Sr Cybersecurity Architect

Overview

Build the Future At McGraw Hill, we are dedicated to delivering digital learning experiences that transform education for learners and educators. Our focus is on creating seamless, impactful products that truly benefit our users while supporting growth and collaboration across teams. We foster a culture that values innovation, teamwork, and a balance between career growth and personal well-being. How can you make an impact? McGraw Hill is seeking a Cybersecurity Architect who can collaborate with development teams, business teams, and cross-functional technology. The role will lead efforts to secure cloud platforms, mitigate cyber risks, and ensure compliance with security policies and regulatory requirements. As a Cybersecurity Architect you should have experience in developer security (DevSecOps), cloud network security, cloud infrastructure vulnerabilities, vulnerability scanning tools, SAST, and working with teams to remediate vulnerabilities. The McGraw Hill Cybersecurity Team is a highly technical, metrics driven team, with a consistent focus on process optimization and automation to improve effectiveness. You must be able to report, quantify stats, trends, and metrics to articulate risk and results. This is an individual contributor role that will report to the VP of Cybersecurity. This is a remote position open to applicants authorized to work for any employer within the United States. What You'll Do: Lead security architecture reviews for new digital product offerings or major changes to existing products to uphold MH’s digital product security standards. Design and implement a Static Application Security Testing (SAST) strategy to protect McGraw Hill’s static code environment that will reduce vulnerabilities prior to production deployments. Develop and maintain the strategy of the cloud security posture for all cloud accounts (AWS, Azure, OCI) belonging to the organization. Collaborate with development teams, cloud operations, engineering, and IT teams to promote secure development practices and integrate security controls into CI/CD pipelines. Present/articulate threats, vulnerabilities and risks to developers, stakeholders, and leadership. Respond and triage security incidents related to digital products. Provide support for web-app and cloud infrastructure vulnerabilities and findings discovered via tools, penetration testing, or by security researchers. Conduct risk assessments on cloud systems and identify/remediate security gaps. Maintain Identity and Access Management (IAM) policies, Role-based Access Control, and least-privileged access to the MH cloud environment. Design and implement strategy to secure MH SDLC workflows. Oversee Web Application Firewall strategy for MH customer-facing products. Secure AI and MCP development workloads. Who You Are: Bachelors degree in related field or equivalent experience preferred. 10+ years of applicable experience. Candidates must hold a CISSP or have equivalent cybersecurity-related experience. Candidates must hold certifications or have equivalent experience in Networking, Cloud Principles, and Incident Response. Ability to present cybersecurity risks and remediation recommendations to senior leadership. Ability to respond to security-related incidents and perform digital forensics. Familiarity with IT Security Policies and Procedures. Strong analytical and communication skills. Thorough understanding of web-based applications, server & container instances, and middleware. In-depth understanding of AWS architecture and accommodating security controls. While minimal, ability to respond to night and/or weekend security incidents. Experience working with Dynamic Application Security Testing (DAST) and Static Application Security Scanning (SAST). Experience with using, maintaining, and reporting results of vulnerability scanning tools, such as Insight AppSec, Insight VM, Insight CloudSec, Burp Suite Pro. Collaborate with developers and engineers to articulate vulnerabilities, risks, and remediations. Foster cybersecurity culture throughout the McGraw Hill software development community. Preferred: Experience with maintaining and maturing a Vulnerability Management Program Experience or familiarity with other cloud service providers, such as Azure, Google Cloud, Oracle Cloud. Experience in securing custom AI/MCP applications and integrations. Why work for us? The work you do at McGraw Hill will be work that matters. We are collectively building experiences that will help shape the future of education. Play your part and experience a sense of fulfilment that will inspire you to even greater heights. The pay range for this position is between $130,000 - $190,000 annually. However, base pay offered may vary depending on job-related knowledge, skills, experience, and location. An annual bonus plan may be provided as part of the compensation package, in addition to a full range of medical and/or other benefits, depending on the position offered. Click here to learn more about our benefit offerings. McGraw Hill recruiters always use a “@mheducation.com” email address and/or from our Applicant Tracking System, iCIMS. Any variation of this email domain should be considered suspicious. Additionally, McGraw Hill recruiters and authorized representatives will never request sensitive information in email. 50818 Apply To This Job