Information Security Architect

We are seeking a highly technical and forward-thinking security architect to help shape the future of enterprise security architecture, cloud security, and secure AI enablement across the organization.  The Information Security Architect will help define and engineer secure enterprise architectures that enable modernization initiatives across cloud, AI, infrastructure, identity, applications, and data platforms.

This role is ideal for an experienced security architect who enjoys solving complex engineering and architectural challenges, influencing enterprise technology strategy, and building scalable security capabilities that enable innovation at scale.   The role combines deep technical expertise with practical security engineering and architecture responsibilities across enterprise platforms and modernization initiatives.

 

As a member of the Security Architecture & Engineering group, the Information Security Architect will partner directly with infrastructure, cloud engineering, application development and security leadership to help shape and secure technology decisions across the enterprise.  This includes performing architecture reviews, developing technical standards, conducting threat modeling exercises, evaluating emerging technologies, and designing scalable security controls that align with enterprise and regulatory requirements.

This is a unique opportunity to:

• Design and build enterprise security reference architectures and secure technology patterns.
• Work hands-on with cloud, infrastructure, engineering, and application teams to implement modern security capabilities.
• Help shape enterprise modernization initiatives including AI enablement, Zero Trust architecture, DevSecOps, and secure platform engineering.
• Evaluate emerging technologies and help define how modern security capabilities are adopted and operationalized across the enterprise.
• Drive practical security engineering improvements that strengthen resiliency, visibility, automation, and operational efficiency.
  
  

Position Summary

The Information Security Architect is responsible for designing, documenting, and enabling secure enterprise technology architecture and foundational security capabilities across the organization. This role focuses heavily on hands-on architecture development, technical security design, engineering collaboration, and security enablement.

 

Reporting to the Director of Security Architecture & Engineering, the Information Security Architect will work closely with Infrastructure, Cloud Engineering, Enterprise Architecture, Application Development, Platform Engineering, and Cybersecurity Operations teams to integrate security into enterprise systems, platforms, and technology services.

The role requires strong technical depth across multiple security domains including cloud security, identity security, network security, endpoint security, application security, AI security, and data protection, along with the ability to translate security requirements into practical and scalable technical solutions.

Key Responsibilities

Security Architecture & Technical Design

• Develop enterprise security reference architectures, technical standards, secure design patterns, and implementation guidance.
• Perform architecture and design reviews for enterprise applications, cloud platforms, infrastructure services, and technology integrations.
• Conduct threat modeling and technical risk assessments to identify security gaps and recommend mitigation strategies.
• Create secure configuration baselines and security blueprints for enterprise platforms and shared technology services.
• Design scalable and reusable security patterns that promote consistency, resiliency, and operational efficiency across environments.
  
  

Cloud Security Architecture

• Design and implement secure architecture patterns for AWS, Azure, hybrid cloud, and on-premises environments.
• Define cloud security guardrails, network segmentation patterns, logging standards, and access control models.
• Partner with cloud and infrastructure teams to implement secure-by-default cloud services and platform configurations.
• Support container security, Kubernetes security, Infrastructure-as-Code (IaC) security, and DevSecOps initiatives.
• Evaluate and integrate cloud-native security tooling including CSPM, CWPP, secrets management, and workload protection technologies.
  
  

Network & Endpoint Security

• Design secure network architectures leveraging Zero Trust principles, ZTNA, micro segmentation, secure remote access, and software-defined perimeter concepts.
• Develop network security standards related to segmentation, east-west traffic controls, secure connectivity, and enterprise access patterns.
• Partner with endpoint engineering teams to improve endpoint hardening, EDR/XDR integrations, device security, and enterprise visibility capabilities.
• Support secure architecture design for remote workforce technologies, enterprise mobility, and distributed enterprise environments.
  
  

Identity & Access Security

• Collaborate with Identity Security teams to design secure authentication, authorization, federation, and privileged access architectures.
• Integrate identity-centric security controls into enterprise applications, cloud platforms, and infrastructure environments.
• Support implementation of Zero Trust identity principles including least privilege access, adaptive authentication, and strong identity governance controls.
  
  

Application & AI Security

• Partner with development and DevOps teams to integrate security controls into the software development lifecycle and CI/CD pipelines.
• Perform secure application architecture reviews and support secure coding, API security, secrets management, and software supply chain security initiatives.
• Conduct application threat modeling and advise on secure design approaches for modern applications and APIs.
• Evaluate AI platforms, generative AI tools, and AI-assisted development technologies to identify security risks and define secure usage patterns.
• Develop security guidance for AI model governance, secure AI development, data protection, and responsible AI adoption.
  
