Senior Security Architect

Job Description:

The Enabling Services SR Security Architect is responsible for defining, governing, and evolving security standards and reference architectures across Enabling Services, aligned with the Mars Cybersecurity Framework.

This role ensures a consistent, risk-based, and secure-by-design approach across cloud, network, data protection, SRE, and infrastructure domains, enabling secure digital transformation and regulatory compliance.

Key Responsibilities:

1. Security Governance & Strategy

• Define and maintain security standards, policies, and guardrails.
• Establish governance models (roles, responsibilities, accountability).
• Align cloud, network, and SRE security with enterprise risk management.
• Ensure compliance with regulatory and industry frameworks.

• Define standards for asset inventory, data classification, and Zero Trust architecture.
• Lead threat modeling and risk assessments.
• Establish risk identification, prioritization, and third-party risk practices.

• Design and govern secure reference architectures across:
  • Cloud, network, and infrastructure
  • IAM, encryption, and key management
• Define baseline security controls (multi-cloud, hybrid environments).
• Enforce principles such as least privilege, defense-in-depth, and zero trust.

• Define requirements for logging, monitoring, and SIEM integration.
• Establish standards for log collection, retention, and threat detection use cases.
• Promote adoption of cloud-native observability and security tools.

• Define incident response frameworks and playbooks in collaboration with SecOps.
• Ensure integration with SOC/SOAR capabilities.
• Support recovery and resilience strategies.

• Define and enforce security control frameworks and baselines.
• Support audits and compliance assessments.
• Enable continuous compliance monitoring.

• Embed security into CI/CD pipelines (SAST, DAST, SCA).
• Promote Infrastructure-as-Code (IaC) security and policy-as-code.
• Drive security automation and standardized controls.

• Security standards and policies
• Reference architectures and guardrails
• Cloud and infrastructure security baselines
• Control frameworks and mappings (e.g., NIST CSF)
• Risk assessment frameworks

• Cloud (AWS, Azure, GCP), Network Security, Infrastructure, Backup & DR
• Observability (Azure Monitor, Datadog), SIEM/SOAR
• NIST CSF, NIST 800-53, CIS, ISO 27001
• DevSecOps, IaC, automation, and SRE practices
• Strategic thinking and strong architecture mindset
• Stakeholder management and communication
• Ability to translate risk into actionable standards

#hybrid