service Now, SAP, and other business applications.
• Govern non‑human and workload identities in coordination with PAM and IGA platforms.

• Serve as the enterprise PAM solution architect and design authority.
• Define and lead the PAM maturity roadmap, supporting pilot deployments, enterprise rollout, and transition to MSS operations.
• Architect advanced Cyber Ark capabilities including privileged session recording, Secure Credential Access, Secure Web Access, Just‑In‑Time provisioning, access decoupling, and excessive privilege reduction.
• Establish PAM reference architectures and standards across on‑premises, cloud, hybrid, and OT environments.
• Provide architectural oversight and governance to system integrators to ensure scalable, secure, and compliant solutions.

• Serve as the solution architect for enterprise DLP capabilities, including Microsoft Purview.
• Define architectural patterns for data classification, labeling, and protection across email, endpoints, cloud services, and data at rest.
• Align DLP designs with IAM, Conditional Access, and data governance requirements.
• Partner with Legal, Compliance, and Risk teams to ensure solutions meet regulatory and privacy requirements.

• Define secure application reference architectures, design patterns, and secure coding standards.
• Partner with development and Dev Ops teams to integrate security into the Software Development Lifecycle through design reviews and secure‑by‑design principles.
• Provide architectural guidance for authentication, authorization, and secure data handling aligned with IAM, PAM, and DLP strategies.
• Support application security risk assessments and security architecture reviews for business‑critical and high‑risk systems.

• Provide architectural leadership and governance for enterprise PKI and certificate lifecycle management.
• Define standards for certificate issuance, renewal, revocation, and automation.
• Support certificate‑based authentication strategies, including passwordless initiatives.