Enterprise Security Architect

Description The application window will close September 7th, 2026 Job Location The primary work location for this role is remote. About Envestnet Envestnet is an adaptive WealthTech company that is redefining the future of wealth management by helping advisors meet the moment with its comprehensive technology, actionable insights, and industry leading support. Backed by over 25 years of experience and approximately $7.0 trillion in platform assets, Envestnet is trusted by over one third of financial advisors across leading banks, wealth managers, brokerages, and RIAs. For a deeper look at how Envestnet is shaping the future of financial advice, visit www.envestnet.com . The Team You'll Join Envestnet is a leading financial technology company that powers critical wealth management, data, and advisory platforms used across the industry, where trust and reliability are foundational to the business. This role is part of our Information Security team which leads our cyber program and is positioned as a true enabler of innovation—embedding directly into products and services so security is seamless, not a barrier. We take an innovative, risk‑based approach to security, tailoring risk management to the context of the business, technology, and clients rather than applying one‑size‑fits‑all controls. This allows teams to move quickly while maintaining strong protection where it matters most. The security organization partners closely with engineering and product to deliver trusted capabilities at scale, ensuring the highest standards of quality, data protection, and operational resilience. We are also driving meaningful innovation through the responsible and secure use of AI to enhance productivity and client‑facing services. For someone who wants to influence strategy, modernize how risk is managed, shape forward‑leaning security practices, and help protect platforms that matter, this is a uniquely impactful opportunity to be part of the environment. How You'll Contribute Envestnet is seeking an Enterprise Security Architect to join its Information Security organization. This role will help mature the enterprise security program by ensuring systems are secure, compliant, and scalable, while supporting cross-functional initiatives spanning identity governance, risk management, and broader cyber program execution in partnership with Security, IT, Cloud Engineering, Product, HR, and Compliance. Focused on governance and risk leadership, delivered through automation, AI, and modern engineering practices, this senior individual contributor role has no direct reports and leads through influence, collaboration, and trusted partnerships across 1st-line and 2nd-line stakeholders. The Enterprise Security Architect serves as a key technical authority for the design, governance, and resilience of Envestnet's fintech ecosystem, securing core products and emerging AI initiatives while aligning to the Information Security Risk Management (ISRM) framework. Operating at the intersection of 1st-line risk execution and 2nd-line oversight, this role helps turn security from a compliance requirement into a business advantage by aligning stakeholders, clarifying decision rights, and enabling scalable, repeatable practices. Own and evolve the enterprise security architecture and multi-year roadmap (including AI security governance, security automation, identity hygiene, and resilience), aligning priorities to business strategy, regulatory expectations, and measurable risk reduction. Define and operationalize enterprise AI security and risk governance, including adoption of the NIST AI Risk Management Framework, security-by-design guardrails for LLMs/agentic systems (e.g., prompt injection, data poisoning, model inversion), and standard patterns for secure AI-enabled features (e.g., RAG pipelines and agentic workflows). Establish and govern security-by-design requirements across products and platforms, including SSDLC/SSDF-aligned standards, architecture reviews, and threat modeling practices that translate into actionable engineering requirements, release criteria, exception management, and remediation SLAs. Build strong partnerships and relationships functionally with product and engineering by working alongside engineering to define paved-road patterns, embeds requirements into developer and product workflows early, and partners with product security and engineering teams to make secure-by-design the path of least resistance. Lead transformative outcomes building customer trust, risk reduction, AI-enabled defense, engineering enablement, platform resilience, through enterprise risk and GRC alignment by bridging 1st-line execution and 2nd-line oversight; ensure policy/standards alignment to NIST RMF and NIST 800-series guidance, and drive audit-ready evidence and assurance-by-design practices that support assessors, regulators, and client due diligence. Define data security and governance patterns (classification, encryption, retention, deletion, DLP, secrets handling) and AI data controls (data sourcing, access, minimization, lineage) in partnership with Data, Cloud, and Platform teams; embed requirements into roadmaps with ongoing validation. Set architectural patterns for cyber resilience (high availability, incident containment, and rapid recovery) for critical financial systems; partner with operational resilience and incident response stakeholders to validate detection, logging, monitoring, and recovery requirements. Develop and own the enterprise insider threat governance model — strategy, policy, escalation paths, and the HR/Legal/Privacy/Compliance/2nd line partnership — coordinating with SecOps for technical detection and response. Define third-party and software supply chain security architecture requirements, including vendor onboarding/offboarding controls, contract