Enterprise Cyber Security Solution Architect
Leading Utilities Organization, Tampa, FL, United States
Enterprise Cyber Security Solution Architect
Location: North Tampa, FL (Hybrid) **NOTE-No Corp. to Corp. and Must be Local to Tampa to be considered. Must legally be able to work in the United States for any employer effective immediately.
Overview
The Enterprise Cyber Security Solution Architect is responsible for designing, maturing, and governing enterprise-wide cybersecurity solutions that protect critical information assets and infrastructure.
This role serves as a solution architect and technical authority, defining future-state architectures, security standards, and multi-year roadmaps, while partnering with engineering teams, system integrators, and Managed Security Service providers (MSS) for execution and operations.
The position provides architectural leadership across:
Identity & Access Management (IAM/IGA)
Privileged Access Management (PAM)
Data Loss Prevention (DLP)
Application Security
Public Key Infrastructure (PKI)
Note: This is an architecture-focused role and does not involve hands-on implementation or day-to-day administration.
Qualifications (Summary)
Bachelor's degree in Cybersecurity, Computer Science, Engineering, or related field (or equivalent experience)
8+ years of cybersecurity or IT experience with strong architecture exposure
Demonstrated expertise across IAM/IGA, PAM, DLP, Application Security, and PKI
Strong communication, documentation, and strategic planning skills
Certifications
Required:
Two cybersecurity certifications (or ability to obtain within 1 year) from recognized vendors (e.g., (ISC), GIAC, ISACA, CompTIA, EC-Council)
Preferred:
ITIL v3
Certifications such as: CISSP, CISM, CISA, CRISC, CEH, GIAC, OSCP, SSCP (or similar)
Experience
8+ years of experience in cybersecurity or IT, including:
Security architecture
Risk analysis and security assessments
Systems or infrastructure security
Data protection (DLP/FIM)
Knowledge, Skills & Abilities
Expert-level understanding of cybersecurity architecture and best practices
Strong knowledge of:
Threat landscape, vulnerabilities, and risk management
IAM, data protection, application, and infrastructure security
Enterprise architecture frameworks and models
Security frameworks (e.g., NIST, ISO 27001)
Experience with:
SIEM, IDS/IPS, endpoint protection, and threat intelligence tools
Risk assessments and vulnerability analysis
Strong analytical, problem-solving, and communication skills
Ability to work across technical and non-technical stakeholders
Adaptability to evolving technologies, threats, and regulatory requirements
Working Conditions
Standard office environment
Occasional after-hours, weekend work, and on-call participation
Physical Requirements
Standard office-related physical demands
Primary Duties & Responsibilities
Identity Management & Identity Governance (IAM / IGA) 35%
Define and maintain IAM/IGA reference architectures, standards, and roadmaps aligned with Zero Trust and least privilege principles
Provide architecture leadership for Microsoft Entra ID (passwordless authentication, Conditional Access, SSO, identity federation)
Architect and mature Saviynt IGA capabilities (RBAC, role catalog, entitlement management, access certifications)
Design identity controls to mitigate BYOD risk using Conditional Access and device trust strategies
Lead integrations with enterprise platforms (e.g., PAM tools, ITSM, ERP systems)
Govern non-human/workload identities in coordination with IAM and PAM platforms
Privileged Access Management (PAM CyberArk) 25%
Serve as the enterprise PAM solution architect and design authority
Define and lead the PAM maturity roadmap (pilot ? enterprise rollout ? MSS transition)
Architect advanced capabilities including:
Privileged session recording
Secure credential access
Just-in-time (JIT) provisioning
Privilege reduction strategies
Establish PAM architectures across on-prem, cloud, hybrid, and distributed environments
Provide governance oversight to ensure scalable, secure, and compliant implementations
Data Loss Prevention (DLP Microsoft Purview) 15%
Lead architecture for enterprise DLP capabilities
Define data classification, labeling, and protection strategies across:
Email
Endpoints
Cloud platforms
Data at rest
Align DLP with IAM, Conditional Access, and data governance requirements
Partner with Legal, Compliance, and Risk teams to meet regulatory and privacy standards
Application Security (Architecture & Secure SDLC) 15%
Define secure application architectures and secure coding standards
Integrate security into the Software Development Lifecycle (SDLC)
Provide guidance on authentication, authorization, and secure data handling
Support security architecture reviews and risk assessments for critical systems
PKI & Certificate Management 5%
Provide governance for PKI and certificate lifecycle management
Define standards for certificate issuance, renewal, revocation, and automation
Support certificate-based authentication and passwordless initiatives
Cyber Defense & Security Governance 5%
Contribute to architecture and governance of threat detection and response capabilities
Support development of security standards, policies, and control frameworks
Act as a trusted advisor in security architecture and enterprise risk discussions
Relationships
Internal: Information Security, Enterprise Architecture, IAM/IGA teams, Application Development, Infrastructure, Cloud, Risk, Compliance, Audit, Executive Leadership
External: System Integrators, Security Vendors, Managed Security Service Providers, Auditors, Industry Partners
Location: North Tampa, FL (Hybrid) **NOTE-No Corp. to Corp. and Must be Local to Tampa to be considered. Must legally be able to work in the United States for any employer effective immediately.
