Principal IT Security Architect - REMOTE from any EST or CST US-based location

About The Position

Requirements

• Have demonstrated enterprise‑level expertise across core cybersecurity domains, including identity and access management, privileged access management, security operations, incident response, vulnerability management, infrastructure and application security, and business/technology resiliency.
• Possess deep knowledge of information security regulations, standards, and frameworks such as PCI, SOX, HIPAA/HITECH, OWASP, NIST, ISO 27001, and CMMC.
• Have proven experience leading and serving as a subject matter expert for security incident response activities, with a working understanding of penetration testing concepts and methods.
• Bring strong experience across complex enterprise technology environments including operating systems, networking, storage, identity providers, data center infrastructure, cloud service provider architecture, and mainstream platforms (e.g., Microsoft, Oracle, IBM), and can design secure architectures for new technologies, major system changes, and mergers and acquisitions.
• Demonstrate knowledge of Artificial Intelligence security concepts, including AI governance, security posture management, common adoption risks, and exploitation methods.
• Can influence and collaborate effectively across cybersecurity, IT, business partners, and third‑party vendors while driving urgency when needed.
• Excel at communicating complex technical and security concepts in clear, business‑focused language to audiences ranging from technical teams to senior and executive leadership.
• Bachelor’s degree in Information Technology or a related field of study, or equivalent experience.
• 12 years of progressive IT experience with 5+ years’ experience as a security architect or related role.
• Experience implementing and ensuring compliance with DoD STIG, Critical Infrastructure Protection, FedRAMP or other security requirement frameworks or guides.
• A strong ability to apply business and technical knowledge to solving technology and security challenges.

Nice To Haves

• Masters Degree in Information Technology or a related field of study.
• Strong verbal and written communication skills in order to communicate complex technology concepts, risks and incident occurrences to all levels of an organization, including IT leadership, Third Party Partners, and business partners.
• CISSP or other relevant security certifications (CCSP, CISM, SSCP, etc.)
• A strong ability to apply business and industry knowledge to solving technology and security challenges.

Responsibilities

• Defining complex security architectures that are necessary to integrate new entities when a merger or acquisition is complete, including leading various levels of technology resource through the decision-making process
• Analyzing and understanding the impact of regulation changes on security architecture, standards and policies, including making and communicating updates as needed
• Providing guidance and coaching to cybersecurity lead and senior architects and engineers, and providing overall technical expertise to the cybersecurity department and business stakeholders
• Researching, modeling, and tracking secure system standards, industry trends, market technology, potential threats, tactics, and procedures for ecosystem applicability and reference
• Developing formal management reporting dashboards aligned to widely accepted standards, including appropriate metrics that inform senior leadership as to the state of information security risk and exposure
• Effectively communicating risk and mitigation activities to all levels of the organization during incident or risk treatment actions, to inform critical decision-making and deliver risk reductions
• Identifying, quantifying, and documenting requirements to address security risks as they relate to IT and enterprise projects
• Recognizing and identifying potential areas where existing security policies and procedures require change, or where new ones need to be developed, especially regarding future business expansion
• Performing third-party security risk assessments, especially for cloud service providers and responding to third-party requests for information on CNO’s information security program/policies
• Ensuring that the organization is leveraging the proper technologies to meet SOX, PCI, and HIPAA/HITECH compliance requirements
• Serving as a subject matter expert for the incident lead during Incident Response activities
• Leading matrix working groups during Incident Response activities
• Supporting legal and Internal Audit activities and information gathering when needed, and effectively communicating complex security topics to these teams

Benefits

• Medical insurance
• Dental insurance
• Vision insurance
• 401(k) retirement plan with company match
• Short-term & long-term disability insurance
• Paid time-off and corporate holidays
• Paid parental leave
• Company paid life insurance