Principal, Information Systems Security

American Red Cross

1d•$100,000 - $130,000•Remote

About The Position

As one of the nation’s premier humanitarian organizations, the American Red Cross is dedicated to helping people in need throughout the United States and, in association with other Red Cross networks, throughout the world. When you join our team, you have a direct impact on a meaningful mission, and you can help save lives every day. If you share our passion for helping people, join us in this excellent career opportunity. Work where your career is a force for good. We are committed to the diversity of our workforce and to delivering our programs and services in a culturally competent manner reflecting the communities we serve. Our work environment is collaborative, respectful, and inclusive with a focus on building allyship and a culture of belonging that empowers all team members. Come to learn, grow, and succeed while sharing your passion for making a difference. The Red Cross supports a variety of cultural and community resource groups for employees and volunteers. From the Ability Network, our Asian American & Pacific Islander Resource Group, the Latino Resource Group, and Red Cross PRIDE, to the Umoja African American Resource Group, our Veterans+ Resource Group, and the Women’s Resource Group, these networks provide connections, mentoring and help give voice to important concerns and opinions. At the American Red Cross, your uniqueness can shine! The American Red Cross is looking for an experienced Principal to join the Information Security Architecture group. The Principal is a senior technical expert responsible for developing, governing, and guiding the security architecture across the enterprise. This role ensures that solutions are designed and implemented securely while supporting business resilience and innovation. The Principal, Information Systems Security provides leadership in secure design practices, security best practices, emerging technologies, and security controls The ideal candidate has deep hands-on experience in enterprise architecture and security engineering, excels in cross-functional collaboration, and can influence technical and business stakeholders at all levels.

Requirements

Bachelor’s degree (4-year degree) in Information Security, Computer Science, Information Technology, Engineering, or related field.
Minimum 7 years of progressive experience in information security, with at least 4 years in security architecture, engineering, or solution architecture roles.
Expert knowledge of network security, cloud architectures, application security, identity and access management, encryption, and secure protocols.
Expert knowledge of maintaining cloud security posture for Azure and AWS environments.
Hands-on experience with security technologies such as PKI, SIEM, firewalls, WAF, IAM/PAM, and vulnerability management tools.
Strong analytical skills with the ability to evaluate complex systems and provide actionable guidance.
Excellent communication, documentation, and stakeholder-influencing skills.
Ability to work across diverse engineering, cloud, operations, and business teams

Nice To Haves

CISSP, CISM, CISA, GIAC or equivalent.

Responsibilities

Conduct architecture reviews and provide recommendations ensuring alignment with the organization’s security strategy and risk tolerance.
Evaluate and document security risks associated with architectural decisions and business initiatives.
Advise on compensating controls when legacy systems or business constraints prevent ideal security solutions.
Communicate complex security concepts to executive leadership, IT teams, and business stakeholders in a clear and actionable way.
Ensure alignment with industry frameworks such as NIST CSF, NIST 800-53, and Zero Trust principles.
Assess proposed technologies and solutions for architectural fit, security effectiveness, and implementation feasibility.
Provide secure-by-design guidance for application teams, including identity integration, API protection, data encryption, secure coding, and threat modeling.
Collaborate with DevOps/DevSecOps teams to embed security into CI/CD pipelines, automation tools, and infrastructure-as-code systems.
Assist in the development, publishing, and maintenance of security control standards, design principles, and architectural governance documentation.
Analyze emerging technologies, security trends, and threat landscapes to guide architectural evolution.
Recommend new tools, platforms, and patterns that enhance security posture and increase operational resilience.
Lead initiatives related to Zero Trust, identity modernization, cloud-native security, automation, and security observability.