Overview
The Enterprise Cyber Security Solution Architect is responsible for designing, maturing, and governing enterprise-wide cybersecurity solutions that protect critical information assets and infrastructure.
This role serves as a solution architect and technical authority, defining future-state architectures, security standards, and multi-year roadmaps, while partnering with engineering teams, system integrators, and Managed Security Service providers (MSS) for execution and operations.
The position provides architectural leadership across:
Identity & Access Management (IAM/IGA)
Privileged Access Management (PAM)
Data Loss Prevention (DLP)
Application Security
Public Key Infrastructure (PKI)
Note: This is an architecture-focused role and does not involve hands-on implementation or day-to-day administration.
Qualifications (Summary)
Bachelor's degree in Cybersecurity, Computer Science, Engineering, or related field (or equivalent experience)
8+ years of cybersecurity or IT experience with strong architecture exposure
Demonstrated expertise across IAM/IGA, PAM, DLP, Application Security, and PKI
Strong communication, documentation, and strategic planning skills
Certifications
Required:
Two cybersecurity certifications (or ability to obtain within 1 year) from recognized vendors (e.g., (ISC), GIAC, ISACA, CompTIA, EC-Council)
Preferred:
ITIL v3
Certifications such as: CISSP, CISM, CISA, CRISC, CEH, GIAC, OSCP, SSCP (or similar)
Experience
8+ years of experience in cybersecurity or IT, including:
Security architecture
Risk analysis and security assessments
Systems or infrastructure security
Data protection (DLP/FIM)
Knowledge, Skills & Abilities
Expert-level understanding of cybersecurity architecture and best practices
Strong knowledge of:
Threat landscape, vulnerabilities, and risk management
IAM, data protection, application, and infrastructure security
Enterprise architecture frameworks and models
Security frameworks (e.g., NIST, ISO 27001)
Experience with:
SIEM, IDS/IPS, endpoint protection, and threat intelligence tools
Risk assessments and vulnerability analysis
Strong analytical, problem-solving, and communication skills
Ability to work across technical and non-technical stakeholders
Adaptability to evolving technologies, threats, and regulatory requirements
Working Conditions
Standard office environment
Occasional after-hours, weekend work, and on-call participation
Physical Requirements
Standard office-related physical demands
Primary Duties & Responsibilities
Identity Management & Identity Governance (IAM / IGA) 35%
Define and maintain IAM/IGA reference architectures, standards, and roadmaps aligned with Zero Trust and least privilege principles
Provide architecture leadership for Microsoft Entra ID (passwordless authentication, Conditional Access, SSO, identity federation)
Architect and mature Saviynt IGA capabilities (RBAC, role catalog, entitlement management, access certifications)
Design identity controls to mitigate BYOD risk using Conditional Access and device trust strategies
Lead integrations with enterprise platforms (e.g., PAM tools, ITSM, ERP systems)
Govern non-human/workload identities in coordination with IAM and PAM platforms
Privileged Access Management (PAM CyberArk) 25%
Serve as the enterprise PAM solution architect and design authority
Define and lead the PAM maturity roadmap (pilot ? enterprise rollout ? MSS transition)
Architect advanced capabilities including:
Privileged session recording
Secure credential access
Just-in-time (JIT) provisioning
Privilege reduction strategies
Establish PAM architectures across on-prem, cloud, hybrid, and distributed environments
Provide governance oversight to ensure scalable, secure, and compliant implementations
Data Loss Prevention (DLP Microsoft Purview) 15%
Lead architecture for enterprise DLP capabilities
Define data classification, labeling, and protection strategies across:
Endpoints
Cloud platforms
Data at rest
Align DLP with IAM, Conditional Access, and data governance requirements
Partner with Legal, Compliance, and Risk teams to meet regulatory and privacy standards
Application Security (Architecture & Secure SDLC) 15%
Define secure application architectures and secure coding standards
Integrate security into the Software Development Lifecycle (SDLC)
Provide guidance on authentication, authorization, and secure data handling
Support security architecture reviews and risk assessments for critical systems
PKI & Certificate Management 5%
Provide governance for PKI and certificate lifecycle management
Define standards for certificate issuance, renewal, revocation, and automation
Support certificate-based authentication and passwordless initiatives
Cyber Defense & Security Governance 5%
Contribute to architecture and governance of threat detection and response capabilities
Support development of security standards, policies, and control frameworks
Act as a trusted advisor in security architecture and enterprise risk discussions
Relationships
Internal: Information Security, Enterprise Architecture, IAM/IGA teams, Application Development, Infrastructure, Cloud, Risk, Compliance, Audit, Executive Leadership
External: System Integrators, Security Vendors, Managed Security Service Providers, Auditors, Industry Partners