Westfield Insurance
Join to apply for the
Information Security Lead Architect
role at
Westfield Insurance
The
Information Security Lead Architect
is responsible for leading the design and implementation of enterprise-wide cybersecurity architecture solutions that protect critical systems, data, and infrastructure. This role provides deep expertise in
security frameworks
such as
NIST CSF, ISO 27001, and Zero Trust , along with knowledge of
cloud security, identity and access management (IAM), and data protection technologies . The Lead Architect assesses security risks, defines technical requirements, and develops strategies to mitigate vulnerabilities while aligning with organizational and regulatory standards. The position involves designing secure network and cloud architectures, implementing strong access control models, and establishing encryption and monitoring mechanisms to enhance resilience across hybrid environments.
The role plays a vital part in
risk management , conducting assessments, identifying control gaps, and driving remediation strategies that strengthen the company’s overall security posture. As a
technical leader , the Information Security Lead Architect provides guidance, mentorship, and direction to security and technology teams, fostering collaboration, innovation, and continuous improvement. Serving as a trusted
subject matter expert , this role influences the selection, design, and implementation of moderate- to high-complexity security solutions, ensuring alignment with business objectives, compliance requirements, and industry best practices.
Responsibilities
Develop and contribute to the implementation of the information security architecture strategy and roadmap, aligning it with business objectives, regulatory requirements, and industry best practices
Provide guidance to the security team, overseeing the design and integration of security solutions
Work with business units, IT teams, executive leadership, and vendors to communicate security risks and strategies
Recommend and implement new security technologies and tools
Define and enforce security standards and frameworks
Collaborate with enterprise architects to integrate security controls into IT architecture
Develop and promote security architecture processes and templates
Conduct security architecture reviews and risk assessments, identifying potential vulnerabilities, weaknesses, and gaps in existing systems and proposing effective solutions to mitigate risks
Serve as a mentor to junior security architects and team members
Participate in security forums and conferences
Provide technical leadership and guidance to the information security team and other stakeholders, overseeing the design, implementation, and integration of security solutions across the organization
Ensure collaboration of business units, IT teams, and vendors to assess security requirements, evaluate solution options, and architect secure systems and applications that meet business needs while maintaining a strong security posture
Define and enforce information security standards, frameworks, and reference architectures, ensuring consistent and standardized security practices across all technology domains and projects
Oversee the conduct of security architecture reviews and risk assessments, identifying potential vulnerabilities, weaknesses, and gaps in existing systems and proposing effective solutions to mitigate risks
Oversee the design and implementation of security controls, such as firewalls, intrusion detection/prevention systems, encryption mechanisms, and secure network architectures, to protect the organization's assets and data
Collaborate with enterprise architects and IT stakeholders to integrate security controls and requirements into overall IT architecture frameworks, ensuring the security-by-design principle is followed throughout the development and implementation lifecycle
Provide subject matter expertise in security technologies and solutions, evaluating emerging security trends and products, and making recommendations for the adoption of new technologies to enhance the organization's security posture
Participate in security incident response and investigation activities, coordinating with internal teams and external entities to effectively respond to and mitigate security incidents, and providing guidance on post‑incident remediation actions
Qualifications
6‑10 years of experience in Information Security or related field.
Bachelor’s degree in Computer Science, Information Technology or a related field and/or commensurate experience. Master’s degree in a related field is preferred.
Licenses and Certifications
Certified Information Systems Security Professional (CISSP) preferred.
Certified Information Security Manager (CISM) preferred.
Azure Solutions Architect (Preferred), AWS Certified Solutions Architect
TOGAF preferred
Other relevant certifications
Preferred Qualifications, Skills, and Capabilities
Expertise in security practices and tools designed to protect containerized applications, including container image scanning, runtime protection, least‑privilege configurations, and native container security measures.
Experience in the design, implementation, and ongoing reviews of security controls for one or more public cloud providers (e.g., Azure, AWS).
