Security Architect – SecDesign, Cloud Security & Architecture Governance
Role Overview
• Assess and strengthen the security posture of enterprise technology ecosystems through security architecture assessments.
• Conduct deep security reviews across systems, applications, and business processes to identify risks, evaluate controls, and recommend remediation aligned with security standards and industry best practices.
• Act as an internal security consultant partnering with business units, technology teams, suppliers, stakeholders, and partners to guide secure architecture decisions.
• Collaborate with global subject matter experts to modernize SDLC platforms, deployment automation, cloud integrations, and SaaS tooling.
Key Responsibilities
Security Architecture Assessments
• Lead SecDesign deep-dive sessions with assessment requestors and project stakeholders.
• Identify, assess, and prioritize security risks based on business impact.
• Deliver actionable security requirements and recommendations across:
• Authentication, authorization, and auditing
• Application security, including:
• Session controls
• Penetration testing findings
• Input validation
• Secure data storage and transmission.
• Network security architecture and best practices.
• Cloud security principles, patterns, and controls.
Architecture Governance & Reference Models
• Review and update security reference architectures and blueprints.
• Participate in Operational Risk and Technology Risk governance forums.
• Contribute to modern architecture patterns across:
• Cloud platforms
• Applications
• Technology platforms
Technology Enablement
• Collaborate with global SMEs to evolve SDLC tooling and deployment automation strategies.
• Influence next-generation development and deployment platforms across diverse technology stacks.
• Identify strategic technology investments that enhance enterprise security posture.
Required Skills & Experience
Security Architecture Expertise
• Deep knowledge of security vulnerabilities across:
• Applications
• Networks
• Platforms
• Cloud environments
• Ability to translate complex security risks into developer-friendly guidance.
• Extensive experience conducting:
• Information Security assessments
• IT Security assessments
• Audit assessments
• Experience delivering security findings and gaining stakeholder alignment.
• Strong ability to analyze and review:
• Technical designs
• Architecture diagrams
• Functional requirements
for security implications.
Soft Skills
• Exceptional communication skills, including:
• Written communication
• Verbal communication
• Presentations
• Active listening
• Ability to influence technical and business stakeholders through clear, fact-based recommendations.
• Strong time-management skills with the ability to manage multiple assessments simultaneously.
• Ability to execute and deliver under tight timelines, including senior management engagements.
• Ability to tailor communication of technical risks versus business risks based on audience needs.