Security Architect

Company Description Veolia in North America is the top-ranked environmental company in the United States for three consecutive years, and the country’s largest private water operator and technology provider as well as hazardous waste and pollution treatment leader. It offers a full spectrum of water, waste, and energy management services, including water and wastewater treatment, commercial and hazardous waste collection and disposal, energy consulting and resource recovery. Veolia helps commercial, industrial, healthcare, higher education and municipality customers throughout North America. Headquartered in Boston, Veolia has more than 10,000 employees working at more than 350 locations across North America. Job Description Position Purpose: The Security Architect is responsible for designing, governing and advancing the cybersecurity architecture strategy across Veolia North America. This role serves as the technical authority for enterprise security architecture, cloud security, identity and access management, application security and infrastructure security while ensuring alignment with business objectives, regulatory requirements and operational resilience needs. The Security Architect partners closely with Infrastructure, Digital, OT, Engineering, Enterprise Applications, Legal, Compliance and Business Leadership teams to ensure security is embedded into technology decisions from concept through implementation. Primary Duties/Responsibilities: Develop and maintain the enterprise security architecture roadmap aligned with business and technology strategies. Define and maintain security architecture standards, patterns and reference architectures. Evaluate emerging technologies and assess security risks and opportunities. Translate cybersecurity strategy into actionable architecture initiatives and technical requirements. Provide architectural guidance for mergers, acquisitions and divestitures. Lead security architecture reviews for new projects, systems and major technology changes. Establish and maintain a Security by Design program integrated into project and procurement lifecycles. Define security requirements for applications, infrastructure, cloud services and third-party solutions. Ensure security controls are incorporated during design rather than after implementation. Design secure architectures for cloud, hybrid and on-premises environments. Define security controls for AWS, Microsoft Azure, SaaS platforms, and data protection technologies. Review network segmentation and remote access architectures. Partner with infrastructure teams to improve resilience and security posture. Support secure architecture initiatives for operational technology environments. Partner with OT teams to establish secure remote access, segmentation and monitoring capabilities. Conduct architecture risk assessments and document mitigation strategies. Support cybersecurity audits, regulatory reviews and compliance initiatives. Lead security evaluations of vendors, products and services. Partner with global business units to unify security toolsets and ensure a consistent security posture across all international regions. Consolidate disparate security toolsets to minimize technical complexity, decrease operational burdens, and enhance enterprise-wide visibility. Establish and govern frameworks for international policy dissemination and adherence tracking to maintain uniform protection across all regions. Design and maintain a centralized logging strategy that aggregates data from cloud, on-premises, and OT environments. Define ingestion standards to ensure high-fidelity, actionable data is collected for threat detection and incident response. Implement data normalization and enrichment processes to improve the quality of logs for SIEM and analytics platforms. Identify gaps in current logging coverage and lead initiatives to improve visibility across critical infrastructure and SaaS applications. Serve as a trusted advisor to business and technology leaders. Mentor engineers and analysts on security architecture principles. Lead cross-functional working groups and architecture review boards. Represent cybersecurity in enterprise architecture and technology governance forums. Qualifications Education/Experience/Background: Required: Bachelor's degree in Information Technology, Computer Science, Cybersecurity or equivalent relevant experience. Required: 5+ years of cybersecurity experience with 2 of that in security architecture experience. Knowledge/Skills/Abilities: Required: Experience conducting architecture reviews and risk assessments. Preferred: Experience supporting mergers and acquisitions (M&A). Preferred: Experience with operational technology (OT) or industrial control systems (ICS). Deep knowledge of enterprise security frameworks and standards. Experience securing cloud, SaaS, and hybrid environments. Experience with identity and access management technologies. Strong communication and stakeholder management skills. Experience with Zero Trust architecture initiatives. Familiarity with modern enterprise tooling: Google Workspace, Microsoft Entra ID, CrowdStrike, Netskope, ServiceNow, AWS, Azure, and GCP. Required Certification/Licenses/Training: Preferred: Holding one or more of the following industry certifications is highly desirable: CISSP SABSA CCSP GIAC certifications TOGAF Microsoft Security certifications AWS Security Specialty Additional Information Benefits: Veolia’s comprehensive benefits package includes paid time off policies, as well as health, dental, vision, life insurance, savings accounts, tuition reimbursement, paid volunteering and more. In addition, employees are also entitled to participate in an employer sponsored 401(k) plan, to save for retirement. We are an Equal Opportunity Employer! All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status . Disclaimer: The salary, other compensation, and benefits information is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, subject to applicable law. #J-18808-Ljbffr