What are the responsibilities and job description for the Principal Security Architect position at KSM (Katz, Sapper & Miller)?
Job Description
We’re KSM, one of the top 50 largest independent advisory, tax, and audit firms in the United States. But more than our size, it’s our people and culture that set us apart. We believe great things happen when people are supported, challenged, and given the freedom to do their very best work. That’s why we’ve built a workplace where your career and personal life can thrive together – where you have the flexibility to manage your time, the resources to grow, and a team that genuinely cares about your success.
We’ve been employee-owned since 2001, giving every team member a stake in our collective success. This ownership mentality fosters a culture of collaboration, curiosity, and excellence – where new ideas are welcomed, different perspectives are valued, and you’re encouraged to explore what excites you most. Whether you’re expanding your skills, tackling new challenges, or making an impact beyond the office, we provide the resources and support to help you grow in the direction that’s right for you.
At KSM, your contributions matter – not just to the firm, but to your colleagues, clients, and the communities we serve across the U.S. If you’re looking for a place where you can do meaningful work, build lasting relationships, and grow in ways that align with what’s most important to you, we’d love to meet you.
Position Overview
We are seeking a highly experienced and hands-on Principal Security Architect to join our team. This role will be responsible for designing and executing a multi-year cybersecurity roadmap, implementing CIS Controls, deploying Zero Trust technologies, and leading enterprise security initiatives. The Principal Security Architect will work hands-on with Infrastructure teams to deliver tactical improvements while advising the CTO on strategic direction, risk posture, and control maturity. The role blends architecture, engineering, governance, and enablement.
Key Responsibilities
KSM only accepts resumes directly submitted by a candidate and referrals submitted by current KSM employees. Unsolicited resumes or candidate profiles sent by staffing agencies and fee-based referral services will not be considered outside of a signed KSM vendor contract. KSM will not pay a fee to recruiters or agencies that do not have a signed KSM vendor contract.
We’re KSM, one of the top 50 largest independent advisory, tax, and audit firms in the United States. But more than our size, it’s our people and culture that set us apart. We believe great things happen when people are supported, challenged, and given the freedom to do their very best work. That’s why we’ve built a workplace where your career and personal life can thrive together – where you have the flexibility to manage your time, the resources to grow, and a team that genuinely cares about your success.
We’ve been employee-owned since 2001, giving every team member a stake in our collective success. This ownership mentality fosters a culture of collaboration, curiosity, and excellence – where new ideas are welcomed, different perspectives are valued, and you’re encouraged to explore what excites you most. Whether you’re expanding your skills, tackling new challenges, or making an impact beyond the office, we provide the resources and support to help you grow in the direction that’s right for you.
At KSM, your contributions matter – not just to the firm, but to your colleagues, clients, and the communities we serve across the U.S. If you’re looking for a place where you can do meaningful work, build lasting relationships, and grow in ways that align with what’s most important to you, we’d love to meet you.
Position Overview
We are seeking a highly experienced and hands-on Principal Security Architect to join our team. This role will be responsible for designing and executing a multi-year cybersecurity roadmap, implementing CIS Controls, deploying Zero Trust technologies, and leading enterprise security initiatives. The Principal Security Architect will work hands-on with Infrastructure teams to deliver tactical improvements while advising the CTO on strategic direction, risk posture, and control maturity. The role blends architecture, engineering, governance, and enablement.
Key Responsibilities
- Architect & Execute the Cybersecurity Roadmap – Define and maintain a 3-year cybersecurity roadmap aligned to CIS Controls (IG1–IG3), NIST CSF, and ISO 27001. Prioritize strategic investments and track measurable progress.
- Implement & Maintain Security Controls – Lead technical execution of CIS Control implementations across endpoints, cloud, and core infrastructure. Partner with Infrastructure to select, configure, and maintain relevant tooling.
- ZTNA & Secure Access Design – Work with IT Operations teams to roadmap and deploy ZPA/ZIA for Zero Trust Network Access, including identity integration, least-privilege access policies, and app segmentation.
- Threat Detection & Incident Response – Design and tune SIEM, EDR/MDR, and alerting platforms. Act as Tier-3 responder for high-priority security incidents, owning analysis and response playbooks.
- Cybersecurity Threat Preparedness & Response - Lead the design and execution of cybersecurity tabletop exercises simulating real-world threats (e.g., ransomware, insider threats). Develop and maintain an actionable incident response playbook covering ransomware, DDoS, credential stuffing, and zero-day exploits.
- Security Policy & Governance – Develop and maintain firm-wide security policies, technical standards, and control documentation that align with regulatory frameworks and audit requirements.
- Continuous Innovation - Recommend and lead proof-of-concepts for next-gen security tools to create the next generation SecOps with automation and AI-enhanced defenses.
- Enterprise Security Awareness – Manage a security awareness program, including regular phishing simulations, training metrics, and tailored education across departments.
- Infrastructure & Engineering Partnership – Work directly with Infrastructure, Systems, and Networking teams to integrate security into project design, configuration management, cloud operations, and hardware lifecycle.
- Risk Communication & Metrics – Provide the CTO with actionable metrics, roadmap updates, incident reports, and board-level risk summaries. Ensure security efforts are aligned with business goals.
- 10 years of experience in cybersecurity engineering, security architecture, or related technical leadership roles.
- Proven track record implementing and maturing security frameworks (CIS Controls, NIST CSF, ISO 27001).
- Hands-on experience with Zscaler, SIEM, EDR/MDR, network segmentation, and secure cloud architecture in AWS and Azure.
- Demonstrated ability to work cross-functionally with Infrastructure, IT Operations, and Engineering.
- Clear communicator comfortable briefing both technical teams and non-technical executives.
- Experience working in Agile or hybrid delivery environments. Familiarity with tools like Jira and Confluence.
- CISSP or CISM required; Zscaler ZTCA, GIAC (GSEC, GSOC, GCIA), or equivalent certifications preferred.
KSM only accepts resumes directly submitted by a candidate and referrals submitted by current KSM employees. Unsolicited resumes or candidate profiles sent by staffing agencies and fee-based referral services will not be considered outside of a signed KSM vendor contract. KSM will not pay a fee to recruiters or agencies that do not have a signed KSM vendor contract.