7,204 Security Lead jobs in the United States

• Design, implement, and manage the Cybersecurity Risk process, including intake workflows, assessment coordination, and centralized tracking.

• Develop comprehensive governance artifacts, including risk assessment templates, SOPs, operational guides, and reporting structures.

• Facilitate risk reviews, ensuring consistent and risk-aligned evaluation of technology projects.

• Track remediation efforts, monitor open findings, and support escalation of high-risk items to executive leadership.

• Ensure all processes align with applicable regulatory standards, including CJIS, HIPAA, and state cybersecurity mandates.

• Collaborate with the cybersecurity awareness team to develop and disseminate training materials targeted at project stakeholders.

• Promote a culture of cyber hygiene and compliance across departments through ongoing engagement and education.

• Prepare strategic roadmaps, presentations, and executive-level communication in support of cybersecurity objectives.

• Serve as the primary liaison between cybersecurity teams, project managers, and the IT Review Board, ensuring clear and consistent communication.

• Experience working in a public sector or regulated government environment.

• A High School Diploma or GED accompanied by a recognized cybersecurity certification (e.g., Security+, SSCP, or equivalent), or a Bachelor's degree in a related field such as Cybersecurity, Information Technology, or Information Systems.

• 5+ years of experience in Governance, Risk, and Compliance (GRC), cybersecurity, IT audit, or risk management.

• Demonstrated experience building or managing cybersecurity governance frameworks or review committees.

• Strong working knowledge of key security and privacy frameworks and regulations, including NIST CSF, ISO 27001, HIPAA, GDPR, and SOC 2.Skilled in developing SOPs, risk documentation, and leadership-ready reporting artifacts.

• Excellent written and verbal communication skills with experience engaging technical and non-technical stakeholders.

• Proficient with collaboration and intake platforms such as SharePoint, ServiceNow, or Excel-based dashboards.

• Practical experience using GRC platforms such as Archer, ServiceNow GRC, or MetricStream.

• Familiarity with cybersecurity awareness platforms (e.g., KnowBe4) and training implementation strategies.

• Strong analytical, organizational, and problem-solving skills.

• Ability to communicate effectively with technical and non-technical audiences.

• Knowledge of cybersecurity principles, risk management practices, and regulatory environments.

• Proficient in Microsoft Office 365, including Excel, PowerPoint, and SharePoint.

• Ability to work independently and collaboratively in a fast-paced environment.

• Hybrid - 3 days in office 2 WFH

• Develop and implement information security strategies, policies, and procedures.
• Lead and mentor a team of information security professionals.
• Oversee security operations, including threat detection, incident response, and vulnerability management.
• Conduct regular risk assessments and implement mitigation strategies.
• Ensure compliance with industry regulations and security frameworks (e.g., NIST, ISO 27001).
• Manage security awareness training programs for all employees.
• Evaluate, select, and implement security technologies and solutions.
• Respond to and manage security incidents, including investigation and remediation.
• Monitor security alerts and proactively identify potential threats.
• Collaborate with IT teams to ensure secure system configurations and operations.
• Develop and maintain security documentation and reports.

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Master's degree or relevant certifications (CISSP, CISM, CEH) are highly preferred.
• 7+ years of experience in information security, with at least 3 years in a leadership or management role.
• Proven experience in developing and implementing cybersecurity programs.
• In-depth knowledge of cybersecurity principles, technologies, and best practices.
• Experience with risk management, incident response, and vulnerability assessment.
• Familiarity with relevant security compliance standards and regulations.
• Excellent leadership, communication, and interpersonal skills.
• Strong analytical and problem-solving abilities.
• Ability to work effectively under pressure and manage critical situations.

INFORMATION SECURITY LEAD ARCHITECT, Information Security

Job Description

INFORMATION SECURITY LEAD ARCHITECT, Information Security

Category

Charles River Campus --> Professional

Job Location

BOSTON, MA, United States

Tracking Code

25500149440718

Posted Date

7/21/2025

Salary Grade

Grade 52

Position Type

Full-Time/Regular

Boston University Information Services & Technology (IS&T) is seeking applicants with diverse skills and experiences to join our innovative and inclusive community. You will join as an Information Security Lead Architect where you will lead our efforts to advance Boston University's technological ecosystem by designing, implementing, and evolving security architectures that protect and enable our institutional capabilities. As part of the IS&T Information Security team, you will report to Director of Information Security and collaborate not only with IS&T colleagues, but with members of the broader university community and leadership. You Will:

• Collaborate strategically with technology teams and business units to develop innovative security approaches that balance robust protection with operational excellence.

