About

• The American Institute of Architects (AIA)

• AIA will provide you with the opportunity to advocate for the value of architecture and give architects and design professionals the resources they need to do their best work. The collective voice of architects is essential and our work drives positive change through the power of design.  

Each one of us at AIA is a leader committed to demonstrating our mission and values and designing a better future for our country and planet. Even in times of change, AIA’s values remain constant

• * We stand for equity and human rights
• * We stand for architecture that strengthens our communities
• * We stand for a sustainable future
• * We stand for protecting communities from the impacts of climate change
• * We stand for economic opportunity
• * We stand for investing in the future
• * We speak up, and policymakers listen

• The American Institute of Architects, as part of the global community, is building a culture of equity, diversity, and inclusion within the profession of architecture to create a better built environment for all. Achieving this vision has a direct impact on the relevance of the profession of architecture and the world's prosperity, health, and future.

• Job Summary

• Reporting to the Sr. Director of Infrastructure, Security, and Customer Success, Information Security Administration, is responsible for leading the day-to-day operations of the security program and tooling. This role emphasizes the strategic use of automation and AI-driven technologies to enhance the effectiveness of security operations.

• The Information Security Administration plays a critical role in executing core information security functions, ensuring alignment with organizational security goals, policies, and procedures. Key responsibilities include managing and optimizing security technologies, fine-tuning systems for maximum threat detection and response, and overseeing the administration of security platforms and compliance tools.

• This role is responsible for identifying and mitigating risks, as well as investigating and remediating security incidents and vulnerabilities and contributes to the implementation of new security solutions, the development and maintenance of policies, standards, and procedures, and the administration of the security awareness program and training.

• Job Duties

Security Monitoring & Incident Response

• * Administer and manage security monitoring tools for real-time threat detection and alerting.
• * Investigate and validate security incidents flagged by automated systems.
• * Escalate critical threats to senior technology staff and coordinate incident response activities.

• * Conduct security assessments through vulnerability scanning, penetration testing, and/or risk analysis.

• * Assist in performing regular internal audits to ensure that systems and networks are operating securely.
• * Assist in conducting threat hunting exercises to proactively identify threats.
• * Review phishing reports and assess indicators of compromise.
• * Continuously fine-tune security tools to increase operational efficiency.
• * Improve threat detection logic, alert tuning, and integrations.

On-prem and Cloud Security

• * Monitor and manage security of On-prem, Azure and AWS environments.
• * Enforce cloud security policies, encryption standards, and access control.
• * Conduct regular audits and assessments of on-prem and cloud configurations.
• * Leverage Azure or AWS-native tools (e.g., CloudTrail, GuardDuty for AWS) for monitoring and alerting.

Access Management & Identity Protection

• * Collaborate with system owners to regularly review Identity and Access Management (IAM) controls and ensure enforcement of least-privilege principles across all platforms.
• * Support the lifecycle management of user identities, including onboarding, access provisioning, periodic access reviews, and privileged access auditing.

• Compliance & Privacy Program Support

• * Assist in administering privacy management platforms (e.g., TrustArc) to support ongoing compliance initiatives.
• * Support the collection and organization of evidence for compliance assessments, internal audits, and regulatory reviews (e.g., PCI, GDPR, NIST).

Security Awareness & Training

• * Support the development and delivery of monthly security newsletters, targeted campaigns, and staff training sessions.
• * Promote best practices for information security and privacy hygiene.

SOP, Process, Reporting & Playbook Management

• * Develop, maintain, and update Standard Operating Procedures (SOPs) for all core security operations.
• * Maintain and refine operational security workflows, processes, and incident response playbooks.
• * Document and deliver monthly reports on the performance and effectiveness of security tools and measures.
• * Ensure all documentation and internal technology intranet site are accurate, up to date, and easily accessible to relevant stakeholders.

• * Handle and resolve security-related tickets, including user requests, access, permission changes, and issue escalations, in accordance with defined SLAs and in a timely, secure manner.
• * Stay updated on trends, threats, and best practices for security and information technology.
• * Perform other related duties as assigned or as necessary.

• Frequent contacts

• * AIA Staff
• * AIA Components
• * Technology and consulting partner/vendors

• Qualifications

• * Extensive experience with (1) security monitoring, protection, detection, and response methodologies and solutions, and (2) managing vulnerability assessment and remediation activities.
• * Demonstrated knowledge and experience with security dashboard development, assessment of IT security activities, security awareness training, SIEM, Office 365 Security and Compliance, Azure Active Directory, and permissions management.
• * Working technical knowledge of Windows, firewall/IDPS, wireless platform, anti-virus, identity and access management methods, patch management, Single-Sign-On (SSO), multi-factor authentication (MFA), scripting, and network concepts and protocols.
• * Knowledge of PCI DS compliance, data privacy, NIST, security risk management processes, Data Loss Prevention (DLP) policy implementation, AWS cloud security, and RedHat Linux operating systems architecture.
• * Proven analytical and problem-solving abilities.
• * Ability to effectively prioritize and execute tasks in a fast-paced and changing environment.
• * Strong customer service attitude; pay close attention to detail; and excellent oral and interpersonal skills required.
• * Demonstrated ability to achieve individual and team goals.

• Bachelor’s degree in computer science, information systems, computer engineering, system analysis, programming or a related field, with 7+ years of hands-on work experience in cybersecurity. Available to provide after-hours support and respond to critical or emergency response duties as needed.

• Supervisory requirement:  

• None

What we offer

We offer a comprehensive benefits package that reflects our company values and workplace culture, including

• * Medical, vision and dental
• * 401(k)
• * Flexibility
• * Paid time off
• * Flexible spending accounts
• * Income protection (Life Insurance Coverage up to 2x salary) & disability plans at no cost.
• * Tuition and membership reimbursements

* AIA employees have access to a variety of other programs, including

• * Employee Assistance Program (EAP) for employees and their family members

• 1. SmartBenefits transportation program, featuring up to $55 monthly in public transportation as well as pretax METRO parking

• * Computer purchase program
• * Fitness club discounts
• * Prepaid legal services program
• * Identity theft protection

• Travel Requirements:                              N/A

• Work Location: Hybrid from the Washington, DC area metro only

• Employees in the DC Metro area will return to a hybrid work environment in the newly renovated office in the Fall of 2025.

• Equal Opportunity Employer, including veterans and individuals with disabilities.