Skills in the design, assessment, and implementation of encryption security controls, including protections against emerging quantum computing threats.
Proficiency in assessing overall network security posture and vulnerabilities, and designing and implementing network security controls (e.g., Firewalls, IPS, ZTNA).
Background in application security and the software development lifecycle.
Frameworks
Familiarity with the NIST Cybersecurity Framework.
Knowledge of ISO/IEC 27001 standards.
Understanding of the SABSA framework.
Regulatory
Awareness of GDPR (General Data Protection Regulation) requirements.
Knowledge of New York Department of Financial Services (DFS) cyber security regulations.
Understanding of the California Consumer Privacy Act (CCPA).
Strategic Mindset
Interpersonal Savvy
Effective Communications
Nimble Learning
Tech Savvy
Manages Ambiguity
Manages Complexity
Manages Conflict
Drives for results
Action Oriented
Location Hybrid – defined as working three or more days per week in the office if the employee’s residence is within 50 miles of Westfield Center, OH; or Remote – if the employee resides more than 50 miles from Westfield Center, OH
About Us Founded in 1848, Westfield is a global leader in property and casualty insurance, delivering superior risk insights and innovative solutions to customers through a diverse portfolio of insurance products. Westfield underwrites commercial, personal, surety, and specialty lines of coverage through a network of leading independent agents and brokers in the United States and specialty products through Lloyd’s of London Syndicate 1200. As a mutual insurance company with more than 3,000 employees, Westfield has revenues in excess of $4 billion and more than $10 billion in assets. Learn more at www.westfieldinsurance.com.
Equal Opportunity Employer United States: All applicants receive consideration for employment without regard to race, color, sex, religion, national origin, age, sexual orientation, gender identity, disability, or status as a protected veteran.
United Kingdom: Westfield is committed to equality of opportunity for all staff and applications from individuals are encouraged regardless of age, disability, sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships.
Referrals Referrals increase your chances of interviewing at Westfield Insurance by 2x
#J-18808-Ljbffr
Information Security Lead Architect
role at
Westfield Insurance
The
Information Security Lead Architect
is responsible for leading the design and implementation of enterprise-wide cybersecurity architecture solutions that protect critical systems, data, and infrastructure. This role provides deep expertise in
security frameworks
such as
NIST CSF, ISO 27001, and Zero Trust , along with knowledge of
cloud security, identity and access management (IAM), and data protection technologies . The Lead Architect assesses security risks, defines technical requirements, and develops strategies to mitigate vulnerabilities while aligning with organizational and regulatory standards. The position involves designing secure network and cloud architectures, implementing strong access control models, and establishing encryption and monitoring mechanisms to enhance resilience across hybrid environments.
The role plays a vital part in
risk management , conducting assessments, identifying control gaps, and driving remediation strategies that strengthen the company’s overall security posture. As a
technical leader , the Information Security Lead Architect provides guidance, mentorship, and direction to security and technology teams, fostering collaboration, innovation, and continuous improvement. Serving as a trusted
subject matter expert , this role influences the selection, design, and implementation of moderate- to high-complexity security solutions, ensuring alignment with business objectives, compliance requirements, and industry best practices.
