Yum! Brands is seeking a Principal-level Senior Security Architect to shape enterprise security architecture across our global ecosystem (KFC, Pizza Hut, Taco Bell, The Habit Burger Grill). In this role, you tackle unique, enterprise-wide problem spaces, anticipating future risks and setting strategic recommendations that guide multi-year roadmaps. You will operate with limited oversight, aligning outcomes through consultation with your coach and stakeholders. Your decisions will influence multiple functions and cross-brand programs. You will establish secure-by-design guardrails that accelerate delivery while reducing risk, and mentor Staff/Principal architects and senior engineers to raise the bar across the organization.
Key Responsibilities
Security Architecture & Design
Author reusable reference architectures, patterns, blueprints, and decision frameworks. Lead end-to-end reviews and threat modeling for complex, cross-brand initiatives; resolve novel challenges with broad business impact and drive clarity amid uncertainty.
Establish pragmatic architecture governance (principles, patterns, review mechanisms) that balances innovation with risk reduction; translate strategy into roadmaps and measurable outcomes (OKRs/KPIs).
Translate strategy into actionable roadmaps and multi-year control adoption plans; measure outcomes with meaningful KPIs.
Cloud Security & DevSecOps
Define enterprise guardrails for AWS/Azure/GCP (landing zones, identity boundaries, network baselines, encryption, logging) and guide adoption at scale.
Integrate security into CI/CD (SAST, DAST, IaC scanning, policy-as-code, artifact signing, SBOMs); influence platform roadmaps for secure delivery velocity.
Advance container/Kubernetes security (runtime controls, supply-chain security, secrets management) and coach platform/product teams on cloud-native practices.
Serve as principal consultant for complex cloud decisions; decisions typically span multiple departments/functions.
Identity, Access & Zero Trust
Architect Zero Trust across workforce, workloads, and data; mature segmentation, continuous verification, and strong authentication.
Guide enterprise IAM patterns (SSO, MFA, RBAC/ABAC, PAM) and standardize access models for least privilege at scale.
Partner with platform and identity teams to modernize federation and entitlement lifecycle.
Data, Network & Detection
Define enterprise data protection strategy (classification, end-to-end encryption, tokenization, key management, data residency) with cross-functional impact.
Lead segmentation and secure access patterns aligned to Zero Trust; evolve secure edge and private access.
Raise the quality of telemetry and detection engineering (logging standards, SIEM/XDR) with detections mapped to MITRE ATT&CK.
Risk, Compliance & Vendor/SaaS
Align architectures to PCI, SOX, GDPR, and internal risk frameworks; recommend practical compensating controls when constraints exist.
Lead security assessments for emerging technology and third-party platforms; negotiate security outcomes with vendors.
Communicate tradeoffs and risks to senior technical and business leaders; influence investment decisions and sequencing.
Leadership, Autonomy & Influence
Serve as a primary representative for Security Architecture in enterprise forums and technical councils; decisions typically affect multiple functions.
Operate with limited supervision, using judgment in ambiguous situations; outcomes are reviewed via consultation and alignment.
Mentor Staff/Principal architects and senior engineers; lead communities of practice; drive continuous improvement with metrics, threat intelligence, and post-implementation reviews.
Preferred Qualifications
CISSP, CCSP, CISM, AWS/Azure/GCP Security Specialty, TOGAF, or SABSA certifications.
Experience in regulated or high-scale environments (retail/QSR, payments, consumer data).
Demonstrated impact establishing enterprise guardrails, control libraries, and architecture governance.
Salary Range: $169,900-195,000 annually + bonus eligibility and stock-based compensation. This is the expected salary range for this position. Ultimately, in determining pay, we'll consider the successful candidate’s location, experience, and other job-related factors.
