Lead Information Security Architect

About The Position

Requirements

• 5 years of experience leading security architecture initiatives for an enterprise organization
• Prior experience designing, implementing, and managing security architecture standards to ensure compliance and to reduce risk to the bank

Nice To Haves

• 7+ years of experience leading security architecture for a mid-large sized financial institution
• Advanced knowledge and understanding of cloud security concepts - Azure, AWS, GCP, etc.
• One or more of the following certifications - CISSP, CCSP, TOGAF

Responsibilities

• Reviews the design and development of security models, along with establishing the procedures and guidelines for hardware, software and network security that support information security policies.
• Overseeing security awareness programs; educating and communicating to staff about information security polices, procedures, and practices.
• Crafts the organizational technology vision and information security principles and standards to ensure that the information security needs of the business are met.
• Reviews and implements the design for security solutions and champions them through the architectural portions of the software development life cycle process.
• Advises the selection decisions of security tools for use by various security teams and in the architecture review as the voice of security in the governance of the software development process as it relates to architectural elements.
• Serves as an internal information security consultant on the standards, complex issues and best practices to the organization.
• Coaches and delegates work to lower-level professionals to ensure high-quality and timely completion of projects while managing select projects and processes.
• Own and lead security architecture as a 1st Line of Defense function, accountable for proactive risk identification, control design, and secure technology enablement
• Define, implement, and maintain enterprise security architecture across applications, infrastructure, cloud, data, identity, and third‑party integrations
• Establish and enforce security architecture standards, patterns, and guardrails to ensure compliance with FFIEC, GLBA, SOX, and internal risk appetite
• Partner directly with engineering, product, and infrastructure teams to embed security-by-design and DevSecOps practices throughout the SDLC
• Serve as the authoritative approver for security architecture reviews, threat models, and risk assessments for new initiatives and material changes
• Drive adoption of Zero Trust principles, IAM, network segmentation, encryption, key management, and data protection architectures
• Translate regulatory, risk, and business requirements into pragmatic, scalable security solutions that enable business outcomes
• Provide architectural oversight for cloud migrations, fintech integrations, and vendor solutions, ensuring secure onboarding and ongoing risk management
• Actively support incident response, vulnerability prioritization, and security event remediation by addressing systemic and architectural weaknesses
• Mentor and technically lead security engineers, acting as a force multiplier for security maturity across the organization
• Collaborate with 2nd Line (Risk/GRC) and Audit teams while retaining ownership for control implementation and effectiveness