Associate Enterprise Security Architect

Who We Are

At Upbound Group, we are committed to elevating financial opportunity for all through innovative, inclusive, and technology-driven financial solutions that address the evolving needs and aspirations of consumers. The Company’s customer-facing operating units include industry-leading brands such as Rent-A-Center, Acima and Brigit that facilitate consumer transactions across a wide range of store-based and digital retail channels, including over 2,400 company-branded retail units across the United States, Mexico, New York and Puerto Rico. Upbound Group, Inc. is headquartered in Plano, Texas.

Role Summary

The Associate Enterprise Security Architect helps shape and scale the organization’s security architecture across the enterprise. This role partners with Enterprise Architecture, Security Engineering, IT, Platform Engineering, Cloud Operations, Privacy and Risk/Compliance to define security standards, reference architectures, and guardrails that ensure technology solutions are secure, consistent, and aligned with business objectives.

This is a growth role for someone who understands core security domains and wants to expand into enterprise-level architecture, strategy, and cross-team influence.

Key Responsibilities

• Assist in developing and maintaining enterprise security architecture standards, patterns, reference architectures and designs (identity, network segmentation, endpoint, cloud, application, data protection, AI, etc.).
• Assist in building the Enterprise Security Architecture framework for the company utilizing SABSA methodology at the direction of a SABSA certified architect.
• Participate in architecture and design reviews to ensure major initiatives align with enterprise security principles, approved patterns, and business objectives.
• Help define security requirements and controls that can be reused across teams, products, and platforms, including AI controls focused on GenAI, Agents, Agentic, MCP, RAG, etc.
• Support the creation and maintenance of target-state security roadmaps (e.g., Zero Trust adoption, logging and detection strategy, IAM modernization, AI Security).
• Contribute to security governance processes, including exception handling, risk acceptance support, and documenting architectural decisions.
• Partner with Security Engineering and IT to ensure enterprise standards can be implemented operationally (pragmatic, measurable, and supportable).
• Assist in vendor and technology evaluations to ensure tools align with architectural standards and integrate with the broader ecosystem.
• Help map security architecture to compliance frameworks and internal policies (NIST CSF, NIST AI RMF, SOC 2, ISO 27001, PCI DSS, etc.), ensuring designs support auditability.
• Contribute to metrics and reporting on architecture adoption (pattern usage, exceptions, gaps, and roadmap progress).
• Maintain clear architecture documentation and communicate standards to stakeholders through presentations, docs, and working sessions.

Focus Areas:

• Identity and Access Management (SSO, MFA, lifecycle automation, privileged access)
• Network and segmentation models (Zero Trust, secure access, remote connectivity)
• Cloud security baselines (landing zones, guardrails, policy-as-code)
• Data classification and protection (encryption, key management, DLP, DSPM)
• AI Security (data security and governance, model security, API, IAM, IRP)
• Logging, monitoring, and detection architecture (SIEM strategy, telemetry standards)
• Secure SDLC guardrails (security gates, code scanning standards, secrets management)

Required Qualifications

• 2 to 5+ years of experience in information security, security engineering, IT, systems engineering, or related technical roles.
• Working knowledge of core security domains: IAM, network security, endpoint security, vulnerability management, encryption, and logging/monitoring, data protection.
• Familiarity with cloud concepts and shared responsibility (AWS, Azure, and/or GCP) and how security guardrails are implemented in cloud environments.
• Experience with design and implementation of AI security controls for enterprise environments.
• Ability to translate security risk into clear requirements and actionable guidance for engineering and IT teams.
• Strong documentation and communication skills (comfortable writing standards and presenting to stakeholders).
• Understanding of common security frameworks and control concepts (e.g., NIST CSF, NIST AI RMF, NIST 800-53, CIS Controls, OWASP, PCI/DSS, etc.).
• Familiarity with SABSA Enterprise Security methodology
• Self-accountability is a must

Preferred Qualifications

• Exposure to enterprise architecture concepts (capability models, target-state roadmaps, architecture review boards).
• Exposure to SABSA Enterprise Security methodology, in practice.
• Experience contributing to Zero Trust programs, segmentation strategies, enterprise IAM modernization and enterprise AI security.
• Familiarity with GRC processes (risk exceptions, control mapping, audit support), without being purely a compliance role.
• Experience with security architecture modeling or diagramming (e.g., C4, ArchiMate, Visio/Lucidchart).
• Experience in security solutions design and evaluation.
• Certifications (nice to have, not required): SABSA Foundation, CCSP, Security+, AZ-500, AWS Security Specialty, CISSP (Associate), Logging/SIEM/Security Vendor certifications

Work Location

Ability to work in the Plano, Texas office, Monday through Friday.

Equal Opportunity Employer

Upbound Group is an equal opportunity employer committed to ensuring all employment decisions are made on a non-discriminatory basis in accordance with applicable federal, state, and local laws.

This job description is not intended to be all-inclusive. Coworker may perform other related duties as negotiated to meet the ongoing needs of the organization.