Director, Security Architecture

at Cardinal Health in Boise, Idaho, United States

Job Description

What Information Security and Risk contributes to Cardinal Health

Information Technology oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value.

Information Security and Risk develops, implements, and enforces security controls to protect the organization’s technology assets from intentional or inadvertent modification, disclosure or destruction. This job family develops system back-up and disaster recovery plans. Information Technology also conducts incident response, threat management, vulnerability scanning, virus management and intrusion detection and completes risk assessments.

Job Summary

The Director, Security Architecture is responsible for establishing, leading, and developing the security architecture strategy, standards, and design practices to enable secure, scalable, and resilient technology solutions across the organization. Reporting to the Vice President, Information Security & Risk, this role serves as a technical leader responsible for aligning security architecture with business priorities, risk management objectives, and enterprise GTBS strategies.

This role leads all aspects of security architecture, including architecture strategy and governance, technical security standards, solution design and advisory, architecture reviews, and tooling optimization. It plays a critical role in embedding security into the development lifecycle, guiding technology investments, and ensuring that security requirements are integrated into enterprise architectures and solutions from inception through deployment.

Responsibilities

Organizational Leadership & Architecture Strategy

Develop and lead the enterprise security architecture strategy aligned with cybersecurity, risk management, and business objectives

Establish governance frameworks and processes to guide secure design, technology selection, and solution deployment across the organization

Collaborate with cybersecurity leadership, enterprise architecture, and technology teams to define target-state architecture and long-term roadmap

Serve as an advisor to leadership on security architecture priorities, risks, and investment decisions

Security Architecture Standards & Governance

Develop, maintain, and enforce enterprise security architecture standards, including design principles, control requirements, and implementation guidelines

Ensure standards are aligned with regulatory requirements, industry frameworks, and organizational risk tolerance

Establish governance processes for adoption and enforcement of architecture standards across global cybersecurity and technology teams

Continuously update and refine standards to address emerging threats, technologies, and business needs

Security Architecture Review & Validation

Oversee architecture review processes to evaluate solutions and system designs against security standards, risk requirements, and enterprise architecture

Ensure security risks are identified, documented, and addressed prior to implementation

Provide approval and validation of security architecture decisions, including exception handling and risk acceptance processes

Drive consistency and quality in architecture review practices across teams

Cybersecurity Advisory for Development & Design

Provide proactive security guidance and risk-informed recommendations during solution design and development

Partner with application, engineering, and commercial technology teams to embed security requirements early in the development lifecycle

Support security-by-design reviews, pre-implementation assessments, and architecture decision-making for new initiatives and technologies

Act as a technical liaison to translate security requirements and risks for both technical and non-technical stakeholders

Security Tooling & Architecture Optimization

Assess, rationalize, and optimize the cybersecurity tooling landscape to reduce complexity, eliminate redundancies, and improve capability coverage

Ensure tooling aligns with enterprise security architecture and supports effective risk management and operational capabilities

Partner with engineering and infrastructure teams to integrate tools into the broader cybersecurity ecosystem

Drive continuous improvement of tooling strategy to support scalability, efficiency, and innovation

Security Architecture Design & Engineering Enablement

Define and support reference architectures, design patterns, and reusable security solutions to enable secure system development

Oversee and guide the implementation of security controls within applications, infrastructure, and platforms

Support teams in designing secure solutions that balance security, performance, scalability, and usability

Promote adoption of secure-by-design principles across development and engineering teams

Capability Mapping & Roadmap Development

Assess current and target security capabilities, mapping them to business priorities and risk requirements

Develop and maintain a phased roadmap to guide strategic security architecture investments and capability maturity

Align architecture initiatives with enterprise transformation efforts and emerging technology trends

Provide visibility into capability gaps and investment priorities to support strategic planning

Stakeholder Engagement & Integration

Collaborate with enterprise architecture, IT, engineering, risk, and compliance teams to ensure alignment of security architecture with enterprise initiatives

Partner with BISOs and business stakeholders to integrate security into business and technology strategies

Provide guidance and support for cybersecurity requirements in projects, ensuring alignment with architecture standards

Drive consistent communication and alignment across global cybersecurity and technology teams

Talent Leadership & Capability Development

Build and lead a high-performing security architecture team with expertise across domains such as cloud, application, infrastructure, and data security

Develop team capabilities through coaching, training, and structured career development initiatives

Foster a culture of technical excellence, innovation, and continuous improvement

Ensure alignment of team capabilities with evolving cybersecurity and business needs

Qualifications

10 years of experience in cybersecurity, security architecture, or information security, with a focus on enterprise architecture and solution design preferred

Deep expertise in security architecture frameworks, secure design principles, and enterprise technology environments

Strong understanding of cybersecurity frameworks (e.g., NIST CSF, ISO 27001) and regulatory requirements

Experience leading architecture reviews, defining standards, and guiding secure solution development

Demonstrated ability to collaborate with cross-functional teams and influence technical and business stakeholders

Strong leadership, communication, and problem-solving skills

Experience in a leadership role overseeing security architecture or engineering teams

Experience in highly regulated industries (e.g., aviation, financial services, healthcare, or government)

Advanced degree (MBA, MS in Cybersecurity, Information Systems, or related field) preferred

Professional certifications such as CISSP, CCSP, SABSA, or TOGAF

Experience with cloud security architecture, DevSecOps, and modern application development practices

**_What is expected of y