Sallie Mae
Senior Information Security Architect II
Join to apply for the
Senior Information Security Architect II
role at
Sallie Mae
Role Overview As a security architect with a specialization in enabling rapid and durable DevSecOps capabilities, you will be a strategic leader in shaping the security posture of the organization’s enterprise architecture. You will architect resilient, compliant, and scalable solutions that protect critical assets, mitigate risks, and enable a durable secure application development lifecycle that can be leveraged by all application development teams.
In this role, you will work closely with the enterprise architects and solution architects to ensure security is embedded across all architectural layers and aligned with business objectives and regulatory requirements. Your leadership will help the organization operate confidently in a dynamic threat environment while contributing to the development of enterprise-wide architectural principles, patterns, and standards to achieve our Secure‑by‑Design strategic intent.
Responsibilities
Contribute to the success of Enterprise Architecture foundation and framework.
Partner with other Enterprise Architects to articulate and evolve architectural principles, reusable patterns, and technology standards that promote secure design and interoperability.
Partner with other Solutions Architects and Application Development Leaders to develop and implement durable security controls anchored in OWASP ASVS for the secure application development environment.
Collaborate with the information security team to evangelize security best practices across the organization, promoting awareness and adoption among technical and non‑technical stakeholders to establish a security‑first culture.
Conduct risk assessments and threat modeling to identify vulnerabilities and implement mitigation strategies, including security controls, encryption, and access management solutions.
Evangelize secure‑by‑design principles across the organization, promoting awareness and adoption among technical and business stakeholders.
Partner with IT, DevOps, and business units to integrate security into system designs and promote a security‑first mindset.
Stay ahead of emerging security threats and trends, proactively addressing risks and advising on innovative solutions like zero‑trust architecture and secure APIs.
Qualifications
Thorough understanding of how security frameworks and architecture (e.g., NIST Cybersecurity Framework, MITRE ATT&CK framework, Zero Trust, PCI) are applied in a regulated financial services environment.
Track record of formulating and transforming security frameworks and application security verification best practices into practical repeatable patterns, templates, and copybooks used in AzureDevOps software build pipelines and AWS cloud resource configurations.
Background in secure system design, solid grasp of API‑based identity, conditional access and fine‑grained authorization management (IAAM), zero knowledge proof (ZKP), public key infrastructure (PKI), data encryption and network security.
Strong knowledge of cloud security principles automating DevSecOps practices in Azure DevOps, automating test‑driven design such as Playwright MCP, building resilient AWS Compute and Storage workloads, and securing Snowflake data sharing controls.
Ability to evangelize security best practices and influence cross‑functional teams.
Experience delivering software projects in fast‑paced, highly regulated environments (FDIC, etc.).
Excellent leadership and communication skills to articulate complex security concepts to diverse audiences.
Strong analytical and problem‑solving skills to assess and mitigate risks.
Ability to work collaboratively with information security teams, business stakeholders, and technical teams.
Preferred
A master’s degree in computer science, engineering, or a related technical field is required.
Preferred certifications: CISSP, CISM, CCSP, AWS Certified Security‑Specialty.
Minimum 10 years of experience in software architecture and design.
8+ years of experience in cybersecurity, with at least 5 years in an enterprise architecture role.
Familiarity with enterprise architecture frameworks (e.g., TOGAF, Zachman).
Equal Opportunity Employer Sallie Mae is proud to be an equal opportunity (EEO) employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, sexual orientation, national origin, age, genetic information, gender identity, disability, Veteran status or any other characteristic protected by federal, state or local law.
Reasonable accommodations are available for applicants with disabilities in all phases of the application and employment process. To request an accommodation please call (855) 756-2007 and choose option 9.
#J-18808-Ljbffr
Senior Information Security Architect II
role at
Sallie Mae
Role Overview As a security architect with a specialization in enabling rapid and durable DevSecOps capabilities, you will be a strategic leader in shaping the security posture of the organization’s enterprise architecture. You will architect resilient, compliant, and scalable solutions that protect critical assets, mitigate risks, and enable a durable secure application development lifecycle that can be leveraged by all application development teams.
In this role, you will work closely with the enterprise architects and solution architects to ensure security is embedded across all architectural layers and aligned with business objectives and regulatory requirements. Your leadership will help the organization operate confidently in a dynamic threat environment while contributing to the development of enterprise-wide architectural principles, patterns, and standards to achieve our Secure‑by‑Design strategic intent.
Responsibilities
Contribute to the success of Enterprise Architecture foundation and framework.
Partner with other Enterprise Architects to articulate and evolve architectural principles, reusable patterns, and technology standards that promote secure design and interoperability.
Partner with other Solutions Architects and Application Development Leaders to develop and implement durable security controls anchored in OWASP ASVS for the secure application development environment.
Collaborate with the information security team to evangelize security best practices across the organization, promoting awareness and adoption among technical and non‑technical stakeholders to establish a security‑first culture.
Conduct risk assessments and threat modeling to identify vulnerabilities and implement mitigation strategies, including security controls, encryption, and access management solutions.
Evangelize secure‑by‑design principles across the organization, promoting awareness and adoption among technical and business stakeholders.
Partner with IT, DevOps, and business units to integrate security into system designs and promote a security‑first mindset.
Stay ahead of emerging security threats and trends, proactively addressing risks and advising on innovative solutions like zero‑trust architecture and secure APIs.
Qualifications
Thorough understanding of how security frameworks and architecture (e.g., NIST Cybersecurity Framework, MITRE ATT&CK framework, Zero Trust, PCI) are applied in a regulated financial services environment.
Track record of formulating and transforming security frameworks and application security verification best practices into practical repeatable patterns, templates, and copybooks used in AzureDevOps software build pipelines and AWS cloud resource configurations.
Background in secure system design, solid grasp of API‑based identity, conditional access and fine‑grained authorization management (IAAM), zero knowledge proof (ZKP), public key infrastructure (PKI), data encryption and network security.
Strong knowledge of cloud security principles automating DevSecOps practices in Azure DevOps, automating test‑driven design such as Playwright MCP, building resilient AWS Compute and Storage workloads, and securing Snowflake data sharing controls.
Ability to evangelize security best practices and influence cross‑functional teams.
Experience delivering software projects in fast‑paced, highly regulated environments (FDIC, etc.).
Excellent leadership and communication skills to articulate complex security concepts to diverse audiences.
Strong analytical and problem‑solving skills to assess and mitigate risks.
Ability to work collaboratively with information security teams, business stakeholders, and technical teams.
Preferred
A master’s degree in computer science, engineering, or a related technical field is required.
Preferred certifications: CISSP, CISM, CCSP, AWS Certified Security‑Specialty.
Minimum 10 years of experience in software architecture and design.
8+ years of experience in cybersecurity, with at least 5 years in an enterprise architecture role.
Familiarity with enterprise architecture frameworks (e.g., TOGAF, Zachman).
Equal Opportunity Employer Sallie Mae is proud to be an equal opportunity (EEO) employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, sexual orientation, national origin, age, genetic information, gender identity, disability, Veteran status or any other characteristic protected by federal, state or local law.
Reasonable accommodations are available for applicants with disabilities in all phases of the application and employment process. To request an accommodation please call (855) 756-2007 and choose option 9.
#J-18808-Ljbffr