The Enterprise Security Architecture Senior Director oversees the strategic security architecture to ensure it aligns with business objectives. This role drives thought leadership within Information Security and Enterprise Architecture, leading a team of architects who collaborate across diverse technology portfolios. The Enterprise Security Architecture Senior Director will be instrumental in guiding the design, implementation, and operations of secure architectures for enterprise systems, cloud environments, and applications.
This role reports jointly to the Chief Information Security Officer (CISO) and Chief Architect to provide guidance, expertise, and influence technical product owners, portfolio leaders, and security engineers. The Enterprise Security Architecture Senior Director plays a key role in shaping the organization's security posture, acting as a trusted advisor to the Chief Information Security Officer, Chief Architect, IT Leadership Team, Information Security Risk Management leadership, and the Chief Risk Officer.
Strategic Leadership
Creating valuable and impactful security architecture recommendations that inform technical decisions while managing change and competing demands.
Influencing Senior Directors and Executive Directors to mature and promoting industry-leading security architecture across the enterprise technology landscape.
Growing, inspiring, and retaining a diverse, high-performing team of security architects that is forward-looking and adaptive to emerging security technologies and threats.
Architectural Oversight
Developing and implementing a comprehensive enterprise security architecture strategy that aligns with the organization’s business goals.
Establishing strong library of architecture patterns that result in secure-by-design, performant, scalable, and highly available technical products.
Driving the adoption of security architecture patterns, and harmonization of those patterns with peer enterprise architects’ vision of BCG’s future technology stack.
Risk Management
Collaborating with the risk management and compliance teams to ensure that security measures meet regulatory requirements.
Consulting with architects and product owners on likely threat scenarios and effective mitigation strategies.
Sharing best practices in information security between the business units and the rest of the enterprise.
Bachelor’s degree (or equivalent).
Minimum of 12 years of information security risk management experience, with a strong background in enterprise architecture, secure software development practices, cloud & infrastructure security, security applications and technologies.
Subject matter expert in cyber security practices that include the configuration and architecture of security tools and products, service-oriented architecture, machine learning and artificial intelligence, Domain-Driven Design, etc.
Expert knowledge with cumulative hands-on experience across an array of technology platforms.
Knowledge of the legal and regulatory landscape related to security and privacy in an international environment.
Executive presence, ability to influence senior IT and Global Risk leaders.
Knowledge of cyber security landscape in modern digital technologies, particularly in cloud Security, in technological, business and operational aspects.
Ability to communicate (written and verbally) highly complex and technical concepts and information risk to technical and non-technical business audience to aid them in making informed risk decisions.
Must have experience managing compliance efforts and experience with business risk management with the ability to communicate the balance between strong security and enabling business.
Experience leading a global, cross-functional team.
Ability to apply entrepreneurial and innovative mind-set and attitude to adapt to the speed and agility needed for evolving business demands.