About your role:
The Global Enterprise Cybersecurity Architect is a senior-level role responsible for developing and overseeing the implementation of enterprise-wide security architecture strategies, ensuring alignment with business goals, regulatory mandates, and evolving threat landscapes. This role spans traditional data centers, hybrid environments, and multi-cloud infrastructures (AWS, Azure, GCP), and requires deep expertise in designing, securing, and governing complex enterprise systems at scale.
What you'll do:
1. Security Architecture & Strategy
- Define and maintain the global cybersecurity architecture framework across on-premises, private, public, and hybrid cloud environments.
- Lead the development of secure design patterns, architectural blueprints, and reference implementations aligned to Zero Trust, Secure-by-Design, and Defense-in-Depth principles.
- Translate business and regulatory requirements into secure solutions, ensuring consistent enforcement across geographies and platforms.
- Serve as the lead security architect in major digital transformation initiatives, including cloud migrations, SaaS adoption, and data center modernization.
2. Enterprise Governance & Policy Development
- Define enterprise security principles, standards, and policies; drive adoption across IT, business units, and DevOps teams.
- Collaborate with Compliance, Legal, Risk, and Internal Audit to ensure alignment with global regulatory frameworks (e.g., PCI DSS, NIST 800-53, ISO 27001, HIPAA, GDPR, CCPA).
- Lead threat modeling, security assessments, and control validations for emerging technologies (e.g., AI/ML, Kubernetes, APIs, IoT, data fabric).
3. Secure Infrastructure Design (On-Prem & Cloud)
- Architect secure data center network segmentation, privileged access zones, DMZs, and interconnects.
- Design and validate hardened configurations for physical and virtual systems, hypervisors, HCI platforms, and converged infrastructure.
- Build secure landing zones and cloud-native control planes with integrated IAM, logging, encryption, vulnerability management, and CSPM.
4. Security Technology Leadership
- Provide strategic direction for security tooling and platforms including SIEM/SOAR, DLP, PAM, EDR/XDR, CSPM, CWPP, CNAPP, IAM/IGA, certificate lifecycle management, and threat intelligence.
- Evaluate emerging cybersecurity technologies and drive proof-of-value pilots with innovation and engineering teams.
- Serve as an escalation point and SME during major cybersecurity incidents, ensuring root cause analysis and architecture-level remediation.
5. Cross-Functional Engagement
- Partner with infrastructure, DevSecOps, data, and application teams to embed security early into SDLC and infrastructure-as-code pipelines.
- Drive alignment with enterprise architecture, business continuity, and digital resilience programs.
- Mentor regional and domain-specific security architects, helping scale secure architecture expertise globally.
Experience you'll need to have:
Workforce Experience:
- 10+ years of progressive cybersecurity and enterprise architecture experience, with at least 5 years in a global or enterprise architect role.
Expertise across domains:
- On-premises and hybrid infrastructure (VMware, Cisco, F5, firewalls, identity stores)
- Public cloud platforms (AWS, Azure, GCP)
- Network security, IAM, encryption, segmentation, data loss prevention, and SIEM/SOAR
Certifications (strongly preferred):
- CISSP, CCSP, SABSA, TOGAF, AWS Certified Security – Specialty, Azure Security Engineer, or GCP Professional Cloud Security Engineer.
Regulatory knowledge:
- Familiarity with compliance frameworks (PCI DSS, NIST, ISO 27001, HIPAA, SOX, GDPR).
Soft Skills:
- Exceptional communication, stakeholder engagement, negotiation, and
- executive presentation abilities.
Tools & Languages (preferred):
- Terraform, YAML/JSON, Git, CI/CD pipelines, scripting (Python, Bash), Kubernetes security (OPA/Gatekeeper), cloud-native policy engines.
Experience that would be great to have:
- Experience architecting secure AI/ML environments, data platforms, or cybersecurity data fabrics.
- Strong understanding of Zero Trust architectures, Secure Access Service Edge (SASE), and Identity Fabric concepts.
- Demonstrated ability to operate globally across matrixed organizations and influence without direct authority.
R-10372274
