Principal Cybersecurity Architect, Third-Party Assurance

About The Position

Requirements

• 10 years of professional experience in cybersecurity, with demonstrated experience in senior technical or architecture-focused positions.
• Proven ability to assess and articulate the cybersecurity control maturity of complex technology environments, including enterprise, cloud-native, and hybrid architectures.
• Deep, hands-on expertise in cybersecurity architecture, threat modelling, and designing or evaluating secure controls for enterprise-level solutions.
• Strong understanding of industry cybersecurity frameworks and key control domains, including NIST CSF, ISO 27001, Federal Financial Institutions Examination Council (FFIEC) guidance, SOC 2, and GDPR.
• Thorough design and operational experience across one or more major public cloud providers, including AWS, Azure, or Google Cloud.
• Proficiency with Cloud Security Posture Management tools and cloud security assessment methodologies.
• Demonstrated ability to translate complex cybersecurity and technical findings into clear, business-relevant communications for audiences ranging from technical practitioners to executive and non-technical stakeholders.

Nice To Haves

• Relevant cloud or cybersecurity certifications such as CISSP, CCSP, or cloud provider certifications from AWS, Azure, or Google Cloud.
• Experience conducting cybersecurity assessments in support of strategic technology initiatives, such as blockchain, digital assets, or emerging technology platforms, including engagement at senior leadership forums.
• Demonstrated ability to influence and negotiate with external suppliers and internal senior stakeholders to drive remediation outcomes and control improvements without direct authority.
• Experience operating within or supporting a full lifecycle assessment model, with the ability to engage independently with suppliers and subject matter experts from an early stage while managing multiple concurrent assessments.

Responsibilities

• Provide authoritative technical leadership across third-party cybersecurity assessments, bringing deep expertise in cybersecurity architecture, cloud-native and hybrid environments, application security, and enterprise control domains.
• Lead and personally conduct in-depth technical evaluations of supplier cybersecurity posture, control maturity, and architectural resilience, particularly for the firm's most critical and complex third-party relationships.
• Perform threat modelling against supplier environments to identify potential security risks and develop mitigation strategies tailored to the firm's risk appetite.
• Evaluate supplier security architectures across public cloud providers (AWS, Azure, Google Cloud), assessing the design and effectiveness of controls in cloud-native, hybrid, and on-premises environments.
• Act as the senior technical escalation point for complex supplier risks, control gaps, and remediation strategies, providing credible challenge and expert advisory input.
• Drive the evolution of the third-party assurance methodology by embedding deeper technical assessment capabilities, including architecture reviews, threat modelling, and cloud security posture evaluation.
• Translate complex technical cybersecurity risks and supplier control deficiencies into clear, actionable, business-relevant insights for senior leadership and non-technical audiences through detailed reports and presentations.
• Partner with Product Security, Cybersecurity Architecture, Technology Risk and Controls, and Cybersecurity pillar leads to ensure alignment in control intent, solution design, and third-party risk remediation.
• Lead thematic analysis to identify systemic technical weaknesses, emerging risks, and trends across the supplier landscape, and recommend strategic remediation approaches.