Principal Security Architect

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

At Bank of America, cybersecurity is foundational to protecting the enterprise and our customers. The Principal Security Architect is a senior technical leader within the Cyber Security Technology (CST) organization and a member of the Cyber Security Product Management team. This role partners across Global Information Security (GIS) to define, design, and deliver scalable security architectures and capabilities that address evolving threats, regulatory expectations, and business priorities.

CST is a globally distributed organization responsible for cybersecurity architecture, engineering, innovation, product and technology strategy, cyber resiliency, access management, data strategy, and security control support. The Principal Security Architect plays a critical role in shaping enterprise security architecture, influencing technology strategy, and driving execution across multiple engineering initiatives.

Key Responsibilities

• Define solution intent and architectural vision in partnership with senior business and technology leaders, ensuring alignment with GIS policy and enterprise standards.
• Collaborate with senior architects and product managers to develop and execute security roadmaps that deliver on strategic outcomes.
• Advise senior executives on security risks, technology gaps, and architectural trade-offs; develop secure solutions through domain expertise, experimentation, and proofs of concept.
• Lead the evolution of enterprise-level security architecture, ensuring designs are secure, resilient, and adaptable to emerging requirements.
• Partner with governance and control owners to resolve policy issues and strengthen standards and best practices.
• Mentor and guide other GIS architects, driving consistency, reuse, and adoption of architectural patterns across the cybersecurity organization.
• Establish and continuously improve architectural practices, templates, and documentation.
• Work with product managers and senior technology leaders to prioritize security backlog items that enable business epics and features.
• Contribute across multiple initiatives simultaneously and adapt quickly between priorities.
• Influence resourcing, budgeting, and funding decisions through architectural input and business case development; may provide people leadership or direction for special initiatives.

How Success Is Achieved

• Promotes collaboration and builds consensus across stakeholders and senior leadership.
• Applies enterprise policy, best practices, and threat analysis to influence secure outcomes.
• Diagnoses root causes and solves complex problems in dynamic, high-pressure environments.
• Provides informed input into financial planning and investment decisions.
• Demonstrates strong ownership, accountability, and commitment to delivery.
• Maintains a clear enterprise perspective, aligning individual and team efforts to shared goals.
• Drives consistent, sustainable processes that deliver predictable, high-quality results.
• Delivers agreed business value within defined tolerances for scope, schedule, and cost.

Required Qualifications

• 10+ years of experience in security architecture, with some people management experience.
• Broad expertise across information security technologies, processes, and control frameworks.
• Strong ability to research, evaluate, and recommend emerging technologies and strategies.
• Demonstrated experience aligning security capabilities with regulatory, legal, and industry frameworks (e.g., NIST CSF).
• Familiarity with common security bodies of knowledge (e.g., NIST, ISACA, SANS, ISC2).
• Proven ability to operate effectively in a complex, globally distributed organization.
• Exceptional communication, stakeholder engagement, and executive influencing skills.
• Experience working in agile and product-based delivery models, with a track record of successful transformation.
• Experience evaluating vendors and supporting deployment and integration decisions.

Skills:

• Automation
• Influence
• Result Orientation
• Stakeholder Management
• Technical Strategy Development
• Application Development
• Architecture
• Business Acumen
• Risk Management
• Solution Design
• Agile Practices
• Analytical Thinking
• Collaboration
• Data Management
• Solution Delivery Process

Shift:

1st shift (United States of America)

Hours Per Week:

40