Senior Principal, Cybersecurity Architect

QXO Inc

Charlotte, NC

JOB DETAILS
SALARY
$147,200–$235,500 Per Year
SKILLS
Acquisition Integration, Architectural Services, Artificial Intelligence (AI), Artificial Intelligence (AI) Agents, Auditing, Automation, Bill of Materials (BOM), Brokerage, Business Solutions, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cloud Architecture, Cloud Computing, Computer Science, Construction, Continuous Deployment/Delivery, Continuous Integration, Customer Satisfaction, Dental Insurance, Design Patterns Programming Methodologies, Diversity, ERP (Enterprise Resource Planning), Enterprise Applications, Enterprise Protection, Fortune 500 Customers, GCP (Good Clinical Practices), GIAC - Global Information Assurance Certification, Information Technology & Information Systems, Information/Data Security (InfoSec), Infrastructure Software, Internet Security, Legal, MCP - Microsoft Certified Professional, Management Strategy, Management of Information Systems/Technology (MIS), Mergers and Acquisitions, Microsoft Windows Azure, Network Architecture/Engineering, Network Operations Center, Product Development, Risk, Roofing, Security Architecture, Software Administration, Software Development Lifecycle (SDLC), Software Engineering, Supply Chain, U.S. National Institute of Standards and Technology (NIST), Vision Plan, Waterproofing, Writing Skills
LOCATION
Charlotte, NC
POSTED
25 days ago

As a Senior Principal, Cybersecurity Architect at QXO, you'll author the enterprise cybersecurity standards and reference architecture that technology programs are built against. This is the senior-most individual contributor seat in the cybersecurity function reporting to the SVP, CISO with a dotted line to the VP, IT Strategy & Architecture.

QXO is building a modern cybersecurity function from the ground up - automation-first, AI-native, sized to the risk profile of a high-growth Fortune 500. Your architecture and collaboration shape how infrastructure, software engineering, enterprise applications, and data platforms get built - not just how cyber runs. This role is recognized as a senior technical voice inside and outside the company.

QXO, Inc. (NYSE: QXO) is the largest publicly traded distributor of roofing, waterproofing, and related products, and the second largest publicly traded distributor of lumber and building materials in North America. QXO is the fastest growing company in the $800 billion building products distribution industry and plans to become the tech-enabled leader by delivering best-in-class customer satisfaction and outsized returns for its shareholders. The company is targeting $50 billion in annual revenues within the next decade through accretive acquisitions and organic growth.

What you'll do:

  • Define and maintain the enterprise identity reference model, including zero trust, identity governance, access lifecycle, and privileged access concepts
  • Define and maintain the enterprise application security reference model, including secure software development lifecycle, code-to-cloud, signed software bills of materials, artifact provenance, and runtime posture management
  • Partner with infrastructure leaders to embed security architecture across network, endpoint, cloud platform, and data center environments
  • Partner with engineering leaders to embed security architecture into developer pipelines, secure-by-design patterns, and continuous integration and delivery controls
  • Partner with enterprise application and data leaders to embed security architecture across ERP, business systems, third-party integrations, data classification, lineage, and access models
  • In partnership with the VP, IT Strategy & Architecture, define and maintain the security reference architecture for mergers and acquisitions integration, so acquired environments can be absorbed at speed while preserving security posture
  • Establish architectural guardrails for agentic AI across the security function and the enterprise, including scope boundaries, prompt auditing, tool permissions, AI security posture management, and model supply chain controls
  • Engineer for simplicity, standardization, and automation in every control. Automation comes before headcount - the charter is to size cybersecurity to QXO's risk and scale.
  • Hold the line on private-by-default, zero trust, and CIS hardening via Infrastructure-as-Code. Anything that ships at QXO ships hardened.
  • Translate cybersecurity architecture into business outcomes. Tight, data-backed, no jargon unless warranted.
  • Lead by architecture, not by org chart. Influence the technical direction across IT, engineering, and external implementers without owning their headcount.
  • Anchor the program to NIST CSF 2.0. Own the architectural roadmap that drives measurable maturity gains year over year.

What you'll bring:

  • 12+ years in cybersecurity, with 7+ as a hands-on architect at Fortune 500 scale.
  • Authorship - not familiarity - with agentic AI and AI-SPM architecture. You have designed guardrails for AI agents in production: scope, prompt auditing, tool permissions, MCP supply chain.
  • CI/CD experience. Signed SBOMs, artifact provenance, runtime posture management, configuration drift - and you can defend the architectural choices on a whiteboard.
  • IaC-first instincts. Terraform, hardened images, private-by-default, zero trust. You have shipped the automation, not just sketched it.
  • M&A integration scars. You have absorbed acquired environments at speed without breaking the security posture. Enclave models and brokered access are second nature.
  • Deep cloud architecture across OCI, Azure, or GCP. Multi-cloud preferred.
  • A point of view on where cybersecurity is headed in the next 6-12 months. You build to where the industry is going, not where it is.
  • Bachelor's degree in Computer Science, Information Assurance, MIS, or equivalent practical experience. Master's preferred.
  • CISSP, CISM, or SANS GIAC

What you'll earn

  • Base pay range: $147,200 - $235,500

  • Annual performance bonus

  • Long term incentive (equity/stock)

  • 401(k) with employer match

  • Medical, dental, and vision insurance

  • PTO, company holidays, and parental leave

  • Paid Time Off/Paid Sick Leave: Applicants can expect to accrue 15 days of paid time off during their first year (4.62 hours for every 80 hours worked) and increased accruals after five years of service.

  • Paid training and certifications

  • Legal assistance and identity protection

  • Pet insurance

  • Employee assistance program (EAP)

To comply with Pay Transparency laws, employers must disclose an annual salary range. Actual offers depend on factors such as location, experience, skills, and market data. This position may also offer variable compensation.

Please contact careers@QXO.com if you have any questions related to this job posting.

QXO is an Equal Opportunity Employer. We value diversity and do not discriminate on the basis of race, color, religion, gender or sexual orientation, national origin, age, disability, or any other protected status.

Salary Range:

USD $147,200.00 - USD $235,500.00 /Yr.

About the Company

Q

QXO Inc