• Drive the evolution of security policies, standards, and review processes that support the university's technological agility and strategic objectives.

• Deploy and maintain security services that proactively defend and intelligently support our technological infrastructure.

Required Skills

You Will Have:

• Bachelor's degree in computer science, Information Technology, or related field preferred.

• Demonstrated expertise in enterprise systems architecture, with substantial experience across Windows, UNIX, and Linux environments.

• Strong understanding of complex security landscapes, including compliance frameworks such as HIPAA, PCI, and NIST standards.

• Proven ability to translate technical challenges into strategic solutions, with exceptional communication skills and a track record of collaborative leadership.

• 5+ years of progressively responsible experience in information security.

• U.S. citizenship required. Bonus Qualifications: If you do not meet these, you are still encouraged to apply; we value employees with a willingness to learn.

• CISSP, TOGAF, or equivalent certifications.

• Experience in higher education technology environments.

Boston University offers an excellent benefits package including Time Off: In addition to PTO and leave policy, BU employees have a paid intersession break and 13 paid holidays. Retirement: University-funded retirement plan with full vesting after 2 years of eligible service. Tuition Assistance Program: Competitive tuition assistance program for yourself and family members. Check out ( and ( for more information! Boston University IS&T invests in our staff and their personal and professional growth. We promote staff learning including lunch and learn sessions, an extensive library of online courses, Fun Advisory Board (FAB) arranges a number of events throughout the year and opportunities to engage with peers at NERCOMP and EDUCAUSE events.

If you require a reasonable accommodation in order to complete the employment application process, please contact the Equal Opportunity Office at . We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We, at IS&T, appreciate each individual's knowledge, experiences and insights which enhance who we are, and as our DEIA knowledge and practice grows, we will ensure that our Mission, Vision, & Practices remain equitable and welcoming to all.

We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, natural or protective hairstyle, religion, sex, age, national origin, physical or mental disability, sexual orientation, gender identity, genetic information, military service, pregnancy or pregnancy-related condition, or because of marital, parental, or veteran status. We are a VEVRAA Federal Contractor.

Required Skills

Job Location: BOSTON, MA

Position Type: Full-Time/Regular

Salary Grade: Grade 52

To apply, visit (

Copyright 2025 Jobelephant.com Inc. All rights reserved.

Posted by the FREE value-added recruitment advertising agency (

jeid-38d4515ab394d44892a169a9c758a92e

Boston University Information Services & Technology (IS&T) is seeking applicants with diverse skills and experiences to join our innovative and inclusive community. You will join as an Information Security Lead Architect where you will lead our efforts to advance Boston University's technological ecosystem by designing, implementing, and evolving security architectures that protect and enable our institutional capabilities. As part of the IS&T Information Security team, you will report to Director of Information Security and collaborate not only with IS&T colleagues, but with members of the broader university community and leadership. You Will:

• Collaborate strategically with technology teams and business units to develop innovative security approaches that balance robust protection with operational excellence.
• Drive the evolution of security policies, standards, and review processes that support the university's technological agility and strategic objectives.
• Deploy and maintain security services that proactively defend and intelligently support our technological infrastructure.

Required Skills

You Will Have:

• Bachelor's degree in computer science, Information Technology, or related field preferred.
• Demonstrated expertise in enterprise systems architecture, with substantial experience across Windows, UNIX, and Linux environments.
• Strong understanding of complex security landscapes, including compliance frameworks such as HIPAA, PCI, and NIST standards.
• Proven ability to translate technical challenges into strategic solutions, with exceptional communication skills and a track record of collaborative leadership.
• 5+ years of progressively responsible experience in information security.
• U.S. citizenship required. Bonus Qualifications: If you do not meet these, you are still encouraged to apply; we value employees with a willingness to learn.
• CISSP, TOGAF, or equivalent certifications.
• Experience in higher education technology environments. Boston University offers an excellent benefits package including: Time Off: In addition to PTO and leave policy, BU employees have a paid intersession break and 13 paid holidays. Retirement: University-funded retirement plan with full vesting after 2 years of eligible service. Tuition Assistance Program: Competitive tuition assistance program for yourself and family members. Check out and for more information! Boston University IS&T invests in our staff and their personal and professional growth. We promote staff learning including lunch and learn sessions, an extensive library of online courses, Fun Advisory Board (FAB) arranges a number of events throughout the year and opportunities to engage with peers at NERCOMP and EDUCAUSE events. If you require a reasonable accommodation in order to complete the employment application process, please contact the Equal Opportunity Office at . We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We, at IS&T, appreciate each individual's knowledge, experiences and insights which enhance who we are, and as our DEIA knowledge and practice grows, we will ensure that our Mission, Vision, & Practices remain equitable and welcoming to all.

