The Staff Cybersecurity Architect - Security Controls is a strategic and technical authority responsible for designing, implementing, validating, and continuously improving enterprise security controls and guardrails. This role operationalizes policy, risk, and regulatory requirements into controls as code and evidence as data.

Principle Duties

• Design, develop, and implement the technical direction for enterprise security control architectures
• Champion secure by default guardrails over gates—standard baselines, configurations, and self-service patterns
• Define processes to enable control threat modeling and risk analyses
• Ensure controls are operationalized and continuously validated with automated SLIs/SLOs, drift detection, regression testing, and machine-verifiable audit evidence
• Author and maintain enterprise control standards, reference architectures, RACI models, exception handling patterns, and technical guardrails

Responsibilities

The Security Controls Architect partners deeply with engineering and platform teams to embed secure by default patterns across hybrid environments and target operating systems (Windows, macOS, RHEL, Windows Server). Key responsibilities include:

• Driving automated control health reporting, immutable audit evidence, and friction-reducing guardrails that enable the business
• Converting business risks and authoritative requirements into testable technical controls
• Evaluating and standardizing strategic platforms for control efficacy and architectural impact, including Splunk Cloud, Cribl Cloud, CrowdStrike Falcon, Microsoft Defender, Microsoft Purview, Varonis Data Security, and Tines
• Providing technical leadership and coaching on controls as code, test harnesses, adversary/atomic testing, and automation-first practices

Education and Experience

• Bachelor's degree in arts/sciences (BA/BS) or equivalent experience
• Active CISSP certification preferred
• Additional certifications (e.g., Microsoft SC-200/SC-400/AZ-500, Splunk Core Power User/Architect, CrowdStrike CCFA/CCFR, Varonis DSE, Jamf, RHCSA/RHCE, CISM, CSSLP, GIAC) preferred
• 8+ years of progressive experience in information technology security/infrastructure engineering/architecture
• 6+ years of security control implementation/architecture experience focused on technical control design, implementation, and validation in enterprise environments

What to Expect from RGA

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world
• Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought
• Join the bright and creative minds of RGA, and experience vast, endless career potential
• Compensation Range: $150,770.00 - $224,640.00 Annual Base pay varies depending on job-related knowledge, skills, experience, and market location
• RGA provides an annual bonus plan that includes all roles and some positions are eligible for participation in our long-term equity incentive plan
• RGA also maintains a full range of health, retirement, and other employee benefits
• RGA is an equal opportunity employer, and qualified applicants will be considered without regard to race, color, age, gender identity or expression, sex, disability, veteran status, religion, national origin, or any other characteristic protected by applicable equal employment opportunity laws.