Principal Security Controls Architect

About The Position

Requirements

• 10 years in cybersecurity, security and technology controls, ITAM or related engineering and risk domains, including senior-level leadership and delivery ownership
• Demonstrated experience architecting security and technology controls at scale
• Strong experience with asset inventory, asset lifecycle management, and taxonomy and metadata modeling, including how taxonomy drives control applicability and coverage
• Experience building automation-first solutions including CI/CD pipelines, infrastructure-as-code, and automated evidence collection and monitoring frameworks
• Strong engineering depth and ability to partner with developers
• Translate threat models and attack surface analysis into actionable control requirements and auditable governance standards, grounded in a strong working knowledge of current and evolving security control frameworks
• Ability to present and influence executive audiences, articulate complex technical risk clearly, and drive decisions across stakeholders

Nice To Haves

• Experience partnering with Risk, Compliance, and Audit to improve control design, evidence quality, and examination readiness while reducing operational burden
• Experience with large-scale enablement across multiple lines of business and engineering organizations
• Familiarity mapping controls and governance requirements to common frameworks such as NIST, ISO 27001, or CIS Controls, and translating framework requirements into engineering-executable standards
• Experience with cybersecurity asset management platforms such as ServiceNow CMDB, Axonius, or equivalent, including designing data models, ownership workflows, and asset lifecycle governance processes
• Demonstrated ability to define and track control health metrics, KPIs, and adoption indicators that communicate security posture and governance maturity to executive and risk audiences

Responsibilities

• Define and drive the strategy and roadmap for technology control architecture across Global Technology Asset Management, aligning to regulatory expectations and firmwide security standards
• Establish and enhance an enterprise-grade asset taxonomy including critical metadata, ownership, lifecycle state, and control applicability
• Architect and design control patterns that are reusable and scalable reducing manual processes and improving auditability
• Partner with platform and product teams to embed controls into the asset lifecycle
• Define control coverage and control health metrics, dashboards, and operational mechanisms to measure effectiveness, exceptions, and remediation progress
• Evaluate, select, and implement security/control process/tooling to improve asset transparency, control automation, and evidence quality
• Continually assess new trends in technology and determine implications on the overall security control process
• Drive security engineering thought leadership within the product line
• Champion the firm's culture of diversity, opportunity, inclusion, and respect