Americas Tax Technology Group - Security Architect - Senior Manager
About the role
The opportunity is to join the Americas Tax Technology Group (ATTG) as an Information Security Architect. ATTG collaborates with Tax to create digital and mobile tools that enhance internal operations and advanced capabilities in data-driven management, workflow optimization, analytics, automation, and artificial intelligence.
Responsibilities
- Design and mature information security capabilities across a defined platform or product ecosystem.
- Translate enterprise policies and security standards into practical control frameworks, design patterns, and implementation guidance.
- Define target-state security capabilities and drive adoption through repeatable, scalable processes.
- Establish meaningful metrics to measure control effectiveness, remediation progress, and overall program maturity.
- Embed security controls into software delivery and cloud engineering workflows, including CI/CD pipelines and pre-deployment validation.
- Partner with engineering teams to implement secure-by-design practices and preventative controls such as secrets protection, vulnerability gating, and policy enforcement.
- Promote automation and integration of security tooling to improve detection, prioritization, and remediation workflows.
- Lead risk identification, prioritization, and remediation planning for assigned platforms and services.
- Support internal audits, external assessments, regulatory reviews, and client assurance activities.
- Maintain documentation, control evidence, and implementation artifacts that are clear, defensible, and audit ready.
Requirements
- A bachelor's degree (computer science, engineering, accounting, finance preferred) or equivalent work experience.
- Master's degree preferred.
- 8–12+ years of experience in Information Security, Cloud Security, Security Architecture, or a related field.
- Approved technical certification is required.
- Demonstrated experience designing and operationalizing enterprise or platform security programs.
- Strong understanding of cloud security principles, with experience in Azure or comparable cloud environments.
- Experience working with audit, compliance, or regulatory frameworks in complex enterprise environments.
- Experience embedding security into DevSecOps and CI/CD pipelines.
- Familiarity with integrated security tooling across areas such as SAST, DAST, SCA, container security, CNAPP, and workflow or remediation platforms.
- Experience establishing measurable security outcomes such as vulnerability reduction, SLA performance, backlog trends, and control of health metrics.
- Background in highly regulated industries or client-facing assurance environments.
- Experience building closed-loop remediation processes from issue detection through validation and reporting.
Skills and attributes for success
- Oversee implementation of security controls across cloud infrastructure, identity, application, and workload environments.
- Drive continuous monitoring and risk visibility for vulnerabilities, misconfigurations, and control gaps.
- Serve as a key interface across Engineering, Architecture, Risk, Compliance, and Information Security teams.
- Drive alignment on priorities, governance, and remediation strategies across multiple stakeholders.
Qualifications
- A bachelor's degree (computer science, engineering, accounting, finance preferred) or equivalent work experience.
- Master's degree preferred.
- 8–12+ years of experience in Information Security, Cloud Security, Security Architecture, or a related field.
- Approved technical certification is required.
- Demonstrated experience designing and operationalizing enterprise or platform security programs.
- Strong understanding of cloud security principles, with experience in Azure or comparable cloud environments.
- Experience working with audit, compliance, or regulatory frameworks in complex enterprise environments.
- Experience embedding security into DevSecOps and CI/CD pipelines.
- Familiarity with integrated security tooling across areas such as SAST, DAST, SCA, container security, CNAPP, and workflow or remediation platforms.
- Experience establishing measurable security outcomes such as vulnerability reduction, SLA performance, backlog trends, and control of health metrics.
- Background in highly regulated industries or client-facing assurance environments.
- Experience building closed-loop remediation processes from issue detection through validation and reporting.
Benefits
At EY, we offer a comprehensive compensation and benefits package where you'll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $89,700 to $260,200. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $107,700 to $295,700. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options.
Pay
The base salary range for this job in all geographic locations in the US is $89,700 to $260,200. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $107,700 to $295,700. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography.
Schedule
We expect most people in external, client-serving roles to work together in person 60% of the time over the course of an engagement, project or year.