Senior Security Architect

Job Summary :

At Iron Mountain, we protect what our customers value most: their information and assets. As an Information Security Architect, you will play a key role in securing the design, implementation, and maintenance of technology platforms. This involves assessing risks, developing and implementing security solutions, and collaborating to integrate security throughout the product and service lifecycle. The role requires knowledge of security architecture and trends to mitigate threats. You will design and implement security solutions that safeguard sensitive data, systems, and operations against the rapidly evolving threat landscape. This position is vital for our ongoing commitment to maintaining best-in-class security for both our customers and our internal operations.

Key Responsibilities:

• Security Architecture Design: Develop secure architectural designs for new and existing systems, focusing on cloud (AWS, Azure, GCP), and hybrid platforms. Ensure designs meet business objectives and comply with security standards

• Implementation and Hardening: Directly configure and harden infrastructure (endpoints, servers, authentication systems, cloud services) to ensure secure operations

• Technical Leadership: Provide guidance to DevOps and engineering teams, integrate security throughout CI/CD pipelines, and assist in proof of concepts and technical review of new technologies

• Risk Management: Identify and evaluate security risks in both existing and future technology environments. Develop mitigation strategies to address potential vulnerabilities.

• Compliance and Regulatory Alignment: Ensure that security controls meet regulatory and legal requirements, such as GDPR, HIPAA, PCI-DSS, and SOC 2 compliance. Lead efforts in developing and maintaining compliance documentation.

• Security Policy Development: Collaborate with senior leadership and cross-functional teams to define, establish and enforce security policies, procedures, and best practices across the Digital Business Unit.

• Incident Response: Collaborate with the IRM Cyber Security Incident Response team, ensuring the organization is prepared to effectively respond to security breaches. Provide technical guidance in the event of a security incident.

• Cloud Security: Provide security leadership in cloud services (AWS, Azure, GCP), ensuring the secure design of multi-cloud and hybrid environments with special emphasis in maintaining IAM solutions.

• Security Assessments: Conduct regular security reviews and assessments, including vulnerability scanning, penetration testing, and risk analysis. Proactively work with IT and development teams to remediate security issues.

• Collaboration & Stakeholder Engagement: Work closely with Engineering IT, legal, compliance, and other departments to integrate security into all processes. Act as a security advisor on major IT projects, ensuring that security is a key consideration in business and IT decisions.

• Emerging Threat Analysis: Stay current with the latest cybersecurity trends, threats, and technologies. Provide recommendations for improving security strategies based on emerging risks and evolving threat landscapes.

Qualifications:

• Education: Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field (Master’s degree preferred).

• Experience:

• 7+ years of experience in Information Security, with a minimum of 3 years in an architecture or design role.

• Extensive knowledge of information security standards (ISO 27001, NIST, CIS).

• Proven experience with security frameworks and regulatory requirements, including PCI-DSS, GDPR, and HIPAA.

• Experience designing security architectures for cloud environments (AWS, Azure, or GCP) and securing hybrid systems.

• Experience incorporating security in CI/CD pipelines. Enforce Shift-let principles in the development and deployment lifecycle

• Certifications:

• CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or equivalent certifications preferred.

• Technical Skills:

• Deep hands-on knowledge of platform and cloud security, network security principles, authentication/authorization, encryption, and security tools (SIEM, IDS/IPS, EDR)

• Strong expertise in security protocols, encryption, and identity management (IAM).

• Proficiency in network security, firewalls, VPNs, IDS/IPS, DLP, and endpoint security solutions.

• Deep understanding of cloud security controls and technologies.

• Strong experience in DevOps practices

• Translate security requirements into actionable Development tasks

• Soft Skills:

• Excellent verbal and written communication skills with the ability to articulate complex security concepts to non-technical stakeholders.

• Strong problem-solving and analytical skills.

• Ability to work collaboratively in a cross-functional environment.

• Additional Information: This role may require occasional travel based on business needs.

Category: Information Technology

Iron Mountain is a global leader in storage and information management services trusted by more than 225,000 organizations in 60 countries. We safeguard billions of our customers’ assets, including critical business information, highly sensitive data, and invaluable cultural and historic artifacts. Take a look at our history here .

Iron Mountain helps lower cost and risk, comply with regulations, recover from disaster, and enable digital and sustainable solutions, whether in information management, digital transformation, secure storage and destruction, data center operations, cloud services, or art storage and logistics. Please see our Values and Code of Ethics for a look at our principles and aspirations in elevating the power of our work together.

To view the Equal Employment Opportunity is the Law posters and the supplement, as well as the Pay Transparency Policy Statement, CLICK HERE

Requisition: J0091444