GRC Process Architect

The work

• Map organizational architectures, capabilities, and controls to NIST CSF, MITRE ATT&CK, and other cybersecurity frameworks to identify strengths, gaps, and improvement opportunities.
• Perform threat modeling activities to evaluate proposed or current designs, identify attack paths, and guide teams toward resilient architecture.
• Identify enterprise‑level security architecture gaps and propose scalable, actionable remediation strategies.
• Design, implement, and mature repeatable security processes, architecture standards, and reusable security patterns.
• Participate early in IT and business solution design to provide proactive architectural guidance and ensure alignment with secure‑by‑design principles.
• Communicate technical and architectural needs to key stakeholders by translating complex technical concepts into clear, digestible, and actionable information.
• Collaborate with Agile, DevOps, and engineering teams to embed secure development practices and escalate architecture concerns when necessary.
• Validate software, platform, and cloud architectures for adherence to modern security best practices and recommend architectural improvements.
• Translate business needs, technical requirements, and regulatory obligations into clear and actionable security architecture requirements.
• Act as a trusted advisor to technology teams, enabling secure solution design and promoting adoption of enterprise security controls.
• Collaborate with peer architects and security practitioners to share best practices, strengthen architectural maturity, and ensure consistency across the enterprise.
• Monitor emerging technologies, evolving threats, and industry trends to ensure architectural strategies remain relevant, proactive, and resilient.
• Stay up‑to‑date on the state of enterprise IT and security tools, trends, and processes.
• Evaluate AI‑driven systems and integrations for security risks, ensuring responsible use of AI technologies and incorporating secure‑by‑design principles into AI‑related architectures.

What you need

• U.S. Citizen required
• 5+ years of experience in IT or information security engineering or architecture
• Strong knowledge of security principles
• Strong knowledge of Microsoft cloud services (e.g., Azure Active Directory, Azure IaaS/PaaS, Office 365)
• Strong understanding of secure web application network protocols (HTTP(S), TLS, SFTP, etc.)
• Understanding of the OWASP Top 10 application security risks and its mitigations
• 5 years of experience in cloud security, application security, and/or network security

Bonus if you have

• 5+ years direct architectural experience Prior experience performing ongoing maintenance and operations of security technologies (e.g. management of firewalls, IDS/IPS, endpoint security, etc.)