Role summary
- Define and maintain enterprise security architectures covering applications, infrastructure, networks, data platforms, and cloud services, with Microsoft Azure as the primary platform.
- Embed security into transformation and AIdriven initiatives, ensuring solutions are securebydesign and compliant with insurance and financialservices regulations.
Key responsibilities
- Security architecture & design: Create reference architectures and security blueprints for cloudnative, hybrid, and onprem environments, including microservices, APIs, data lakes, and AI/ML workloads; conduct architecture reviews and threat modeling using frameworks such as STRIDE, PASTA, and LINDDUN.
- Zero Trust & identity: Design and implement Zero Trust architectures, enterprise IAM on Azure AD/Entra ID, and modern authentication/authorization using SAML, OAuth 2.0, OpenID Connect, MFA, conditional access, RBAC, and ABAC.
- Cloud & application security: Establish security guardrails across Azure, AWS, and GCP; implement CSPM/CWPP, container and Kubernetes security, WAF, NSGs, and DDoS protection; integrate DevSecOps practices, secure coding standards, and SAST/DAST/SCA/IAST into CI/CD.
- Security operations & monitoring: Design SIEM and SOAR architectures (e.g., Microsoft Sentinel, Splunk, QRadar, Elastic), logging strategies, threat intelligence integration, and incident response capabilities including forensics and evidence handling.
- Compliance, risk & governance: Ensure alignment with frameworks such as NIST, ISO 27001, PCIDSS, SOC 2, GDPR, HIPAA, and insurancespecific regulations; perform risk assessments, define security policies and standards, and track security KPIs.
- Data protection & network security: Architect encryption, DLP, key and certificate management, data classification, and privacybydesign; design secure network architectures with segmentation, DMZs, VPN/ZTNA/SDP, IDS/IPS, NAC, and CDN security.
- Collaboration & leadership: Partner with enterprise and solution architects, DevOps, engineering, and business teams to embed security; mentor teams, lead design reviews and working groups, and present complex security topics to senior leadership.
Required Skills
- Deep knowledge of major security frameworks and standards (NIST CSF, ISO 27001/27002, CIS Controls, OWASP Top 10, SANS Top 25, Zero Trust Architecture, PCIDSS, HIPAA, GDPR, and insurance regulations).
- Strong expertise in IAM, cloud security (Azure preferred, plus AWS/GCP), application security, security operations (SIEM/SOAR, EDR/XDR), network security, and encryption/data protection technologies.
Experience & certifications
- 8+ years in cybersecurity, security engineering, or security architecture, including 3+ years designing enterprisegrade security architectures, ideally in insurance or financial services.
- Proven experience implementing Zero Trust, architecting on Microsoft Azure, conducting threat modeling and architecture reviews, and supporting compliance certifications such as SOC 2, ISO 27001, and PCIDSS.
- Core certifications: CISSP, CISM, CCSP, and Microsoft security certifications (e.g., Security Operations Analyst Associate or Azure Security Engineer Associate); additional certifications such as CEH, GIAC, OSCP, and CISA are a strong plus.
Key competencies
- Insurance domain security, including protection of PII, claims, and financial data, and understanding of Solvency II, state regulations, GDPR, and CCPA.
- Technical leadership, riskbased decisionmaking, and a strong focus on innovation and continuous learning to keep pace with the evolving threat landscape and regulatory environment