_We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, natural or protective hairstyle, religion, sex, age, national origin, physical or mental disability, sexual orientation, gender identity, genetic information, military service, pregnancy or pregnancy-related condition, or because of marital, parental, or veteran status. We are a VEVRAA Federal Contractor. _

__

Required Experience

Qualifications:
You Will Have:

• Bachelor's degree in computer science, Information Technology, or related field preferred.
• Demonstrated expertise in enterprise systems architecture, with substantial experience across Windows, UNIX, and Linux environments.
• Strong understanding of complex security landscapes, including compliance frameworks such as HIPAA, PCI, and NIST standards.
• Proven ability to translate technical challenges into strategic solutions, with exceptional communication skills and a track record of collaborative leadership.
• 5+ years of progressively responsible experience in information security.
• U.S. citizenship required. Bonus Qualifications: If you do not meet these, you are still encouraged to apply; we value employees with a willingness to learn.
• CISSP, TOGAF, or equivalent certifications.
• Experience in higher education technology environments. Boston University offers an excellent benefits package including: Time Off: In addition to PTO and leave policy, BU employees have a paid intersession break and 13 paid holidays. Retirement: University-funded retirement plan with full vesting after 2 years of eligible service. Tuition Assistance Program: Competitive tuition assistance program for yourself and family members. Check out and for more information! Boston University IS&T invests in our staff and their personal and professional growth. We promote staff learning including lunch and learn sessions, an extensive library of online courses, Fun Advisory Board (FAB) arranges a number of events throughout the year and opportunities to engage with peers at NERCOMP and EDUCAUSE events. If you require a reasonable accommodation in order to complete the employment application process, please contact the Equal Opportunity Office at . We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We, at IS&T, appreciate each individual's knowledge, experiences and insights which enhance who we are, and as our DEIA knowledge and practice grows, we will ensure that our Mission, Vision, & Practices remain equitable and welcoming to all.

_We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, natural or protective hairstyle, religion, sex, age, national origin, physical or mental disability, sexual orientation, gender identity, genetic information, military service, pregnancy or pregnancy-related condition, or because of marital, parental, or veteran status. We are a VEVRAA Federal Contractor. _

__

The Info Sec Prof Lead Analyst is an intermediate level position responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

Responsibilities:

• Develop corrective action language for Information Security (IS) gaps and ensure risk closure meets Citi requirements or industry best practices

• Facilitate the implementation of approved IS tools and identify/recommend new or improved security solutions or emerging technologies

• Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions

• Ensure IS compliance and seek opportunities to enhance the efficiency of IS policies and procedures

• Identify significant IS threats and vulnerabilities, and define appropriate controls for discovered threats, documenting the business response

• Disseminate changes to IS regulations and standards to Business and Program owners

• Provide Information Security advice and counsel as needed

• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.

Qualifications:

• 6-10 years of relevant experience

• Additional technical certifications are preferred

• Demonstrated ability to research and apply current information regarding the IS field

• Consistently demonstrates clear and concise written and verbal communication

• Proven influencing and relationship management skills

• Proven analytical skills

Education:

• Bachelor's degree/University degree or equivalent experience

• Master's degree preferred

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Job Family Group:

Technology

Job Family:

Information Security

Time Type:

Full time

Primary Location:

Jacksonville Florida United States

Primary Location Full Time Salary Range:

$113,840.00 - $170,760.00

In addition to salary, Citi's offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

Most Relevant Skills

Please see the requirements listed above.

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

Anticipated Posting Close Date:

Aug 27, 2025

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi ( .

View Citi's EEO Policy Statement ( and the Know Your Rights ( poster.

Citi is an equal opportunity and affirmative action employer.

Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

• Own the technical roadmap for Microsoft Azure and Microsoft 365 security controls (Defender, Sentinel, Purview), SaaS SSO integrations (Entra ID, Cisco DUO MFA), and segmentation of our OneHealthCareID (OHID) customer portal.
• Evaluate and implement tooling for vulnerability scanning, container/cloud posture management, and secrets management.
• Partner with Development (CI/CD in Azure DevOps) to embed security into pipelines (SAST, DAST, IaC). Champion infrastructure as code and automation using Python and PowerShell.

• Serve as tactical leader for the Security Operations Center, ensuring high-fidelity alert triage, threat hunting, and purple-team exercises.
• Build and refine detection engineering for cloud and on-prem environments, with an emphasis on Microsoft 365 threat vectors (Business Email Compromise, identity takeover).
• Coordinate tabletop exercises with the Pharmscript leadership, Business Operations and the IT organization.

