At Iron Mountain we know that work, when done well, makes a positive impact for our customers, our employees, and our planet. That’s why we need smart, committed people to join us. Whether you’re looking to start your career or make a change, talk to us and see how you can elevate the power of your work at Iron Mountain.

We provide expert, sustainable solutions in records and information management, digital transformation services, data centers, asset lifecycle management, and fine art storage, handling, and logistics. We proudly partner every day with our 225,000 customers around the world to preserve their invaluable artifacts, extract more from their inventory, and protect their data privacy in innovative and socially responsible ways. 

Are you curious about being part of our growth stor​y while evolving your skills in a culture that will welcome your unique contributions? If so, let's start the conversation.

Job Summary: 

 At Iron Mountain, we protect what our customers value most: their information and assets. As an Information Security Architect, you will play a key role in securing the design, implementation, and maintenance of technology platforms. This involves assessing risks, developing and implementing security solutions, and collaborating to integrate security throughout the product and service lifecycle. The role requires knowledge of security architecture and trends to mitigate threats. You will design and implement security solutions that safeguard sensitive data, systems, and operations against the rapidly evolving threat landscape. This position is vital for our ongoing commitment to maintaining best-in-class security for both our customers and our internal operations. 

Key Responsibilities:

Security Architecture Design: Develop secure architectural designs for new and existing systems, focusing on cloud (AWS, Azure, GCP), and hybrid platforms. Ensure designs meet business objectives and comply with security standards

Implementation and Hardening: Directly configure and harden infrastructure (endpoints, servers, authentication systems, cloud services) to ensure secure operations

Technical Leadership: Provide guidance to DevOps and engineering teams, integrate security throughout CI/CD pipelines, and assist in proof of concepts and technical review of new technologies

Risk Management: Identify and evaluate security risks in both existing and future technology environments. Develop mitigation strategies to address potential vulnerabilities.

Compliance and Regulatory Alignment: Ensure that security controls meet regulatory and legal requirements, such as GDPR, HIPAA, PCI-DSS, and SOC 2 compliance. Lead efforts in developing and maintaining compliance documentation.

Security Policy Development: Collaborate with senior leadership and cross-functional teams to define, establish and enforce security policies, procedures, and best practices across the Digital Business Unit.

Incident Response: Collaborate with the IRM Cyber Security Incident Response team, ensuring the organization is prepared to effectively respond to security breaches. Provide technical guidance in the event of a security incident.

Cloud Security: Provide security leadership in cloud services (AWS, Azure, GCP), ensuring the secure design of multi-cloud and hybrid environments with special emphasis in maintaining IAM solutions.

Security Assessments: Conduct regular security reviews and assessments, including vulnerability scanning, penetration testing, and risk analysis. Proactively work with IT and development teams to remediate security issues.

Collaboration & Stakeholder Engagement: Work closely with Engineering IT, legal, compliance, and other departments to integrate security into all processes. Act as a security advisor on major IT projects, ensuring that security is a key consideration in business and IT decisions.

Emerging Threat Analysis: Stay current with the latest cybersecurity trends, threats, and technologies. Provide recommendations for improving security strategies based on emerging risks and evolving threat landscapes.

Qualifications:

Education: Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field (Master’s degree preferred).

Experience:

7+ years of experience in Information Security, with a minimum of 3 years in an architecture or design role.

Extensive knowledge of information security standards (ISO 27001, NIST, CIS).

Proven experience with security frameworks and regulatory requirements, including PCI-DSS, GDPR, and HIPAA.

Experience designing security architectures for cloud environments (AWS, Azure, or GCP) and securing hybrid systems.

Experience incorporating security in CI/CD pipelines. Enforce Shift-let principles in the development and deployment lifecycle

Certifications:

CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or equivalent certifications preferred.

Technical Skills:

Deep hands-on knowledge of platform and cloud security, network security principles, authentication/authorization, encryption, and security tools (SIEM, IDS/IPS, EDR)

Strong expertise in security protocols, encryption, and identity management (IAM).

Proficiency in network security, firewalls, VPNs, IDS/IPS, DLP, and endpoint security solutions.

Deep understanding of cloud security controls and technologies.

Strong experience in DevOps practices

Translate security requirements into actionable Development tasks

Soft Skills:

Excellent verbal and written communication skills with the ability to articulate complex security concepts to non-technical stakeholders.

Strong problem-solving and analytical skills.

Ability to work collaboratively in a cross-functional environment.

Additional Information: This role may require occasional travel based on business needs.