assurance expectations, evidence review practices (e.g., SOC reports), continuous monitoring for critical vendors, and integrity standards (e.g., dependency management, SBOM where appropriate, and vulnerability response). Provide executive-ready communication of security posture through KPIs/KRIs and risk reporting (e.g., dashboards) that connect technical issues to business impact; influence decisions and drive accountability across teams without direct authority. Responsible for producing reference architectures, control evidence, and assurance artifacts that enhance customer trust, and hold up to customer audits, regulatory exams, strategic due diligence and or M&A integration. What You'll Need to Bring 12+ years in cybersecurity, including 5+ years in an architecture role within a regulated financial services or fintech environment, with deep working knowledge of NIST AI RMF, the NIST 800-series, and the Three Lines of Defense model. Hands-on experience with security automation tooling and scripting (Python or similar). Proven expertise in leveraging automation and artificial intelligence to enhance Governance, Risk, and Compliance (GRC) functions, including control monitoring, evidence collection, third-party risk assessment, and policy management. Demonstrated expertise in cloud architecture and Infrastructure as Code (IaC), enabling the effective design and implementation of controls across both cloud and AI environments. Proven experience assessing and managing risk across AI lifecycles, cloud environments, applications, APIs, and data security, including controls related to IAM, network segmentation, encryption and key management, logging and monitoring, secure design, authentication and authorization, secrets management, and data pipelines. Experience designing assurance and control validation approaches, including evidence standards, testing cadence, continuous control monitoring, and partnership with incident response and operational resilience teams to define and assess detection, containment, and recovery requirements for critical systems. Strong data-driven and leadership capabilities, including proficiency with Power BI or similar BI tools, success leading as a senior individual contributor without direct authority, and the ability to communicate complex security risk concepts clearly to technical and non-technical audiences. Certifications such as CISSP-ISSAP, CCSP, or a specialized AI security certification are preferred, or equivalent experience. Nice-to-Haves Industry certifications such as CISSP, CISM, CRISC, CISA, or IAM‑related certifications. Experience with modern AI GRC and monitoring tools and platforms. Background in financial services or other regulated industries. Experience governing AI security programs. Why You'll Enjoy Working at Envestnet Help shape the future of WealthTech. At Envestnet you'll gain hands-on experience and collaborate with some of the industry's brightest minds to deliver meaningful, innovative solutions that make a real difference. We value flexibility in how and where work gets done, and we recognize strong performance with meaningful rewards—because your contributions should drive both business success and your own personal growth. If you're looking for a place where your work has impact, your development is supported, and your contributions are truly valued, Envestnet is where you can build your future. The opportunity is now! Sponsorship This position is not open to candidates requiring visa sponsorship Our Investment in You This role offers a base salary range of [$ minimum to $ midpoint]. The range listed represents a good-faith estimate of base salary compensation for this position and does not include incentive compensation, equity or benefits. Individual pay will be determined based on factors including, but not limited to, relevant experience, skills, education, certifications, and geographic location, in accordance with applicable pay transparency laws. This role is eligible for an additional incentive component as part of the total rewards package. We provide a comprehensive suite of benefits - subject to Envestnet's plan eligibility rules - that support your overall well-being including, medical insurance, paid time off (PTO), 401k company match, paid parental leave, education reimbursement, disability coverage and mental health & wellness support. Our investment in you means supporting you professionally, financially, and personally at every stage of your journey with us. Please visit our benefits page on our career site to learn more. Our Commitment to Inclusion & Belonging Envestnet is an Equal Opportunity Employer and is committed to creating an inclusive environment for all employees and applicants. We welcome and value individuals of all backgrounds and do not discriminate based on race, color, religion, creed, sex (including pregnancy or related medical conditions), gender identity or expression, sexual orientation, national origin, ancestry, age, disability, genetic information, military or veteran status, citizenship status, or any other status protected by applicable law. We encourage individuals from all backgrounds to apply. We strive to provide an inclusive application and interview process. If you are a candidate with a disability and require reasonable accommodation, please contact us at careers@envestnet.com. Please include your full name, the title of the role you are applying for, and the accommodation necessary to assist you with the recruiting process. Recruitment Fraud At Envestnet, safeguarding the trust and safety of job seekers is a top priority. We are aware that scammers may impersonate Envestnet recruiters or create fake job opportunities to deceive candidates. Review the information on our recruitment fraud awareness page to help you recognize and avoid recruitment fraud.