Information Security Architect - Product Engineering: Platforms

At Iron Mountain we know that work, when done well, makes a positive impact for our customers, our employees, and our planet. That’s why we need smart, committed people to join us. Whether you’re looking to start your career or make a change, talk to us and see how you can elevate the power of your work at Iron Mountain.

We provide expert, sustainable solutions in records and information management, digital transformation services, data centers, asset lifecycle management, and fine art storage, handling, and logistics. We proudly partner every day with our 225,000 customers around the world to preserve their invaluable artifacts, extract more from their inventory, and protect their data privacy in innovative and socially responsible ways. 

Are you curious about being part of our growth stor​y while evolving your skills in a culture that will welcome your unique contributions? If so, let's start the conversation.

Job Summary: 

At Iron Mountain, we protect what our customers value most: their information and assets. As an Information Security Architect, you will play a key role in ensuring the security, compliance, and resilience of our technology infrastructure. You will design and implement security solutions that safeguard sensitive data, systems, and operations against the rapidly evolving threat landscape. This position is vital for our ongoing commitment to maintaining best-in-class security for both our customers and our internal operations.

Key Responsibilities:

• Architect Security Solutions: Design, implement, and maintain security architectures for network, cloud, and application environments to safeguard sensitive data and prevent unauthorized access.

• Risk Management: Identify and evaluate security risks in both existing and future technology environments. Develop mitigation strategies to address potential vulnerabilities.

• Compliance and Regulatory Alignment: Ensure that security controls meet regulatory and legal requirements, such as GDPR, HIPAA, PCI-DSS, and SOC 2 compliance. Lead efforts in developing and maintaining compliance documentation.

• Security Policy Development: Collaborate with senior leadership and cross-functional teams to define, establish and enforce security policies, procedures, and best practices across the Digital Business Unit.

• Incident Response: Develop and enhance incident response strategies, ensuring the organization is prepared to effectively respond to security breaches. Provide technical guidance in the event of a security incident.

• Cloud Security: Provide security leadership in cloud services (AWS, Azure, GCP), ensuring the secure design of multi-cloud and hybrid environments.

• Security Assessments: Conduct regular security reviews and assessments, including vulnerability scanning, penetration testing, and risk analysis. Proactively work with IT and development teams to remediate security issues.

• Collaboration & Stakeholder Engagement: Work closely with IT, legal, compliance, and other departments to integrate security into all processes. Act as a security advisor on major IT projects, ensuring that security is a key consideration in business and IT decisions.

• Emerging Threat Analysis: Stay current with the latest cybersecurity trends, threats, and technologies. Provide recommendations for improving security strategies based on emerging risks and evolving threat landscapes.

Qualifications:

Education:

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field (Master’s degree preferred).

Experience:

• 7 years of experience in Information Security, with a minimum of 3 years in an architecture or design role.

• Extensive knowledge of information security standards (ISO 27001, NIST, CIS).

• Proven experience with security frameworks and regulatory requirements, including PCI-DSS, GDPR, and HIPAA.

• Experience designing security architectures for cloud environments (AWS, Azure, or GCP) and securing hybrid systems.

Certifications:

• CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or equivalent certifications preferred.

Technical Skills:

• Strong expertise in security protocols, encryption, and identity management (IAM).

• Hands-on experience with SIEM tools (e.g., Splunk, IBM QRadar) and threat detection technologies.

• Proficiency in network security, firewalls, VPNs, IDS/IPS, DLP, and endpoint security solutions.

• Deep understanding of cloud security controls and technologies.

Soft Skills:

• Excellent verbal and written communication skills with the ability to articulate complex security concepts to non-technical stakeholders.

• Strong problem-solving and analytical skills.

• Ability to work collaboratively in a cross-functional environment.

This role may require occasional travel based on business needs.