Senior Director – Enterprise Security Architecture

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today! Job Details Summary: The Senior Director of Enterprise Security Architecture (ESA) leads the definition, governance, and enforcement of enterprise-wide security architecture strategy for the enterprise. This leader is accountable for aligning cybersecurity architecture with business strategy, digital transformation, regulatory obligations, and risk appetite.The role oversees reference architectures, security design standards, architecture review boards (ARB), security requirements engineering, and integration with Enterprise Architecture (EA), Cloud, Data, AI, Infrastructure, and Application domains. This role is responsible for building strong partnerships with technology teams, other corporate support functions, and other Information Security organizations to protect the corporate brand, data, and assets and is responsible for the design, implementation, operation, and maintenance of an information security framework, processes, and systems, that protect the business, services, information and systems against unauthorized use, disclosure, modification, damage, and loss. The position partners closely with the CISO, other Information Security Sr. Leaders, and other Technology Leadership teams to establish a vision and strategy required to ensure scalable, measurable, and continuously improving defense capabilities across all security domains in collaboration with other information security domain leaders and partner organizations. Our employee experience is a strategic priority for our company. Our leaders are accountable for leading with purpose, fairness, and equity. They are responsible for building and developing diverse teams, maintaining a safe and inclusive environment, setting clear priorities, and holding self and team accountable for executing with excellence. Primary Responsibilities: • Define and maintain the enterprise security architecture vision and multi-year roadmap. • Align security architecture with corporate strategy, digital transformation, and technology modernization initiatives. • Establish target-state architectures incorporating Zero Trust principles in collaboration with other Information Security and Technology leaders. • Translate risk appetite into enforceable architectural guardrails. Develop and maintain standardized reference architectures for: • Cloud and hybrid infrastructure • Identity & Access Management • Data protection and privacy • Network segmentation • Application security • AI/GenAI security • OT/IoT (in partnership with OT sr. cybersecurity leadership) Additional Responsibilities: • Ensure security-by-design integration into SDLC and platform engineering models. • Govern architecture artifacts across global business units. • Chair or co-chair the Security Architecture Review Board (SARB). • Define security architecture review processes and risk exception workflows. • Establish measurable design assurance criteria. • Partner with Enterprise Architecture for integrated technology governance. • Translate regulatory and risk requirements into technical control standards. • Ensure compliance with global regulatory regimes (e.g., HIPAA, GDPR, SOX, FDA/GxP where applicable). • Maintain or enforce enterprise security standards library mapped to NIST, ISO, SOC 2, PCI, HIPAA, GDPR, etc. • Enable reusable security requirement models for programs and projects. • Drive automation of control validation and policy-as-code enforcement. • Support regulatory readiness across global jurisdictions. • Ensure architecture supports data residency and sovereignty obligations. • Collaborate with Legal, Privacy, and Compliance on emerging regulatory impacts. • Provide defensible architecture documentation for audit and regulatory review. • Lead security architecture assessments for acquisitions. • Define integration and divestiture security blueprints. • Support large-scale ERP, digital, AI, and cloud transformation programs. • Establish rapid risk assessment models for new technologies. • Establish KPIs, OKRs, and performance dashboards. • Track control design effectiveness and systemic risk reduction. • Integrate architecture insights with cyber analytics programs. • Report enterprise architecture risk posture to executive leadership. • Lead global team of security domain architects. • Define operating model across centralized and federated teams. • Establish architecture career paths and technical competency frameworks. • Enterprise financial management and planning experience. Qualifications: Education: • Master s Degree in Business Administration, Computer Scienc...