Enterprise Cyber Security Solution Architect

Enterprise Cyber Security Solution Architect

Location

Tampa Bay, FL (Hybrid)

Overview

The Enterprise Cyber Security Solution Architect is responsible for designing, maturing, and governing enterprise-wide cybersecurity solutions that protect critical information assets and infrastructure.

This role serves as a solution architect and technical authority, defining future-state architectures, security standards, and multi-year roadmaps, while partnering with engineering teams, system integrators, and Managed Security Service providers (MSS) for execution and operations.

The position provides architectural leadership across:

• Identity & Access Management (IAM/IGA)



• Privileged Access Management (PAM)



• Data Loss Prevention (DLP)



• Application Security



• Public Key Infrastructure (PKI)

Note: This is an architecture-focused role and does not involve hands-on implementation or day-to-day administration.

Primary Duties & Responsibilities

Identity Management & Identity Governance (IAM / IGA) - 35%

• Define and maintain IAM/IGA reference architectures, standards, and roadmaps aligned with Zero Trust and least privilege principles



• Provide architecture leadership for Microsoft Entra ID (passwordless authentication, Conditional Access, SSO, identity federation)



• Architect and mature Saviynt IGA capabilities (RBAC, role catalog, entitlement management, access certifications)



• Design identity controls to mitigate BYOD risk using Conditional Access and device trust strategies



• Lead integrations with enterprise platforms (e.g., PAM tools, ITSM, ERP systems)



• Govern non-human/workload identities in coordination with IAM and PAM platforms

Privileged Access Management (PAM - CyberArk) - 25%

• Serve as the enterprise PAM solution architect and design authority



• Define and lead the PAM maturity roadmap (pilot enterprise rollout MSS transition)



• Architect advanced capabilities including:
  
  
  
  
  • Privileged session recording
  
  
  
  • Secure credential access
  
  
  
  • Just-in-time (JIT) provisioning
  
  
  
  • Privilege reduction strategies
  
  
  
  



• Establish PAM architectures across on-prem, cloud, hybrid, and distributed environments



• Provide governance oversight to ensure scalable, secure, and compliant implementations

Data Loss Prevention (DLP - Microsoft Purview) - 15%

• Lead architecture for enterprise DLP capabilities



• Define data classification, labeling, and protection strategies across:
  
  
  
  
  • Email
  
  
  
  • Endpoints
  
  
  
  • Cloud platforms
  
  
  
  • Data at rest
  
  
  
  



• Align DLP with IAM, Conditional Access, and data governance requirements



• Partner with Legal, Compliance, and Risk teams to meet regulatory and privacy standards

Application Security (Architecture & Secure SDLC) - 15%

• Define secure application architectures and secure coding standards



• Integrate security into the Software Development Lifecycle (SDLC)



• Provide guidance on authentication, authorization, and secure data handling



• Support security architecture reviews and risk assessments for critical systems

PKI & Certificate Management - 5%

• Provide governance for PKI and certificate lifecycle management



• Define standards for certificate issuance, renewal, revocation, and automation



• Support certificate-based authentication and passwordless initiatives

Cyber Defense & Security Governance - 5%

• Contribute to architecture and governance of threat detection and response capabilities



• Support development of security standards, policies, and control frameworks



• Act as a trusted advisor in security architecture and enterprise risk discussions

Relationships

Internal:

Information Security, Enterprise Architecture, IAM/IGA teams, Application Development, Infrastructure, Cloud, Risk, Compliance, Audit, Executive Leadership

External:

System Integrators, Security Vendors, Managed Security Service Providers, Auditors, Industry Partners