Vaco is working with a client in the Oil & Gas Industry that is seeking a Security Program Architect in Houston, TX.

JOB SUMMARY

Security Program Architect to lead the integration of cybersecurity governance, risk, and compliance (GRC) with secure architecture and technical design across the organization. This role serves as a strategic bridge between policy and implementation—designing security programs that are both compliant and technically sound.
The ideal candidate has experience in cybersecurity frameworks, regulatory standards, secure architecture principles, and cross-functional program execution. We’re looking for a delivery focused problem solver who stays current on cybersecurity trends and thrives on designing and implementing practical, business-aligned solutions.

RESPONSIBILITIES

Program Leadership & Integration

• Play an active role in developing enterprise cybersecurity vision, roadmap, and execution plan
• Serve as a strategic liaison between cybersecurity, IT, and business units to align security initiatives with organizational goals
• Lead or contribute to the development of enterprise-wide security programs (e.g., Zero Trust, Data Protection, Secure by Design)
• Drive cross-functional collaboration to ensure consistent implementation of security controls across infrastructure, applications, and operations
• Support the Head of Cybersecurity in providing subject matter expertise to executive leadership on security posture, architectural gaps, and program maturity
• Develops policy drafts, procedures, educational materials, strategy/technology roadmaps, Request for Proposal/Offers (RFP/RFO’s), project plans, communications, and presentations to support the overall delivery of IT cybersecurity objectives.

Governance, Risk & Compliance (GRC)

• Develop and manage enterprise cybersecurity policies, standards, and procedures aligned to frameworks such as NIST CSF, NIST 800-53, ISO 27001, and CIS
• Lead cyber risk assessments and translate risk insights into actionable program requirements and security controls
• Oversee compliance initiatives (e.g., SOX, HIPAA, GDPR, CCPA, etc.) and collaborate with Legal, Audit, and Privacy teams
• Design and manage security awareness programs to drive organizational engagement and improve security culture
• Lead vendor risk management activities, including third-party risk assessments, contract reviews, and ongoing monitoring of security posture
• Define and track security KPIs, metrics, and maturity models to support continuous improvement
• Establish security governance processes to support secure design reviews, exception handling, and third-party risk management

Security Architecture & Technical Design

• Support the Head of Security in reviewing the current technology stack to assess its effectiveness in mitigating today’s threat landscape and identify opportunities for improvement
• Monitor current cybersecurity threats and industry trends while proactively shaping a long-term security roadmap aligned with emerging risks, technologies, and business objectives
• Partner with enterprise architects, infrastructure, and application teams to design secure systems and services
• Develop and maintain security reference architectures, patterns, and technical standards for key environments (cloud, on-prem, hybrid)
• Embed security requirements into system development lifecycles (SDLC), DevSecOps practices, and cloud-native design
• Conduct technical risk assessments, threat modeling, and architecture reviews for critical projects
• Recommend security technologies and controls to mitigate identified risks and support business objectives

Determining compensation for this role (and others) at Vaco by Highspring depends upon a wide array of factors including but not limited to:

• the individual’s skill sets, experience and training;
• licensure and certification requirements;
• office location and other geographic considerations;
• other business and organizational needs