Consultant Per Diem - Security Operations Data Platform Program Architect

NYSTEC is a nonprofit technology consulting company, advising agencies, organizations, institutions, and businesses since 1996. We're independent and vendor-neutral, so we have our clients' best interests at heart. At NYSTEC, we know that we succeed when individuals and teams flourish personally and professionally, so our benefits and perks support that mindset.

Serving as a security operations data platform program architect, your day-to-day role as a NYSTEC per diem consultant will include focusing on stakeholder engagement, campus onboarding, vendor coordination, and organizational change management across SUNY's federated environment. You will work closely with SUNY's cloud/security technical teams, which handle detailed platform architecture and implementation.

• Program leadership and execution (40%):
• Lead POC planning, execution, and evaluation with clear success criteria and go/no-go recommendations
• Manage pilot campus selection, onboarding, and expansion (three campuses 10-15 64)
• Track program metrics, including campus adoption, data ingestion reliability, cost per campus, and stakeholder satisfaction
• Deliver biweekly updates to the cross-campus subject matter expert advisory team and monthly executive briefings to SUNY leadership
• Manage program budget, timeline, risks, and dependencies across all phases
• Establish a governance structure with clear decision rights (campus vs. system)
• Campus stakeholder engagement and change management (30%):
• Serve as primary liaison to 64 campus IT organizations and leadership teams
• Conduct campus roadshows, workshops, and training to build awareness and support
• Navigate campus resistance with empathy and strategic communication, identifying and cultivating campus champions
• Design a campus onboarding framework recognizing diversity (cloud-native vs. on-premises, large vs. small, compliance-complex)
• Develop enablement materials, such as reference architectures, deployment guides, and training content
• Lead organizational change strategy for transitioning from current tools to a new platform, balancing standardization with campus autonomy
• Managed SOC integration and operational alignment (15%):
• Lead managed security operations center (SOC) vendor evaluation, selection, and integration planning
• Define SOC access patterns to centralized the data platform and service level expectations
• Validate SOC investigation effectiveness and operational workflows
• Ensure that the platform architecture serves security operations needs and translate security requirements to the technical team
• Partner with the SUNY chief information security officer on sharing threat intelligence coordinating incident response, and documenting minimum logging requirements
• Design a flexible model for supporting campus choice in its security operations approach (system SOC, campus SOC, hybrid, vendor)
• Vendor management and strategic coordination (10%):
• Coordinate with the cloud provider (Amazon Web Services [AWS], Google Cloud Platform [GCP], or Microsoft Azure) on implementing and optimizing the data lake
• Support the CrowdStrike contract negotiation strategy (expires January 2028) and coordinate integrations with Falcon Data Replicator
• Manage service level agreement (SLA) tracking, vendor performance, and the delivery of managed SOC services.
• Plan the Microsoft/Forsyte transition for 16 Sentinel campuses (expires December 2028)
• Ensure that architecture decisions preserve vendor flexibility and competitive leverage
• Develop vendor evaluation criteria and participate in negotiations and contract reviews
• Technical architecture oversight (5%):
• Understand the cloud-native data lake architecture sufficiently to make informed program decisions
• Review designs with the technical team to ensure alignment with operational requirements
• Translate technical concepts for nontechnical stakeholders, identifying trade-offs that require program-level decisions
• Coordinate CrowdStrike, TenableOne, and cloud-native source integrations between vendors and the technical team
• Develop cloud platform knowledge through certifications or training (provider determined during POC)

• A minimum of five years leading cross-functional technical initiatives in complex organizational environments
• A minimum of three years in security operations, SOC environments, or security program leadership
• Experience in higher education, state/local government, healthcare systems, or federated organizations (SUNY System experience highly valued)
• Ability to build consensus and drive adoption without direct authority
• Skilled at translating complex technical concepts for diverse audiences and navigating political dynamics
• Understanding of security logging, monitoring, and observability platforms (Splunk, Elastic, Sentinel, or similar)
• Experience with log aggregation pipelines and data normalization concepts
• Basic cloud platform knowledge (familiarity with AWS, Azure, and/or GCP)
• Understanding of multi-tenant architecture and data isolation patterns
• Familiarity with security frameworks and compliance (Family Educational Rights and Privacy Act [FERPA], Health Insurance Portability and Accountability Act [HIPAA], cybersecurity policies)

Preferred/Desired Qualifications

• Previous SUNY system employment (understands organizational structure, campus relationships, procurement)
• Cloud-native data lake experience (AWS Security Lake, Azure Data Lake, GCP BigQuery, or similar)
• CrowdStrike Falcon platform knowledge; managed SOC vendor evaluation/integration experience
• Professional certifications: Cloud platform (AWS/Azure/GCP), certified information systems security professional (CISSP), Global Information Assurance Certification (GIAC), project management professional (PMP), or related
• Open Cybersecurity Schema Framework (OCSF) or similar log schema frameworks (Elastic Common Schema [ECS], Common Event Format [CEF]); multi-cloud strategy experience

• A bachelor's degree in information security, computer science, information systems, public administration, or a related field required.

The target pay range for this position is $60.00 to $85.00 per hour. When determining compensation, we analyze and carefully consider several factors, including skill set, experience, location, and job-related qualifications.

It is NYSTEC's policy to provide equal employment opportunity (EEO) to all individuals, regardless of actual or perceived race, color, creed, religion, sex, or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), age, national origin, ancestry, citizenship status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, military service and veteran status, sexual orientation, marital status, or any other characteristic protected by local, state, or federal laws and ordinances. NYSTEC is strongly committed to this policy and believes in the concept and spirit of the law.

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact recruitment@nystec.com if you require a reasonable accommodation to apply for or to perform this job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

Applicants must be authorized to work in the United States without the need for visa sponsorship now or in the future.

Learn more about NYSTEC by visiting www.nystec.com.