Senior Information Security Architect

Description

American Credit Acceptance (ACA) is seeking a highly experienced and strategic Principal Security Architect to lead the design and implementation of secure architectures across our hybrid environment, including on-premise infrastructure, AWS, and Azure cloud platforms. This role will be pivotal in shaping our enterprise security posture, driving secure software development practices, and ensuring compliance with industry standards and regulatory requirements.

Key ResponsibilitiesSecurity Architecture Leadership

• Design and maintain enterprise-wide security architecture frameworks that support business objectives and risk management strategies.
• Lead the development of security reference architectures for cloud (AWS, Azure) and on-premise environments.

Application Security

• Define and enforce secure coding standards and practices across development teams.
• Oversee the implementation and integration of DAST (Dynamic Application Security Testing) and SAST (Static Application Security Testing) tools into CI/CD pipelines.
• Collaborate with DevOps and engineering teams to embed security into the software development lifecycle (SDLC).

Cloud Security

• Architect and implement security controls for AWS and Azure environments, including IAM, encryption, logging, and monitoring.
• Evaluate and integrate cloud-native security services (e.g., AWS Security Hub, Azure Defender).

On-Premise Security

• Ensure legacy and hybrid systems are aligned with modern security standards.
• Lead risk assessments and remediation strategies for on-premise infrastructure.

Governance, Risk & Compliance

• Align security architecture with NIST, ISO 27001, and other relevant frameworks.
• Support internal and external audits, and ensure compliance with regulatory requirements (e.g., SOX, HIPAA, PCI-DSS).

Collaboration & Leadership

• Serve as a trusted advisor to executive leadership on security strategy and risk.
• Mentor junior architects and security engineers, fostering a culture of security-first thinking.

Required Qualifications

• 10+ years of experience in cybersecurity, with at least 5 years in a security architecture role.
• Deep expertise in application security, including hands-on experience with DAST and SAST tools (e.g., Veracode, Fortify, Burp Suite).
• Proven experience designing secure architectures in AWS and Azure environments.
• Strong understanding of network security, identity and access management, encryption, and threat modeling.
• Familiarity with on-premise infrastructure and hybrid cloud models.
• Certifications such as CISSP, CCSP, AWS Certified Security – Specialty, or Azure Security Engineer Associate are highly desirable.

Preferred Attributes

• Excellent communication and stakeholder management skills.
• Ability to translate complex security concepts into business-friendly language.
• Experience working in regulated industries or with compliance-heavy environments.