Security Risk ArchitectLocation
Atlanta, Boston, Chicago, Houston, Los Angeles, New York, San Francisco
Job Description
Overview of Role:The Security & Risk Architect is a senior technical leader within the Information Security team, responsible for advancing the firm's cybersecurity strategy and strengthening enterprise security capabilities across infrastructure, cloud platforms, applications, and emerging AI technologies.
This role partners closely with IT, engineering, and business stakeholders to manage security operations, vulnerability management, incident response, secure software development practices, and AI security governance. The position supports a global environment aligned to the NIST Cybersecurity Framework and ISO 27001 standards.
The IT team is prioritizing hiring in Boston and / or Chicago.
Responsibilities: Security Operations & Risk Management
- Identify, assess, and respond to cybersecurity and privacy risks across the organization
- Serve as a technical escalation point for security incidents, investigations, and threat response activities
- Support incident response, digital forensics, and coordination during critical security events
- Monitor threat intelligence and recommend proactive risk mitigation strategies
Security Architecture & Tooling
- Lead the management and optimization of enterprise security tools and platforms
- Evaluate security technologies, identify capability gaps, and recommend improvements
- Manage security controls across Active Directory, Azure, Entra ID, endpoint security, and cloud environments
- Ensure systems and infrastructure maintain secure and hardened configurations
Vulnerability & Compliance Management
- Oversee vulnerability management processes, reporting, and remediation coordination
- Configure and maintain security monitoring, reporting, and compliance metrics
- Drive continuous improvement initiatives across security processes, tools, and policies
- Support disaster recovery, backup oversight, and operational resilience efforts
Application Security & Secure Development
- Integrate security requirements into the software development lifecycle
- Partner with development teams to implement secure-by-design practices within CI/CD pipelines
- Lead application security reviews, code analysis, and penetration testing activities
- Promote secure coding standards aligned with OWASP, NIST, and ISO 27001 frameworks
- Manage third-party and open-source software risk, including supply chain security controls
AI Security & Governance
- Support governance and security oversight for AI platforms and tools, including Microsoft Copilot and Azure OpenAI
- Establish controls for AI usage, access management, and data governance
- Monitor emerging AI security risks, including prompt injection, adversarial behavior, and data exposure threats
- Partner with legal, compliance, and business stakeholders to develop responsible AI usage policies
Qualifications: - Bachelor's degree or equivalent experience
- 6+ years of experience in Information Technology, including 3+ years in Information Security
- Experience with enterprise security technologies and cloud security platforms
- Familiarity with cybersecurity frameworks such as NIST and ISO 27001
- Knowledge of application security concepts, including SAST, DAST, SCA, and secure coding practices
- Understanding of AI/ML security risks and governance principles
- Relevant certifications such as CISSP, Security+, or CEH are preferred
Skills & Competencies
- Strong analytical and problem-solving skills
- Excellent communication and stakeholder management abilities
- Ability to lead initiatives and mentor junior team members
- Strong organizational and project management skills
- Adaptability in a fast-paced, evolving environment
- Ability to influence technical strategy and drive cross-functional security initiatives
Additional Information: - The expected base salary range for this position is $130,000 - $150,000 annually. Actual compensation will be determined based on experience, qualifications, skills, and location. This position may also be eligible for discretionary bonus and a comprehensive benefits package.
- L.E.K. Consulting offers a competitive total rewards package including medical, dental, vision,lifeand disability insurance, 401(k) with employer contribution, HSA contributions (where applicable), paid time off, and other firm-sponsored benefits.
- This role is based in any of our U.S. office and follows our hybrid work model for U.S. offices.We require employees to be in their assigned home office Tuesday, Wednesday, and Thursday each week, as well as the first Friday of each month.
- Applicants must be legally authorized to work in the United States on a permanent basis without the need for employer sponsorship. Unfortunately, we are unable to consider candidatesrequiringvisa sponsorship, including but not limited to H-1B, TN, F-1 (OPT/CPT/STEM), or other work authorization.
#LI-DE1
