Candescent is a forward-thinking technology company transforming how financial institutions deliver Intelligent Banking experiences. We unite digital banking, account opening, and branch solutions that power and connect digital banking, account opening, and branch solutions—creating seamless engagement across digital, remote, and in-person channels.

Our Experience-Led, Intelligence-Driven approach combines human-centered design with data, automation, and cloud-based innovation. Built on an API-first architecture, our extensible ecosystem enables institutions to adapt quickly, integrate easily, and unlock new opportunities for growth—turning every customer interaction into a moment of clarity, confidence, and connection.

Job Summary

The Security Architect is a principal‑level individual contributor who operates as an enterprise security authority. This role is accountable for defining, governing, and evolving security architecture across critical business platforms, cloud environments, and enterprise services.

This role is expected to independently lead architectural decisions, influence senior engineering and technology leadership, and own long‑term security architecture strategy, not just project delivery. The Security Architect III represents security architecture in high‑risk, high‑impact initiatives and serves as a trusted advisor to leadership.

Key Responsibilities and Deliverables

Enterprise Security Architecture & Strategic Ownership

• Own and evolve enterprise‑level security architecture principles, reference architectures, and design standards across applications, infrastructure, and cloud platforms.
• Act as the primary security architecture decision authority for complex, high‑risk, or business‑critical initiatives (e.g., platform migrations, cloud transformations, third‑party integrations).
• Define future‑state security architectures and roadmaps aligned with business strategy, regulatory requirements, and technology direction.
• Provide architectural guidance to senior engineering leadership and influence design decisions without direct reporting authority.

Secure Engineering & Platform Enablement

• Partner with Platform, DevOps, and Infrastructure teams to embed security controls into CI/CD pipelines, infrastructure‑as‑code, and automation frameworks.
• Establish architectural guardrails for cloud security, Zero Trust / ZTNA, identity‑centric architectures, and service‑to‑service communication.
• Ensure resiliency through documented recovery patterns, redundancy planning, and architectural performance considerations.

Risk Leadership, Threat Modeling & Escalation

• Lead advanced threat modeling and architectural risk assessments for new platforms, major enhancements, and sensitive data flows.
• Translate regulatory and risk requirements (PCI, SOC 2, GLBA, internal standards) into scalable architectural controls.
• Serve as an escalation point for architecture‑related security incidents, design failures, or material risk decisions.

Governance, Standards & Audit Support

• Maintain authoritative ownership of security architecture documentation, including standards, reference designs, diagrams, and technical runbooks.
• Ensure architectural consistency and compliance across teams and initiatives.
• Support internal and external audits by providing architectural context, evidence, and remediation strategies.

Leadership, Mentorship & Influence

• Act as a senior mentor and technical leader for Security Architects and Engineers.
• Raise the overall architectural maturity of the organization through coaching, design reviews, and pattern reuse.
• Champion a culture of secure‑by‑design engineering, pragmatic risk management, and continuous improvement.

Qualifications and Experience

Required

• 10+ years of progressive experience in security engineering and architecture.
• 5+ years operating in a senior, lead, or principal‑level architecture role with enterprise scope.
• Proven ability to design and govern large‑scale, multi‑domain security architectures (cloud, hybrid, on‑prem).
• Deep expertise in network security, IAM, segmentation, encryption, and threat prevention services.
• Strong experience with infrastructure‑as‑code, automation, and CI/CD security integration.
• Exceptional communication skills with the ability to influence senior technical and business stakeholders.

Preferred

• Experience in financial services or other highly regulated environments.
• Prior ownership of enterprise migrations, platform modernizations, or post‑separation architectures.
• Industry certifications such as CISSP, CCSP, SABSA, or equivalent.

Statement to Third Party Agencies
To ALL recruitment agencies: Candescent only accepts resumes from agencies on the preferred supplier list. Please do not forward resumes to our applicant tracking system, Candescent employees, or any Candescent facility. Candescent is not responsible for any fees or charges associated with unsolicited resumes.