  

Data Security & Security Engineering Enablement

• Support enterprise data security initiatives including encryption, data classification, DLP, tokenization, and key management architectures.
• Design and integrate foundational security capabilities that improve enterprise protection, telemetry, automation, and resiliency.
• Evaluate third-party technologies and conduct technical security assessments for vendor platforms and enterprise integrations.
• Support automation and engineering initiatives that improve operational efficiency, security visibility, and control effectiveness.
  
  

Qualifications

• Bachelor's Degree required.
• 8+ years of experience in cybersecurity, security architecture, cloud security, infrastructure security, or related technical disciplines.
• Strong experience designing and implementing enterprise security architectures and technical security standards.
• Familiarity with AI security concepts, secure AI platform adoption, and risks associated with generative AI technologies.
• Deep technical knowledge of AWS, Azure, hybrid cloud environments, and cloud-native security capabilities.
• Experience with Zero Trust architecture, ZTNA, micro segmentation, network security controls, and endpoint security technologies.
• Hands-on experience with identity security concepts including SSO, MFA, federation, PAM, RBAC/ABAC, and identity governance.
• Experience supporting application security and DevSecOps initiatives including CI/CD security, API security, threat modeling, and secure SDLC practices.
• Experience with enterprise security technologies including EDR/XDR, SIEM, DLP, CASB, vulnerability management, CSPM, and cloud-native security tooling.
• Strong analytical, troubleshooting, and problem-solving skills with the ability to work independently on complex technical initiatives.
• Strong communication skills with the ability to explain technical security concepts to both technical and non-technical stakeholders.
  
  

Preferred

• Experience in financial services or other highly regulated industries.
• Professional certifications such as CISSP, CCSP, CISM, SABSA, AWS Security Specialty, Azure Security Engineer, or GIAC certifications.
• Familiarity with regulatory and security frameworks including NIST CSF, ISO 27001, CIS Controls, SOX, GLBA, NYDFS, and PCI-DSS.
• Experience with scripting, automation, Infrastructure-as-Code, and security engineering enablement practices.
• Experience supporting enterprise modernization initiatives involving cloud transformation, Zero Trust, AI enablement, and secure platform engineering.

 

The base salary range for this position is $145,000 - $185,000 per year. This range reflects the minimum and maximum base salary we reasonably expect to pay for this role. In addition, this position may be eligible to participate in the relevant business unit’s incentive compensation plan, and other compensation programs as applicable. Eligible employees may participate in a 401(k) program with a generous profit-sharing contribution, medical, prescription dental, and vision coverage; life insurance; disability coverage; paid holidays; vacation; and sick time, subject to plan terms and Company policies.

 

 

About Bessemer Trust

Bessemer Trust is a family office, overseeing more than $250 billion in assets for over 3,000 individuals and families of substantial wealth. Its more than 1,300 employees are singularly focused on private wealth management — disciplined investment management, sophisticated wealth planning, comprehensive family office services, and highly personalized client service.

 

Established in 1907 as the family office for Annie and Henry Phipps, Bessemer Trust is in its seventh generation of ownership by the Phipps family. As a self-made entrepreneur, Henry Phipps was a founding partner and chief financial officer of Carnegie Steel.

 

Bessemer Trust retains its original focus as a privately owned and independent wealth manager deeply committed to its mission of providing peace of mind to its clients. Bessemer’s adherence to putting clients’ interests first, fiduciary mindset, and highly collaborative culture are at the heart of everything the firm does.

 

Key Facts:

• For 119 years, Bessemer Trust has operated continuously in a single line of business, independently owned by one family.
• Headquartered in New York’s Rockefeller Center, Bessemer Trust has 22 offices in total. Woodbridge, NJ, is one of the firm’s largest offices, which hosts a wide range of technology and operations professionals. In addition to its sizable presence in New York and Woodbridge, the firm provides client service through offices in Atlanta, Boston, Chicago, Dallas, Delaware, Denver, Garden City, Grand Cayman, Greenwich, Houston, Los Angeles, Miami, Naples, Nevada, Palm Beach, San Diego, San Francisco, Seattle, Stuart, and Washington, D.C.
• To watch a video about Bessemer Trust’s history, click here.
• To learn more about Bessemer Trust, click here.

About Our Employee Rewards and Benefits:

We provide exceptional rewards and benefits that are among the best in the industry, giving our people access to a wide range of options, including:

• Competitive base salary plus discretionary annual bonus for select positions
• A 401(k) plan with a generous annual profit-sharing contribution
• Personalized development and career opportunities, including tuition reimbursement support
• Comprehensive medical, dental, and vision plans with zero contributions for employee coverage
• Employee assistance (EAP) and wellness programs
• Hybrid work environment: 60% in office, 40% remote for most positions
• Paid time off and paid parental leave
• Employer-paid life insurance and short- and long-term disability coverage
• Legal services and financial wellness plans at no cost to employees

 Bessemer Trust is committed to creating a diverse and inclusive environment and is proud to be an equal opportunity employer. We encourage candidates of diverse backgrounds to apply.