Security Compliance Architect

Role Summary

The Security Compliance Architect owns the artifacts that Charter's audit team and cyber insurance underwriter will scrutinize most carefully: the NIST control mapping matrix, the compensating controls documentation (especially for Option 2), and the IAM/PAM integration design.

The compensating controls documentation is the primary differentiator from Option 1's audit posture — it must be deeper, more specific, and more defensible than a typical NIST mapping exercise. If the documentation is weak, Option 2's audit acceptance is at risk.

This role partners with the Principal Architect throughout the engagement but is independently accountable for compliance deliverables.



Primary Responsibilities

Author the NIST SP 800-53 Rev. 5 control mapping matrix, traceable to all 25 Exhibit A requirements.

Author NIST SP 800-184 isolated recovery environment alignment documentation.

Author NIST SP 800-209 segmentation and storage integrity protections documentation.

On Option 2: author the Compensating Controls Documentation as a primary deliverable, designed specifically to satisfy Charter audit and insurance underwriter scrutiny.

Lead engagement with Charter audit team in Phase 1 to validate compensating controls model (Option 2) or NIST approach (Option 1) before LLD work begins.

Lead engagement with Charter cyber insurance contact in Phase 1 to validate underwriter requirements.

Author the IAM/PAM Integration Design — CyberArk integration, AD with RSA SecureID MFA, ZTNA-ready architecture, adaptive identity challenge framework.

Co-author the Data Diode Design Document with the Principal Architect, specifically the security control rationale for each of the three confirmed use cases.

Author the Isolated NTP Hierarchy Design (time-bomb malware mitigation per Charter VCRP).

Review and validate all design deliverables for compliance traceability before they are submitted for Charter approval.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

10+ years in security architecture or compliance roles, with at least 5 years in NIST-regulated or equivalent enterprise environments.

Demonstrated authorship of NIST SP 800-53 control mapping matrices that have been accepted in formal enterprise audit.

Working knowledge of SP 800-184 (recovery environments) and SP 800-209 (storage segmentation).

Experience designing or evaluating compensating controls; able to defend a compensating control to an auditor or underwriter without escalating to the principal architect.

Hands-on familiarity with CyberArk, Active Directory, and multi-factor authentication systems (RSA SecureID, Duo, or equivalent).

Experience with ZTNA architecture, particularly in regulated or air-gapped environments.

Strong technical writing — produces audit-grade documentation, not just outlines.

CISSP, CISM, or equivalent compliance-focused certification.

Prior experience as the lead compliance reviewer for an enterprise Cyber Recovery Vault build.

Experience working with cyber insurance underwriters on enterprise security posture review.

Familiarity with Splunk Enterprise Security from a control mapping perspective.

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.