• Direct the corporate vulnerability management program end-to-end: discovery, prioritization, remediation, and executive reporting.
• Drive timely remediation SLAs across infrastructure, applications, and third-party components; track progress through metrics dashboards.

• Lead annual NIST 800-53 / HIPAA risk assessment and drive POAM remediation to closure.
• Maintain policy exceptions, risk records, and metrics dashboards for C-suite and Optum ESRO reporting. Serve as audit liaison for SOC 2, HITRUST, and customer assessments.

• Standardize role-based access across Azure, on-prem AD, and SaaS applications; champion privileged-access workflows.
• Oversee federation and MFA strategy for internal staff and external pharmacy customers.

• Act as technical lead for escalated incidents; refine playbooks for ransomware, ePHI exposure, and third-party compromise.
• Coordinate tabletop exercises with Genoa SOC and Optum Cyber Defense.

• Mentor Security Engineers and SOC team members
• Translate complex risk into business language for pharmacy operations, legal, and finance stakeholders. Manage security budget line items and vendor relationships.

• Bachelor's degree in an IT related discipline or equivalent experience.
• 3+ years of business experience in technology and/or technology/security audit
• 3+ years' experience with securing public cloud platforms (AWS, Azure, GCP).
• 1+ years of experience interacting with an executive audience.
• 1+ Experience with practical interpretation and application of policy and standards.
• Proven track record running enterprise vulnerability management and remediation programs.
• Experience presenting risk and remediation strategy to VP/C-level leaders.
• Experience with practical interpretation and application of policy and standards.
• Working knowledge of HIPAA Security Rule, NIST 800-53, and privacy principles.

• Security certifications (CISSP, CCSP, Azure Security Engineer, HCISPP)
• Experience integrating with large to enterprise security programs.
• Prior leadership of a small security engineering or GRC team.
• Customer-facing leadership experience (e.g., support or client services).
• Hands-on expertise securing Microsoft Azure and Microsoft 365 (IAM, networking, Defender, Sentinel, Purview).
• Proficiency in Python and PowerShell scripting for security automation, tooling and integration.

• May sit or stand seven (7) to ten (10) hours per day
• The employee is occasionally required to sit; climb or balance; and stoop, kneel, bend, crouch, walk, crawl intermittently
• May be necessary to work extended hours as needed
• May lift and/or move up to 25 pounds
• The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this role

• Relates well to constraints experienced by business partners and finds practical, win-win solutions
• Analyzes customer needs; ensures solutions meet business and security requirements
• Holds self and others accountable for meeting customer needs and expectations in a timely, professional manner
• Maintains high personal accountability; takes ownership of issues, develops effective remediation approaches, and drives for results
• Employs business acumen to develop appropriate solutions and solve problems - understands business risks and business objective
• Understands health care delivery and provider environments
• Able to translate business needs into information security requirements
• Ability to communicate technical security risks in a manner that resonates with business leaders
• Able to establish and manage to a planned set of related activities with a focus on hitting deadlines

• Medical, Prescription Drug, Dental, and Vision coverage for you and your eligible dependents
• Maternity care program and infertility services
• Tax-favored Health Savings Accounts, Healthcare, and Dependent Care Flexible Spending Accounts
• EAP Assistance Program with 24/7 access to free counseling, legal guidance, and financial resources

• 15 PTO days annually and 6 paid/floating holidays

• 401(k) retirement planning with company match

• Transit/Parking Spending Account

• Employee Life and Accidental Death & Dismemberment, Short/Long-term Disability, Critical Illness, Accident, and Hospital Indemnity plans are available for you and eligible dependents

• Legal & Identity Theft Protection Programs
• Employee Discounts: Instant savings on hundreds of products and services
• Pet Insurance
• Employee Support Program to eligible employees in times of urgent need

Job Summary:

The Information Security Lead Analyst is a seasoned professional that works independently with limited supervision and has responsibility in the enterprise Information Security program. This role works closely with Information Technology, Enterprise Risk Management (ERM), Legal, Human Resources, Audit & Compliance, and Procurement to ensure appropriate controls are in place to manage risk. This role also helps to ensure compliance with Information Security Policy, Standards, Guidelines, and regulatory frameworks (NIST CSF, CIS, FFIEC, NYDFS, and data privacy regulations).

