CYBERSECURITY ARCHITECT II

The Cybersecurity Architect plays a critical leadership role in defining and advancing Hard Rock’s cybersecurity strategy. This individual will design and implement enterprise-wide security architectures, lead risk management initiatives, and embed secure-by-design principles across infrastructure, applications, and digital platforms.

The Cybersecurity Architect combines deep technical expertise with strategic vision to strengthen security maturity across an environment supporting AI, colocation, and digital asset operations. This role is responsible for identifying gaps, shaping functional and non-functional security requirements, and developing solutions that balance business objectives with regulatory and organizational standards.

Architecture & Strategy

• Lead threat modeling, architecture assessments, and security design reviews for new infrastructure, AI, and platform initiatives in alignment with Zero Trust principles.
• Develop and maintain the enterprise security architecture strategy, including standards, frameworks, and reference architectures for infrastructure and DevSecOps platforms.
• Embed security automation and best practices into the development lifecycle, strengthening controls across critical domains such as endpoints, mobile, containers, authentication/authorization, logging, and threat detection, among others.
• Review existing architectures, identify gaps, and recommend enhancements to improve security, resilience, and compliance.

Cross-Functional Collaboration 

• Collaborate with IT and business teams on new and existing systems and features, providing security guidance during design reviews, explaining risk tradeoffs, and ensuring solutions are built secure-by-default.
• Collaborate with development teams to continuously improve the Secure Software Development Lifecycle (S-SDLC) and foster a culture of security across development teams.
• Participate in change control and architecture review processes, ensuring that proposed technology changes and designs comply with security policies, standards, and best practices.

Technical Leadership

• Provide subject matter expertise on infrastructure (on-prem & cloud), application, and database security, with the ability to guide secure design decisions across the enterprise.
• Lead cloud security architecture and governance across Azure, AWS, GCP, and other Cloud platforms, driving secure cloud-native development practices and automation through Infrastructure as Code (Terraform, CloudFormation).
• Guide secure adoption of containerization technologies (Docker, Kubernetes) and ensure appropriate controls in enterprise deployments.
• Partner with Engineering to advance and automate PKI, identity security, and authentication/authorization services.
• Provide architectural guidance for Microsoft platforms (Active Directory, Office 365, Azure, Windows Server), ensuring secure design and integration into enterprise systems.
• Define application and data security standards, including secure coding practices, API protection, encryption, and privacy-by-design.

Governance, Risk & Compliance

• Define and enforce security policies, standards, and guidelines, ensuring alignment with regulatory, industry, and organizational requirements.
• Partner with IT and business leaders to integrate security requirements into strategies, risk assessments, and technology initiatives.
• Ensure compliance with frameworks such as CIS, NIST, and ISO by embedding required controls into enterprise systems and operations.
• Provide oversight and guidance for the security exception process, balancing business needs with risk tolerance and compensating controls.

Innovation & Continuous Improvement

• Evaluate and pilot emerging security technologies through proofs of concept, identifying opportunities to strengthen enterprise security architecture.
• Continuously research and integrate new security capabilities into designs, ensuring the organization stays ahead of evolving threats and industry practices.
• Promote a culture of continuous improvement by refining security processes, raising standards, and advancing overall security maturity.

• Bachelor’s degree preferred in Computer Sciences, Information Technology, or related field. 
• Expertise in enterprise security frameworks and principles, including Zero Trust, secure-by-design, defense-in-depth.
• Broad technical knowledge across infrastructure, applications, databases, identity.
• Experience defining and maintaining security policies, standards, and reference architectures.
• Experience with container-based orchestration (Kubernetes and similar) and microservices architecture 
• Working knowledge of Zero Trust Network Architecture (ZTNA) 
• Familiarity with regulatory and industry standards such as PCI-DSS, GDPR, NIST, and ISO/IEC 27000 series.
• At least one industry standard certification such as GSEC, Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or other security vendor certification. 

Skills 

• Leadership & Collaboration — Team player who builds trust and influences at all levels; able to drive consensus across technical and business teams.
• Communication & Stakeholder Management — Excellent verbal/written skills; customer-focused with strong expectation management, proactive status updates, and high-quality deliverables.
• Execution & Process Discipline — Demonstrated leadership in prioritizing and executing methodically; manages multiple workstreams; follows detailed processes with high accuracy; solves complex problems with cross-functional stakeholders.
• Technical Security Expertise — Network design; mobile, network, and firewall security; vulnerability management and scanning; web application and browser security models; OWASP Top Ten; experience managing projects through the full SDLC.
• Threats, Detection & Response — Deep understanding of network attacks (e.g., DDoS, phishing), email security/protocols/anti-spam, encryption, authentication, logging and log analysis, IP/device reputation, and policy/rule management; hands-on experience with incident response, IPS/IDS, SIEM, and endpoint security solutions.
• Flexibility to travel as required up to 15% travel.