Responsibilities
Develop and contribute to the implementation of the information security architecture strategy and roadmap, aligning it with business objectives, regulatory requirements, and industry best practices
Provide guidance to the security team, overseeing the design and integration of security solutions
Work with business units, IT teams, executive leadership, and vendors to communicate security risks and strategies
Recommend and implement new security technologies and tools
Define and enforce security standards and frameworks
Collaborate with enterprise architects to integrate security controls into IT architecture
Develop and promote security architecture processes and templates
Conduct security architecture reviews and risk assessments, identifying potential vulnerabilities, weaknesses, and gaps in existing systems and proposing effective solutions to mitigate risks
Serve as a mentor to junior security architects and team members
Participate in security forums and conferences
Provide technical leadership and guidance to the information security team and other stakeholders, overseeing the design, implementation, and integration of security solutions across the organization
Ensure collaboration of business units, IT teams, and vendors to assess security requirements, evaluate solution options, and architect secure systems and applications that meet business needs while maintaining a strong security posture
Define and enforce information security standards, frameworks, and reference architectures, ensuring consistent and standardized security practices across all technology domains and projects
Oversee the conduct of security architecture reviews and risk assessments, identifying potential vulnerabilities, weaknesses, and gaps in existing systems and proposing effective solutions to mitigate risks
Oversee the design and implementation of security controls, such as firewalls, intrusion detection/prevention systems, encryption mechanisms, and secure network architectures, to protect the organization's assets and data
Collaborate with enterprise architects and IT stakeholders to integrate security controls and requirements into overall IT architecture frameworks, ensuring the security-by-design principle is followed throughout the development and implementation lifecycle
Provide subject matter expertise in security technologies and solutions, evaluating emerging security trends and products, and making recommendations for the adoption of new technologies to enhance the organization's security posture
Participate in security incident response and investigation activities, coordinating with internal teams and external entities to effectively respond to and mitigate security incidents, and providing guidance on post‑incident remediation actions
Qualifications
6‑10 years of experience in Information Security or related field.
Bachelor’s degree in Computer Science, Information Technology or a related field and/or commensurate experience. Master’s degree in a related field is preferred.
Licenses and Certifications
Certified Information Systems Security Professional (CISSP) preferred.
Certified Information Security Manager (CISM) preferred.
Azure Solutions Architect (Preferred), AWS Certified Solutions Architect
TOGAF preferred
Other relevant certifications
Preferred Qualifications, Skills, and Capabilities
Expertise in security practices and tools designed to protect containerized applications, including container image scanning, runtime protection, least‑privilege configurations, and native container security measures.
Experience in the design, implementation, and ongoing reviews of security controls for one or more public cloud providers (e.g., Azure, AWS).
Skills in the design, assessment, and implementation of encryption security controls, including protections against emerging quantum computing threats.
Proficiency in assessing overall network security posture and vulnerabilities, and designing and implementing network security controls (e.g., Firewalls, IPS, ZTNA).
Background in application security and the software development lifecycle.
Frameworks
Familiarity with the NIST Cybersecurity Framework.
Knowledge of ISO/IEC 27001 standards.
Understanding of the SABSA framework.
Regulatory
Awareness of GDPR (General Data Protection Regulation) requirements.
Knowledge of New York Department of Financial Services (DFS) cyber security regulations.
Understanding of the California Consumer Privacy Act (CCPA).
Strategic Mindset
Interpersonal Savvy
Effective Communications
Nimble Learning
Tech Savvy
Manages Ambiguity
Manages Complexity
Manages Conflict
Drives for results
Action Oriented
Location Hybrid – defined as working three or more days per week in the office if the employee’s residence is within 50 miles of Westfield Center, OH; or Remote – if the employee resides more than 50 miles from Westfield Center, OH
About Us Founded in 1848, Westfield is a global leader in property and casualty insurance, delivering superior risk insights and innovative solutions to customers through a diverse portfolio of insurance products. Westfield underwrites commercial, personal, surety, and specialty lines of coverage through a network of leading independent agents and brokers in the United States and specialty products through Lloyd’s of London Syndicate 1200. As a mutual insurance company with more than 3,000 employees, Westfield has revenues in excess of $4 billion and more than $10 billion in assets. Learn more at www.westfieldinsurance.com.
Equal Opportunity Employer United States: All applicants receive consideration for employment without regard to race, color, sex, religion, national origin, age, sexual orientation, gender identity, disability, or status as a protected veteran.
United Kingdom: Westfield is committed to equality of opportunity for all staff and applications from individuals are encouraged regardless of age, disability, sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships.
Referrals Referrals increase your chances of interviewing at Westfield Insurance by 2x
#J-18808-Ljbffr