Search Our Career Opportunities

Sr. Enterprise & Cloud Security Architect

Date: May 29, 2019

Location: Milwaukee, WI, 53202

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference. 

What's the role?

This is an outstanding opportunity for a seasoned Enterprise Architect to join a company of choice and enjoy the best of both worlds: the strong foundation and resources of a thriving organization built over more than 150 years, alongside a progressive, fast-paced IT team working with the latest and greatest technology.

Northwestern Mutual Enterprise Architecture assists in the protection, enablement and to improve the positioning of security and compliance for new projects, technologies and products.  At Northwestern Mutual, we have a strong, healthy and growing Enterprise Architecture security team supporting our systems, including critical and network infrastructure, information, applications etc. Security is a core focus for the company and the leadership team is dedicated to continuing to grow and develop a best-in-class security organization. As an Enterprise Architect for security, you will have the opportunity to serve as the expert, taking point on projects, mentoring our more junior architects and directly interfacing with the business as a resource and evangelist in your area of expertise. You will make a strong and visible impact as you meet your mission to create a security strategy and deliver and implement solutions. Demonstrate your talent and prove yourself a star, and you can continue to grow your career with Northwestern Mutual. In fact, this role is open because the incumbent is taking on a new interesting and challenging opportunity within the company! Relocation assistance is available to an outstanding candidate. 

Northwestern Mutual Enterprise Architecture for Security Role:  This role will assist in the development of artifacts and supporting services to achieve these ends. This role will help review current projects, future architectures and future roadmaps to assist in the alignment of these objectives. At times this role will look at new technologies for evaluation in the enterprise architecture security fit. This role will leverage Enterprise Architecture approaches such as TOGAF to build artifacts. Pulling together key requirements from security, compliance, and the business to assist in the building of architecture diagrams, principles, standards, and patterns. This role will also be an ambassador to other parts of the organization to achieve these ends. This role will work with other technology leads and architects throughout the organization.

To be a strong fit for the Enterprise Architecture for Security, you will also need:

Certification and Training

  • A bachelor’s degree in MIS, Computer Science or a related discipline, or the equivalent combination of education and work experience; Four or more years of experience in technology, preferably in support of application architectures (e.g. application platforms, languages, frameworks, integration and security.)
  • Understand the OWASP Top 10, and SANS Top 25/CWE 25
  • Ideally in one or more security certifications such as CISSP, SSCP, Security +, CISM, CISA, or equivalent. One or more cloud / cloud security certifications such as CCSP, ISSAP, AWS Certified Solutions Architect

Process, Lifecycles and Approaches

  • Process models such as Agile, (SAFE, Scrum, etc.), spiral, DevOps, SecDevOps
  • Must have knowledge of secure coding practices, and secure application design across multiple platforms (ASP.NET, JEE, Node.js), languages (.NET, Java, JavaScript), and devices (PCs, tablets, smart phones)
  • Experience with mitigation of coding vulnerabilities in application code (.NET, Java, JavaScript)
  • Knowledge of secure application scanning technologies, including DAST and SAST
  • Evaluate developing requirements or areas such as Local area networks (LANs), wide area networks (WANs), Cloud Architectures, virtual private networks (VPNs), routers, firewalls, and related security and network devices for Architecture integration
  • Develop detailed technical security and compliance standards for technology components
  • Familiarity with Software Configuration Management (SCM), Continuous Integration and Continuous Delivery (CI/CD) to leverage the latest native cloud services; automated delivery models (blue-green, canary, etc.), IDAM (Identity and Access Management) technologies; penetration testing techniques; enabling Security Information and Event Monitoring (SIEM) systems; IPD/IDS on large scale systems
  • Experience implementing and operating an enterprise-scale cloud, including service catalog and service enablement automation, DevOps automation frameworks, BCM and DR supported architecture
  • Experience in IT security architecture components, demonstrating solutions delivery; including network design, application delivery, remote access, cloud components (Iaas, Saas, Paas), security devices, data protection technologies, mobile device management, and others.
  • Understanding of security and compliance domains for areas such HIPAA, PCI, FINRA, Privacy Regulations, NIST 800-53; Ensure appropriate visibility of critical business assets, including customer data e.g. PHI, PII and ensure appropriate security controls to enhance patient, customer, and user experience as well as maintain high levels of customer satisfaction and data security.
  • Remain current on industry trends in cyber risk with industry standards and regulatory requirements (e.g., ISO27001/2, NIST cyber security framework, security best practices}.

Teamwork, Planning, Roadmaps and Strategy

  • Provide architecture and roadmaps for incorporating infrastructure security devices, including IPS, SIEM, malware proxies, network and systems access controls, firewalls, authentication devices, enterprise monitoring systems, etc.
  • Enabling security and compliance by design to help mitigate threats while positioning for future expansion and business enablement.
  • Work collaboratively with information security team member and business stakeholders includes building solid, trust-based relationships with client stakeholders.
  • Ensure operational reliability and support of IT services delivered to our patients, customers, and users are according to defined SLA metrics for confidentiality, integrity and availability from a design, architecture and integration perspective.
  • Ability to look at un-integrated and emerging technologies for business enablement, security compliance is desired. For example, conceptualizing possible future functional and non-functional requirements into architecture platform technical strategy and detailed design to meet business objective
  • Partner with Business representatives, Application Development, Engineering, Operations and Support, Security, Compliance, Corporate Strategy and other digital partners. Provide guidance and direction to the overall technical strategy and roadmap by aligning cost-effective and reusable solutions while advancing the usage of new emerging trends and technical capabilities.


Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now! 

We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.


Req ID: 24977
Position Type: Regular Full Time
Education Experience: Bachelor's Desired
Employment Experience: 6-8 years
FLSA Status: Exempt
Posting Date: 04/02/2019