Lead Cyber Security Architect

McKessonRichmond, VA
$143,000 - $238,400Onsite

About The Position

The Lead Cyber Security Architect is a senior, advanced-skill role responsible for establishing and evolving MMS security architecture, patterns, and guardrails that protect the business while enabling speed and innovation. This role partners with the Chief Information Security Officer (CISO), Technology Senior Leadership, audit/compliance, product and application owners, infrastructure, and security engineering/operations teams to drive consistent security outcomes across the enterprise. This role provides expert guidance on current security issues while anticipating where threats and technology are heading to proactively shape MMS security strategy. The Lead Cyber Security Architect is expected to think like an adversary, translate business objectives into security architecture decisions, and define target-state architectures and roadmaps. As a Lead (P5), this role sets standards and raises the bar through mentoring and coaching, critical review of deliverables, and driving measurable improvements in risk reduction and control effectiveness. The architect leads through influence (often without direct people-management authority) and ensures security architecture decisions are documented, communicated, and adopted across delivery teams.

Requirements

  • Degree or equivalent and typically requires 10+ years of relevant experience. Less years required if has relevant Master’s or Doctorate qualifications
  • 10+ years in cybersecurity with 5+ years in security architecture, including risk management and compliance.
  • Demonstrated ability to lead complex initiatives, drive alignment, and coach others while delivering measurable security outcomes.
  • Hands-on security architecture experience, including designing guardrails/reference architectures and driving adoption across multiple teams.
  • Demonstrated experience designing security controls for sensitive data (PII/PHI) and supporting audits and compliance efforts through strong documentation and evidence-based controls.
  • Zero Trust and IAM/PAM (workforce and customer identity) design at scale; demonstrated ability to define and implement enterprise guardrails, including policy-as-code and standardized identity/network patterns.
  • Proven stakeholder leadership able to lead planning and architecture discussions, incorporate reviewer feedback, and obtain alignment and approvals for secure solutions.
  • Experience with modern security platforms and automation (e.g., SIEM, EDR/XDR, SOAR, secrets management, and data protection) plus scripting/automation to scale controls.
  • Strong background in technology design, implementation, and delivery (cloud, networking, identity, endpoint, and application platforms), with the ability to translate business requirements into secure reference architectures and pragmatic implementation plans.
  • Deep expertise in security controls and architecture domains: IAM (including privileged access), network security, encryption/key management, secrets management, application security, vulnerability management, logging/monitoring, and security posture management across public cloud and hybrid environments.
  • Ability to communicate technical risk and tradeoffs in business terms, influence decisions at multiple levels, and facilitate productive outcomes across security, engineering, and business stakeholders.
  • Experience improving detection and response capabilities at scale (SIEM, EDR/XDR, SOAR, threat intelligence), including driving architectural remediation and hardening based on incidents and post-incident reviews.
  • Proven ability to define and operationalize security standards, patterns, and guardrails (including exception processes), and to ensure adoption through reviews, coaching, documentation, and automation.
  • Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and holding a high bar for quality through critical self-review and thoughtful peer review.
  • Hands-on ability to automate and enable teams through scripting and infrastructure-as-code (e.g., Bash, Python, PowerShell) and policy-as-code approaches.
  • Experience designing for cyber resilience (disaster recovery, business continuity, backup/restore security, and ransomware recovery considerations).
  • Working knowledge of common security and risk frameworks and regulations relevant to healthcare and enterprise environments (e.g., NIST, ISO 27001, HITRUST, HIPAA/HITECH, PCI DSS, SOX, GDPR, SOC 2).
  • Working knowledge of Windows, Linux, and container platforms (e.g., Kubernetes) and modern application patterns (API-based integrations, microservices, and serverless) sufficient to guide secure designs.
  • Strong strategic and tactical decision-making, including the ability to assess tradeoffs, define compensating controls, and drive decisions to closure.
  • Experience collaborating with offensive/defensive security teams (e.g., purple teaming) to validate controls and translate findings into architectural improvements.
  • Highly trustworthy; leads by example and builds credibility through consistent follow-through and high-quality deliverables.
  • Bachelor’s degree in computer science, information security/assurance, MIS, engineering, or related field; or equivalent practical experience.
  • CISSP (required).
  • Preferred: CISM, GIAC/SANS certifications, and/or relevant cloud security certifications.
  • TDR/SecOps certifications (a plus): Google Cloud Professional Cloud Security Engineer and/or Associate Cloud Engineer, Google Professional Cloud DevOps Engineer, and/or GIAC certifications (e.g., GSEC, GCIH) depending on role focus.
  • and/or cloud/security engineering certifications aligned to the teams platforms.

Nice To Haves

  • Preferred: CISM, GIAC/SANS certifications, and/or relevant cloud security certifications.
  • TDR/SecOps certifications (a plus): Google Cloud Professional Cloud Security Engineer and/or Associate Cloud Engineer, Google Professional Cloud DevOps Engineer, and/or GIAC certifications (e.g., GSEC, GCIH) depending on role focus.
  • and/or cloud/security engineering certifications aligned to the teams platforms.

Responsibilities

  • Own and evolve MMS security architecture reference patterns and guardrails across cloud, network, identity, endpoint, application, and data protection; ensure designs are secure-by-design and compliant-by-design.
  • Lead architecture reviews for key initiatives (new platforms, major applications, third-party integrations, and B2B/B2C capabilities); document decisions, risks, exceptions, and required compensating controls.
  • Translate security policy, risk, and regulatory obligations into practical engineering requirements, reusable design standards, and implementation guidance (e.g., templates, runbooks, and secure reference implementations).
  • Define target-state security architecture and roadmaps; drive organizational alignment and prioritization with security, technology, and business stakeholders.
  • Embed security in delivery through DevSecOps: advise on CI/CD controls, infrastructure-as-code, policy-as-code, secrets management, and secure SDLC practices; partner with engineering teams to increase automation and reduce friction.
  • Establish measurable security architecture outcomes (e.g., coverage of guardrails, reduction in high-risk exceptions, control adoption, improved detection/response maturity) and use metrics to guide continuous improvement.
  • Mentor and coach architects and engineers; perform critical self-review and peer review of deliverables to ensure high quality, accuracy, and alignment to enterprise security standards.
  • Design and maintain cloud security architecture patterns and guardrails (e.g., IAM and privileged access, organization policies, network segmentation, encryption and key management, logging/monitoring, vulnerability management, and posture management) with clear implementation guidance for delivery teams.
  • Perform other duties as assigned.

Benefits

  • We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards.
  • This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets.
  • The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations.
  • In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.
  • For more information regarding benefits at McKesson, please click here.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service