Job Description

Responsibilities

• Own the enterprise cybersecurity reference architecture — define standards, patterns, and guardrails for network security, endpoint protection, cloud security, data protection, and application security.
• Lead a team of security architects and engineers; set clear performance expectations, mentor technical talent, and cultivate a culture of engineering excellence.
• Plan, execute, and manage the integration of new security technologies into existing systems and infrastructure throughout the enterprise.
• Design and maintain a defense-in-depth posture across hybrid cloud environments (AWS, Azure) including network segmentation, micro-segmentation, encryption in transit and at rest, and secrets management.
• Drive security automation and infrastructure-as-code strategies to improve detection coverage, reduce manual toil, and accelerate deployment of security controls.
• Present technology briefings and architecture decision records to the CISO, CIO, and business line leadership.
• Build and maintain relationships with development, cloud engineering, infrastructure, and operations teams to embed security into platform and application delivery pipelines.
• Evaluate, select, and manage security technology vendors — align vendor capabilities with enterprise strategy and ensure integration cohesion across the security stack.
• Ensure security architecture decisions align with regulatory frameworks including NIST CSF, NIST 800-53, Cyber Risk Institute, FFIEC, and other industry authoritative sources.
• Lead the architecture and engineering response during major security incidents — rapid containment design, forensic tooling deployment, and post-incident hardening.
• Perform technical risk assessments of new platforms, third-party integrations, and proposed architectural changes; provide security design review sign-off for enterprise projects.
• Maintain technology roadmaps for SIEM/SOAR, EDR/XDR, network detection, cloud security posture management (CSPM), and data loss prevention (DLP) capabilities among others.

Qualifications

• Preferred Bachelor’s degree in Information Security, Computer Science, Engineering, or related field.
• Minimum 10 years of progressive experience in cybersecurity architecture, security engineering, or a closely related discipline.
• 5+ years’ experience in Financial Services or Banking — familiarity with OCC, FFIEC, and SEC regulatory expectations required.
• 5+ years’ experience leading people managers and building high-performing technical teams.
• Advanced knowledge of security and control frameworks (NIST CSF, NIST 800-53, FFIEC CAT, COBIT, ITIL, CIS Benchmarks).
• Strong technical knowledge of enterprise SIEM platforms (e.g., Splunk, Microsoft Sentinel, Devo) and SOAR orchestration.
• Advanced knowledge of network security architecture — firewalls, IDS/IPS, WAF, DNS security, micro-segmentation, and Zero Trust network access (ZTNA).
• Deep experience with cloud security architecture across AWS and/or Azure — including landing zone design, cloud-native security services, CSPM, and workload protection.
• Strong knowledge of endpoint detection and response (EDR/XDR), vulnerability management platforms, and threat intelligence integration.
• Advanced ability to translate architectural requirements and security strategy into implementable engineering designs.
• Advanced ability to conduct risk assessments and vulnerability analysis to identify security gaps in proposed and existing architectures.
• Experience with infrastructure-as-code (Terraform, CloudFormation) and CI/CD security integration (SAST, DAST, SCA, container scanning).
• Advanced ability to influence and build relationships with LOB stakeholders, leadership, and internal partners.
• Advanced ability to obtain, analyze, and synthesize information from multiple sources, including performance and risk metrics.
• Advanced analytical mindset focused on results with critical thinking, research, problem-solving, and decision-making skills.
• Highly self-motivated with a strong sense of initiative.
• Strong ability to manage competing priorities across concurrent large, complex projects and deliverables.
• Strong verbal, written, and interpersonal communication skills — able to articulate complex technical architecture to both technical and non-technical audiences.
• Strong technical proficiency in the use of MS Office including Visio, PowerPoint, Excel, and Word for architecture diagrams, decision records, and executive communications.

Preferred Qualifications

• CISSP, CCSP, or CISM certification.
• Cloud security certification (AWS Security Specialty, AZ-500, or equivalent).
• Experience designing and defending security architectures under OCC or FFIEC examination.
• Hands-on experience with threat modeling methodologies (STRIDE, PASTA, MITRE ATT&CK-informed design).
• Familiarity with post-quantum cryptography standards (FIPS 203/204/205) and transition planning.
• Experience with secure software supply chain architecture (SBOM, code signing, artifact verification).

The duties listed above are the essential functions, or fundamental duties within the job classification. The essential functions of individual positions within the classification may differ. Texas Capital Bank may assign reasonably related additional duties to individual employees consistent with standard departmental policy.Texas Capital is an Equal Opportunity Employer.