Staff Cybersecurity Architect - Security Controls

You desire impactful work.
 

You’re RGA ready

RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 200 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.

The Staff Cybersecurity Architect - Security Controls is a strategic and technical authority responsible for designing, implementing, validating, and continuously improving enterprise security controls and guardrails. This role operationalizes policy, risk, and regulatory requirements into controls as code and evidence as data, ensuring controls are default secure, measurable, resilient, and audit ready across endpoint, data, identity, and detection/telemetry domains. The Security Controls Architect partners deeply with engineering and platform teams to embed secure by default patterns across hybrid environments and target operating systems (Windows, macOS, RHEL, Windows Server), driving automated control health reporting, immutable audit evidence, and friction reducing guardrails that enable the business.

Principle Duties

• Design, develop, and implement the technical direction for enterprise security control architectures, translating policy, risk, and regulatory obligations (e.g., NIST CSF/800-53, CIS Controls, ISO 27001, PCI-DSS) into measurable technical patterns and reference implementations.

• Champion secure by default guardrails over gates—standard baselines, configurations, and self-service patterns that enable teams while reducing risk across endpoints, data, identity, and detection.

• Define processes to enable control threat modeling and risk analyses; anticipate adversary tactics and engineer preventative and detective control coverage with traceable success criteria.

• Ensure controls are operationalized and continuously validated with automated SLIs/SLOs, drift detection, regression testing, and machine-verifiable audit evidence routed to dashboards and scorecards.

• Author and maintain enterprise control standards, reference architectures, RACI models, exception handling patterns, and technical guardrails to drive consistency and scalability.

• Partner with endpoint, data, identity, network, cloud, and enterprise architecture teams to embed controls into SDLC and change management, aligning decisions with business priorities and service reliability.

• Convert business risks and authoritative requirements into testable technical controls; maintain end-to-end traceability from objective → configuration items → validation tests → evidence artifacts.

• Evaluate and standardize strategic platforms for control efficacy and architectural impact, including Splunk Cloud, Cribl Cloud, CrowdStrike Falcon, Microsoft Defender, Microsoft Purview, Varonis Data Security, and Tines.

• Define and enforce scalable identity, access, and privileged access guardrails; implement automated backstops (e.g., sensor re-enrollment, quarantine workflows, tamper protection).

• Contribute to incident response planning and post incident reviews by delivering resilient control patterns, hardening packs, and validation procedures to prevent recurrence.

• Provide technical leadership and coaching on controls as code, test harnesses, adversary/atomic testing, and automation first practices across PowerShell, Python, Bash, REST APIs, and Git-based workflows.

• Continuously assess and improve control posture through Splunk based control health scorecards (coverage %, pass/fail, drift, MTTR, false positive/negative rates, exception aging) and executive ready reporting.

• Design, implement, and continuously improve telemetry architectures and quality gates, ensuring normalized schemas, required data sources, and cost/fidelity/coverage balancing via Cribl → Splunk pipelines.

• Serve as security controls technical architecture representative in enterprise forums and governance bodies; advocate for security priorities, influence technology roadmaps, and align control strategies with broader enterprise objectives.

• Perform other duties as assigned.

Education

• Bachelor's degree in arts/sciences (BA/BS) or equivalent experience – Required

• Active CISSP certification – Preferred

• Additional certifications (e.g., Microsoft SC-200/SC-400/AZ-500, Splunk Core Power User/Architect, CrowdStrike CCFA/CCFR, Varonis DSE, Jamf, RHCSA/RHCE, CISM, CSSLP, GIAC) – Preferred

Work Experience

• 8+ years of progressive experience in information technology security/infrastructure engineering/architecture – Required

• 6+ years of security control implementation/architecture experience focused on technical control design, implementation, and validation in enterprise environments - Required

• Deep technical background in endpoint and data security across operating systems; proven ability to standardize baselines and policies – Required

• Hands-on automation skills (PowerShell, Python, Bash, REST APIs, webhooks) and Git-based workflows; experience with Intune/Configuration Manager/Jamf and Ansible/Terraform where applicable – Required

• Strong understanding of NIST CSF/800-53, CIS Controls, ISO 27001, PCI-DSS and how to convert them into measurable technical controls and audit evidence – Required

• Experience designing and operating control validation pipelines, test harnesses (positive/negative/regression), adversary/atomic testing, and continuous control monitoring with drift detection – Required

• Proven ability to build SLIs/SLOs, dashboards, and near real-time control scorecards in Splunk; skilled at routing evidence and health metrics and producing auditor ready exhibits – Required

• Excellent documentation and communication skills—able to write clear control standards, test procedures, exception models, and evidence narratives consumable by engineers and auditors – Required

• Ability to map and document complex systems and data flows; advanced analytical and problem-solving skills, including competency with tooling such as Lucidchart, Visio, Excel – Required

• Experience integrating controls into SDLC and change management, designing compensating controls for exceptions, and managing time-bound reviews/closures – Required

• Demonstrated success operationalizing controls on several of the following platforms: Splunk Cloud, Cribl Cloud, CrowdStrike Falcon, Microsoft Defender, Microsoft Purview, Varonis Data Security, and Tines – Required

• Contribution to incident response and post incident hardening/validation with measurable outcomes and sustained resilience – Preferred

• Demonstrated collaboration and influence across matrixed organizations; ability to coach engineers, drive change, and cultivate trust while minimizing delivery friction – Preferred

#LI-CW1

#LI-Remote

What you can expect from RGA:

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world.

• Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.

• Join the bright and creative minds of RGA, and experience vast, endless career potential.

We’re excited to get to know you and connect your unique skills with our global opportunities. To create a modern and seamless experience, we use artificial intelligence (AI) in parts of our preliminary screening process. This technology helps us personalize job recommendations, automate interview scheduling, evaluate candidates based solely on experience—without considering name, gender, or other personal details—and provide real-time answers through our chatbot. AI is used only during early screening and never makes hiring decisions. Your RGA recruiter will work closely with you every step of the way to ensure the process feels personal, thoughtful, and focused on you.

Compensation Range:

Base pay varies depending on job-related knowledge, skills, experience and market location. In addition, RGA provides an annual bonus plan that includes all roles and some positions are eligible for participation in our long-term equity incentive plan. RGA also maintains a full range of health, retirement, and other employee benefits.

RGA is an equal opportunity employer. Qualified applicants will be considered without regard to race, color, age, gender identity or expression, sex, disability, veteran status, religion, national origin, or any other characteristic protected by applicable equal employment opportunity laws.