Director Security Architecture & Engineering

The Director of (Cyber) Security Architecture and Engineering is a cyber leadership role responsible for establishing, operationalizing, and continuously maturing the organization's security architecture and engineering capabilities in support of business strategy, technology transformation, and enterprise risk management objectives. This role provides strategic and hands-on leadership across security architecture, secure design, platform security engineering, cloud and application security enablement, and security tooling integration. The Director partners closely with technology, product, infrastructure, privacy, risk, compliance, legal, and business stakeholders to ensure security requirements are embedded into enterprise architecture, software development, infrastructure modernization, and third-party technology adoption. The role is accountable for defining security patterns and standards, guiding security-by-design practices, overseeing engineering roadmaps, and building a scalable team capable of reducing enterprise risk while enabling business growth, resilience, and regulatory readiness.

WHAT YOU'LL BE DOING:

• Lead the strategic direction, operating model, and maturity roadmap for the security architecture and engineering function.
• Define and maintain enterprise security architecture principles, reference architectures, design patterns, and engineering standards aligned to business objectives and risk tolerance.
• Oversee the design, implementation, and lifecycle management of security technologies supporting identity, endpoint, network, cloud, data, application, and infrastructure security capabilities.
• Partner with enterprise architecture, infrastructure, DevOps, cloud, and software engineering teams to embed security-by-design and secure-by-default practices into technology solutions and delivery processes.
• Review and approve security architecture for major systems, platforms, integrations, and transformation initiatives, including cloud services and third-party technologies.
• Direct security engineering activities related to control implementation, automation, integration, tuning, and operational resilience.
• Establish and socialize secure design requirements for applications, platforms, APIs, data flows, and infrastructure components.
• Provide leadership for application security and product security enablement, including guidance on secure development, threat modeling, architectural risk analysis, and remediation priorities.
• Collaborate with governance, risk, and compliance stakeholders to align control design and technology implementations with internal policies, customer requirements, and regulatory expectations.
• Drive technical risk reduction initiatives by identifying architecture gaps, control weaknesses, technical debt, and modernization opportunities.
• Manage vendor and technology evaluations related to security architecture and engineering capabilities, including proof-of-concept activities and implementation planning.
• Coach, develop, and performance-manage architects and engineers while building a high-performing, collaborative, and accountable team culture.
• Support incident response, significant investigations, and post-incident improvement efforts by providing architecture and engineering expertise for containment, recovery, and long-term remediation.

YOU'VE GOT WHAT IT TAKES IF YOU HAVE/ARE:

• 10+ years of progressive experience in cybersecurity, information security, or closely related technology roles.
• 5+ years of leadership experience in security architecture, security engineering, or a comparable cyber leadership function.
• Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, Engineering, or a related field; or equivalent combination of education and relevant professional experience.
• Demonstrated experience designing and implementing enterprise security controls across cloud, infrastructure, application, identity, and data domains.
• Experience leading security architecture reviews, engineering initiatives, and cross-functional technology programs in a mid-sized or large enterprise environment.
• Experience managing and developing technical teams, including architects, engineers, or other specialized cybersecurity staff.
• Experience partnering with senior technology and business leaders to align security capabilities with strategic objectives and operational requirements.
• Experience supporting audits, assessments, customer security reviews, or regulatory/compliance initiatives through technical control design and evidence support.
• Experience evaluating and implementing security technologies, platforms, and managed services.

EXPERIENCE/EDUCATION PREFERRED:

• Master's degree in Cybersecurity, Information Assurance, Computer Science, Business Administration, or a related discipline.
• Professional certifications such as CISSP, CISM, CCSP, SABSA, AWS/Azure/GCP security certifications, or other relevant architecture and security credentials.
• Experience in SaaS, cloud-native, highly regulated, or customer-facing technology environments.
• Experience aligning security capabilities to recognized frameworks or standards such as NIST CSF, ISO 27001, CIS Controls, SOC 2, PCI DSS, HIPAA, or other applicable requirements.
• Experience building or maturing security architecture review boards, secure engineering practices, or security reference architecture programs.
• Experience with mergers, acquisitions, major transformation programs, or global technology environments.