The Information Security Lead Analyst is expected to be a subject matter expert (SME) in Information Security risk, having advanced knowledge of risk management strategies, frameworks, operations, etc. The Lead Analyst is expected to be proficient and have advance knowledge managing third-party information security risk. The Lead Analyst is expected to have advanced knowledge of Information Technology and Information Security terminology, concepts, practices, and requirements. The Lead Analyst is expected to be proficient with governance, policies, standards, exceptions, education, training, and awareness, and compliance initiatives.

The Lead Analyst is not expected to be a people leader but is expected to lead programs and/or initiatives, guiding work from resources and coordinating with stakeholders. The Lead Analyst is expected to exhibit advanced critical thinking, problem-solving, and solutioning skills with attention to detail and collaboration with peers and stakeholders.

Job Responsibilities:

• Working independently or with minimal supervision, is responsible for supporting, providing oversight, and/or leading a program function in any of the following areas:
  • Information Security Operations
  • Information Security GRC
    • Risk Management
    • Vendor Information Security Risk Management
    • Information Security Education, Training, and Awareness (SETA)
    • Enterprise governance (policy, standards, guidelines, program maturity, etc.)
    • Compliance (legal, contractual, regulatory, etc.)
• Design and administer security compliance assessments on new and existing systems, processes, and technology.
• Design, build, and establish enterprise security policies, standards and guidelines.
• Build and administer controls assessments and determine adequacy, appropriateness, and effectiveness.
• Responsible for working on and resolving complex information security issues utilizing a high degree of integrity and trust.
• Responsible for supporting and/or leading the Vendor InfoSec Risk Management effort. This includes defining and monitoring the security risk profiles of third-party vendors and identifying appropriate risk management activities.
• Design and perform risk assessments, gap analysis, and management of a Risk Register.
• Able to function as a Subject Matter Expert (SME) for internal and external security audit and compliance efforts.
• Promotes a strong security culture throughout the organization.
  • Maintains knowledge of best practice security frameworks, industry-recognized information technology control standards, and other industry resources and translates them into educational formats.
  • Acts as a security risk management ambassador to internal customers.
  • Actively participates and leads in security related planning meetings, project teams and workgroups.
  • Develops, leads, coordinates, and presents security education training and awareness program materials.
  • Trains and onboards new employees on GRC roles and responsibilities.
• Supports leadership in establishing and maintain security metrics and reporting.
• Research IT security issues and products.
• Develops and manages internal GRC projects and initiatives.
• Stays informed on developing regulatory and industry requirements and information security trends.
• Travels occasionally to participate in special assignments, training, and/or travel between office locations.

Job Qualifications:

• 7+ of years of information security experience
• Bachelor's degree in computer science, information technology, security, a related field, or equivalent work experience.

Licenses and Certifications:

• Must hold one or more industry recognized certifications, such as: Security+, Network+, CISSP, CRISC, CISA, CCSK, etc.

Behavioral Competencies:

• Collaborates
• Communicates Effectively
• Customer Focus
• Decision Quality
• Nimble Learning
• Builds Effective Teams
• Business Insight
• Develops Talent
• Directs Work
• Ensures Accountability
• Manages Complexity
• Drives Vision and Purpose
• Strategic Mindset

Technical Skills:

• Network Security
• Incident Response
• Security Monitoring
• Vulnerability Management
• Threat Intelligence
• Identity Management
• Encryption Techniques
• Security Assessments
• Troubleshooting
• Dynamic Application Security Testing
• Data Security

• Manage cloud infrastructure (AWS) and support development teams in optimizing build and deployment workflows.
• Manage personnel devices including onboarding/offboarding, software provisioning, and patch management.
• Manage security infrastructure including access control, penetration testing, and compliance.
• Manage security tools and conduct regular audits, risk assessments, and security awareness training.
• Monitor vulnerabilities and respond to security alerts.
• Develop, maintain, and monitor CI/CD pipelines for efficient and secure code deployment.
• Implement and maintain security policies, procedures, and controls in compliance with industry standards (e.g., SOC 2, GDPR, etc.).

• 2+ years of combined experience in DevOps, Information Security and Cloud Infrastructure.
• Bachelor's degree in computer science, information security, or a related field.
• Experience with DevOps practices and tools such as GitHub Actions, Docker, and AWS.
• Strong understanding of network fundamentals, VPNs, and firewall configurations.
• Hands-on experience with device management tools such as MS Intune.
• Knowledge of cybersecurity principles and experience implementing security frameworks in fintech or other regulated industries (SOC 2, GDPR, CCPA, etc.).
• Excellent problem-solving skills, a proactive mindset, and the ability to work cross-functionally.
• Familiarity with compliance audits and regulatory requirements in financial services is a plus
• Proficiency in scripting languages such as Python is a plus.