Position Overview

We are seeking an experienced Cyber Security Architect to lead the organization’s security strategy and operations. This role is the primary liaison for senior stakeholders, responsible for architecting and maintaining comprehensive security frameworks across product development and operations. The ideal candidate combines deep technical expertise with strong leadership to mentor the Cyber Security Analysts team and champion security excellence organization-wide.

Key Responsibilities

Strategic Leadership & Governance

• Define and drive the security vision, strategy, and roadmap aligned with business objectives; present posture, risk assessments, and recommendations to executive leadership.
• Lead governance initiatives; establish and maintain security policies, standards, guidelines, and certifications.
• Manage security budget, resource allocation, and vendor relationships.

Team Leadership & Mentorship

• Lead, manage, and mentor the Cyber Security Analysts team; provide technical guidance and professional development opportunities.
• Foster a culture of security awareness through regular knowledge-sharing sessions, training programs, and a security champions program across engineering teams.
• Build and scale the security team in line with organizational growth and the evolving threat landscape.

Security Architecture & Engineering

• Design and implement security architectures for cloud, on-premises, and hybrid environments; define and enforce secure architecture patterns, reference architectures, and design principles.
• Conduct architecture reviews for new products, features, and infrastructure changes; evaluate and recommend security technologies and solutions.
• Establish and maintain security baselines, hardening standards, and configuration management practices.

Application Security, Secure SDLC & DevSecOps

• Implement and mature Secure SDLC processes; oversee SAST, DAST, and SCA programs; lead threat modelling for critical applications; establish secure coding standards and drive vulnerability remediation.
• Champion DevSecOps practices: integrate security controls and automated testing into CI/CD pipelines; implement IaC security scanning, container/Kubernetes security, and security monitoring/alerting.
• Drive security automation initiatives to improve efficiency and reduce manual effort.

Compliance & Risk Management

• Lead compliance initiatives for ISO 27001, SOC 2, GDPR, FIPS, STIG, and other applicable standards; support audits and maintain compliance evidence and documentation.
• Ensure adherence to regulatory requirements; manage security certifications and attestations.

Incident Response & Threat Intelligence

• Lead incident response for security events and breaches; develop and maintain incident response plans, playbooks, and post-incident reviews.
• Stay current with threats, vulnerabilities, and attack vectors; establish threat intelligence capabilities and integrate threat feeds; monitor global incidents and assess organizational impact.

Cross-Functional & Customer Engagement

• Drive security initiatives across DevOps, QA, Product Architecture, and Development teams — covering automation, infrastructure security, secrets management, testing integration, secure coding, and architecture reviews.
• Serve as primary contact for customer security inquiries; support sales/pre-sales activities, participate in security assessments and questionnaires, and represent the organization at industry forums.
• Define security metrics and KPIs; conduct regular assessments and gap analyses; drive continuous maturity improvements and foster innovation in tools, techniques, and methodologies.

Required Qualifications

Experience

• 12+ years of progressive experience in information security, with 5+ years in security architecture and 3+ years leading/managing security teams.
• Proven track record building and scaling security programs in product-based organizations.
• Extensive hands-on experience with application security, cloud security, DevSecOps, SAST/DAST/SCA, penetration testing, and compliance program management (ISO 27001, SOC 2, GDPR, etc.).
• Demonstrated experience in stakeholder management and executive-level communication.

Technical Expertise

• Security architecture frameworks: NIST; OWASP Top 10; others applicable; secure coding principles.
• Cloud security (AWS, Azure, GCP) and cloud-native tools; container and Kubernetes security.
• Security tooling: SIEM, IDS/IPS, WAF, DLP, EDR, vulnerability scanners; network security, cryptography, and IAM.
• DevSecOps and CI/CD security integration; IaC tools (Terraform, CloudFormation, Ansible).
• Programming/scripting familiarity: Python, Java, Go, Bash, PowerShell.

Certifications

• Required (one or more): CISSP, CISM, or CCSP
• Optional: CEH, OSCP, CREST, GIAC (GWAPT, GPEN, GCIH), AWS/Azure/GCP Security Certifications

Soft Skills & Attributes

• Exceptional leadership, team management, and communication skills for both technical and non-technical audiences.
• Strategic thinking with business acumen; ability to influence and drive change across organizational boundaries.
• Problem-solving mindset, attention to detail, ability to work under pressure and manage multiple priorities.
• Collaborative, customer-focused, and a continuous learner with passion for staying current with the evolving threat landscape.

Education

Bachelor’s or Master’s degree in Computer Science, Information Security, Cybersecurity, or a related field. Equivalent combination of education and experience considered.