Security Architect

Position Purpose:

The Security Architect is responsible for designing governing and advancing the cybersecurity architecture strategy across Veolia North America. This role serves as the technical authority for enterprise security architecture cloud security identity and access management application security and infrastructure security while ensuring alignment with business objectives regulatory requirements and operational resilience needs.

The Security Architect partners closely with Infrastructure Digital OT Engineering Enterprise Applications Legal Compliance and Business Leadership teams to ensure security is embedded into technology decisions from concept through implementation.

Primary Duties/Responsibilities:

• Develop and maintain the enterprise security architecture roadmap aligned with business and technology strategies.
• Define and maintain security architecture standards patterns and reference architectures.
• Evaluate emerging technologies and assess security risks and opportunities.
• Translate cybersecurity strategy into actionable architecture initiatives and technical requirements.
• Provide architectural guidance for mergers acquisitions and divestitures.
• Lead security architecture reviews for new projects systems and major technology changes.
• Establish and maintain a Security by Design program integrated into project and procurement lifecycles.
• Define security requirements for applications infrastructure cloud services and third-party solutions.
• Ensure security controls are incorporated during design rather than after implementation.
• Design secure architectures for cloud hybrid and on-premises environments.
• Define security controls for AWS Microsoft Azure SaaS platforms and data protection technologies.
• Review network segmentation and remote access architectures.
• Partner with infrastructure teams to improve resilience and security posture.
• Support secure architecture initiatives for operational technology environments.
• Partner with OT teams to establish secure remote access segmentation and monitoring capabilities.
• Conduct architecture risk assessments and document mitigation strategies.
• Support cybersecurity audits regulatory reviews and compliance initiatives.
• Lead security evaluations of vendors products and services.
• Partner with global business units to unify security toolsets and ensure a consistent security posture across all international regions.
• Consolidate disparate security toolsets to minimize technical complexity decrease operational burdens and enhance enterprise-wide visibility.
• Establish and govern frameworks for international policy dissemination and adherence tracking to maintain uniform protection across all regions.
• Design and maintain a centralized logging strategy that aggregates data from cloud on-premises and OT environments.
• Define ingestion standards to ensure high-fidelity actionable data is collected for threat detection and incident response.
• Implement data normalization and enrichment processes to improve the quality of logs for SIEM and analytics platforms.
• Identify gaps in current logging coverage and lead initiatives to improve visibility across critical infrastructure and SaaS applications.
• Serve as a trusted advisor to business and technology leaders.
• Mentor engineers and analysts on security architecture principles.
• Lead cross-functional working groups and architecture review boards.
• Represent cybersecurity in enterprise architecture and technology governance forums.

Qualifications :

Education/Experience/Background:

• Required: Bachelors degree in Information Technology Computer Science Cybersecurity or equivalent relevant experience.
• Required: 5 years of cybersecurity experience with 2 of that in security architecture experience.

Knowledge/Skills/Abilities:

• Required: Experience conducting architecture reviews and risk assessments.
• Preferred: Experience supporting mergers and acquisitions (M&A).
• Preferred: Experience with operational technology (OT) or industrial control systems (ICS).
• Deep knowledge of enterprise security frameworks and standards.
• Experience securing cloud SaaS and hybrid environments.
• Experience with identity and access management technologies.
• Strong communication and stakeholder management skills.
• Experience with Zero Trust architecture initiatives.
• Familiarity with modern enterprise tooling: Google Workspace Microsoft Entra ID CrowdStrike Netskope ServiceNow AWS Azure and GCP.

Required Certification/Licenses/Training:

Preferred: Holding one or more of the following industry certifications is highly desirable:

• CISSP
• SABSA
• CCSP
• GIAC certifications
• TOGAF
• Microsoft Security certifications
• AWS Security Specialty

Additional Information :

Benefits: Veolias comprehensive benefits package includes paid time off policies as well as health dental vision life insurance savings accounts tuition reimbursement paid volunteering and addition employees are also entitled to participate in an employer sponsored 401(k) plan to save for retirement.

We are an Equal Opportunity Employer! All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability or protected veteran status.

Disclaimer: The salary other compensation and benefits information is accurate as of the date of this posting. The Company reserves the right to modify this information at any time subject to applicable law.

Remote Work :

No

Employment Type :

Full-time