Principal Security Architect

Established in 2021, Independence Pet Holdings is a corporate holding company that manages a diverse and broad portfolio of modern pet health brands and services, including insurance, pet education, lost recovery services, and more throughout North America.

We believe pet insurance is more than a financial product and build solutions to simplify the pet parenting journey and help improve the well-being of pets. As a leading authority in the pet category, we operate with a full stack of resources, capital, and services to support pet parents. Our multi-brand and omni-channel approach include our own insurance carrier, insurance brands and partner brands.

Role Overview

In close collaboration with the CISO team, this role defines and governs enterprise security architecture for IPH, embedding security into all platforms, applications, and processes. The Security Architect will enable secure adoption of cloud-native services, AI-driven automation, and zero-trust principles across the enterprise, while ensuring compliance with global regulatory frameworks.

Key Focus Areas

• Establishing unified security architecture across multiple zones/domains/lines of business
• Driving Zero Trust adoption and identity-centric security
• Governing AI/ML security and Responsible AI aligned to NIST AI RMF
• Embedding security in DevOps and defining reusable security patterns
• Mapping controls to regulatory frameworks (PCI-DSS, SOC 2, HIPAA, GDPR/CCPA, NAIC, Quebec Law 25)
• Secure and Align with IPH Calandra Toolkit and Skylark Security Stack for standards and implementation

Key Responsibilities

Enterprise Security Architecture (30%)

• Define and maintain security architecture standards for the enterprise (we are Microsoft technology, Azure-centric, Insurance-focused)
• Architect and govern Zero Trust across landing zones; implement unified Conditional Access and identity governance for Internal and external users.
• Publish reusable security patterns for multi-tenant and cross-brand scenarios
• Oversee security for AKS, API management, and cloud-native infrastructure
• Ensure alignment with Calandra Toolkit and Skylark Security Stack for architecture reviews and compliance

Identity & Access Management (20%)

• Drive CIAM strategy (Ping vs Microsoft Entra External ID) and support governance for unified identity across all brands
• Implement MFA with adaptive logic to reduce friction and cost while mitigating VOIP-based fraud
• Integrate IAM for all internal users.

Compliance & Risk Management (20%)

• Architect and develop a security controls catalog mapped to PCI-DSS, SOC 2, HIPAA, GDPR/CCPA, NAIC, Quebec Law 25
• Support audits: evidence collection, control mapping, documentation, and posture improvement
• Embed KYC, AML, and ABC checks into Skylark workflows; automate OFAC, UK, and EU watchlist checks

Cloud & Application Security (15%)

• Define secure patterns for APIs, microservices, and integration pipelines
• Implement container security, workload isolation, and encryption standards
• Drive DevSecOps adoption (SAST/DAST/Secrets/IaC) and govern GitHub Advanced Security and Azure DevOps integrations

AI/ML & Responsible AI Governance (10%)

• Architect security for Azure AI/ML platforms (Azure OpenAI, Copilot Studio, Databricks)
• Lead Responsible AI security governance aligned to NIST AI RMF
• Secure agentic workflows and Gen-AI integrations

Strategic Leadership & Incident Response (5%) - Support the CISO with:

• Develop future-state security architecture roadmap aligned with IPH’s digital transformation goals
• Retain Tier-2 SOC capabilities in-house for compliance with NYDFS, PCI DSS, and ISO 27001
• Champion security automation and AI-driven threat detection

Architecture for:

IAM; Endpoint Protection / EDR / XDR; Endpoint Management; SIEM & MDR; DLP & Data Governance; Email Archiving; Email Security; Patch Management

ITSM / Asset Management;Security Awareness;Web & Network Security;Cloud Security;AppSec / DevSecOps;Incident Response;Backup / DR;Password Management;Governance / GRC;SAST / DAST;Third-Party Risk Management;OFAC Screening;;

Required Platforms & Tools

• Cloud Security: Azure Security Center, Sentinel
• IAM/CIAM: Azure AD, Ping Identity
• Compliance: SOC 2, PCI DSS, HIPAA, GDPR/CCPA, NAIC, Quebec Law 25
• DevSecOps: GitHub Advanced Security, Azure DevOps
• Threat Protection: SIEM (Sentinel), EDR, DLP solutions
• AI Security: Azure OpenAI, Databricks, Responsible AI frameworks
• Enterprise Standards: Calandra Toolkit (Azure) , Skylark Security Stack (Microsoft)

Qualifications

• Experience with 10 years as a security Architect.
• Strong knowledge of cloud-native security patterns and compliance frameworks
• Familiarity with securing AI/ML and agentic workflows
• Insurance industry experience is a plus

Key Success Metrics

Zero-Trust Adoption

• Full implementation across the enterprise

Compliance

• SOC 2, PCI DSS, HIPAA maintained

Identity Security

• Unified identity across all brands

Threat Detection

• AI-driven automation for 90% of alerts

Security Maturity

• Continuous improvement toward top tier

CIAM

• Strategy and full rollout across the enterprise

All of our jobs come with great benefits including healthcare, parental leave and opportunities for career advancements. Some offerings are dependent upon the location of where you work and can include the following:

• Comprehensive full medical, dental and vision Insurance
• Basic Life Insurance at no cost to the employee
• Company paid short-term and long-term disability
• 12 weeks of 100% paid Parental Leave
• Health Savings Account (HSA)
• Flexible Spending Accounts (FSA)
• Retirement savings plan
• Personal Paid Time Off
• Paid holidays and company-wide Wellness Day off
• Paid time off to volunteer at nonprofit organizations
• Pet friendly office environment
• Commuter Benefits
• Group Pet Insurance
• On the job training and skills development
• Employee Assistance Program (EAP)