Senior Director Enterprise Security Architecture

Job Description

Company: Cencora

Location: Mount Pleasant Township, US

Position Overview

The Senior Director of Enterprise Security Architecture (ESA) leads the definition, governance and enforcement of the enterprise-wide security architecture strategy. This leader aligns cybersecurity architecture with business strategy, digital transformation, regulatory obligations and risk appetite, overseeing reference architectures, security design standards, architecture review boards, security requirements engineering and integration with Enterprise Architecture, Cloud, Data, AI, Infrastructure and Application domains. The role designs, implements, operates and maintains an information security framework, processes and systems that protect business assets and information against unauthorized use, disclosure, modification, damage and loss. The Senior Director partners closely with the CISO, other information security senior leaders and technology leadership teams to establish a scalable, measurable and continuously improving defense capability across all security domains.

Primary Responsibilities

• Define and maintain the enterprise security architecture vision and multi‑year roadmap.

• Align security architecture with corporate strategy, digital transformation and technology modernization initiatives.

• Establish target‑state architectures incorporating Zero Trust principles in collaboration with other information security and technology leaders.

• Translate risk appetite into enforceable architectural guardrails.

Develop and Maintain Standardized Reference Architectures For

• Cloud and hybrid infrastructure

• Identity & Access Management

• Data protection and privacy

• Network segmentation

• Application security

• AI/GenAI security

• OT/IoT (in partnership with OT senior cybersecurity leadership)

Additional Responsibilities

• Ensure security‑by‑design integration into SDLC and platform engineering models.

• Govern architecture artifacts across global business units.

• Chair or co‑chair the Security Architecture Review Board (SARB).

• Define security architecture review processes and risk exception workflows.

• Establish measurable design assurance criteria.

• Partner with Enterprise Architecture for integrated technology governance.

• Translate regulatory and risk requirements into technical control standards.

• Ensure compliance with global regulatory regimes (e.g., HIPAA, GDPR, SOX, FDA/GxP where applicable).

• Maintain or enforce enterprise security standards library mapped to NIST, ISO, SOC 2, PCI, HIPAA, GDPR, etc.

• Enable reusable security requirement models for programs and projects.

• Drive automation of control validation and policy‑as‑code enforcement.

• Support regulatory readiness across global jurisdictions.

• Ensure architecture supports data residency and sovereignty obligations.

• Collaborate with Legal, Privacy and Compliance on emerging regulatory impacts.

• Provide defensible architecture documentation for audit and regulatory review.

• Lead security architecture assessments for acquisitions.

• Define integration and divestiture security blueprints.

• Support large‑scale ERP, digital, AI and cloud transformation programs.

• Establish rapid risk assessment models for new technologies.

• Establish KPIs, OKRs and performance dashboards.

• Track control design effectiveness and systemic risk reduction.

• Integrate architecture insights with cyber analytics programs.

• Report enterprise architecture risk posture to executive leadership.

• Lead global team of security domain architects.

• Define operating model across centralized and federated teams.

• Establish architecture career paths and technical competency frameworks.

• Enterprise financial management and planning experience.

Qualifications

• Master’s degree in Business Administration, Computer Science, Information Technology or related discipline or equivalent experience.

Preferred Certifications

• Certified Cloud Security Professional (CCSP)

• Certified Information Systems Security Professional (CISSP)

• Sherwood Applied Business Security Architecture (SABSA)

• Open Group Architecture Framework (TOGAF)

• Certified in Risk and Information Systems Control (CRISC)

• Certification in Information Security Strategy Management (CISM)

• Microsoft Certified: Cybersecurity Architect Expert (SC‑100)

• Information Technology Infrastructure Library (ITIL)

• Offensive Security Certified Professional (OSCP)

• Project Management Professional (PMP)

Work Experience

• 12+ years of directly‑related or relevant experience with 8+ years in a managerial capacity, preferably in information security.

Behavioral Skills

• Coaching and mentoring

• Creativity & innovation

• Decision making

• Leadership skills

• People management

• Planning

• Risk‑taking

Technical Skills

• IT risk management

• IT controls

• Cyber attack mitigation

• Enterprise IT management

• Cloud security

• Network security

• Identity & access management

• Application security

• Service level maintenance

• Information security strategy continuity

• Threat modelling

• Information security strategy standards (SOX, ISO 27001/27002, COBIT, ITIL, NIST, PCI)

Tools Knowledge

• Security tools – CSPM, CWPP, CDR, CNAPP, SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti‑virus, IDS/IPS, VPN, proxies, etc.

• Security testing tools – open source and COTS security tools

• Threat intelligence tools

• Vulnerability testing tools

Benefits

We provide compensation, benefits and resources that enable a highly inclusive culture and support team members in living with purpose every day. In addition to medical, dental, vision and other traditional offerings, we offer a comprehensive suite of benefits focused on physical, emotional, financial and social wellness, including backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental and caregiver leave, and more. Training programs, professional development resources, mentorship opportunities, employee resource groups, volunteer activities and other support are also available. For details, visit https://www.virtualfairhub.com/cencora.

Equal Employment Opportunity

Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or any other protected class. Harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with non‑discriminatory principles. Cencora provides reasonable accommodations to individuals with disabilities during the employment process. For accommodation requests, please call 888.692.2272 or email hrsc@cencora.com. Messages and emails regarding anything other than accommodation requests will not be returned.

Source: JobLeads