Zill Ahmed

Executive Director, Security Architecture

I lead security architecture programs that make secure-by-design the default — not the exception.

01.About

As an Executive Director, Security Architecture at Sony Pictures Entertainment (SPE), I lead the security architecture program to ensure enterprise applications and platforms are designed and delivered using secure-by-design principles. I establish security reference architectures, secure design patterns, and engineering standards that enable teams to build consistently, reduce design risk, and accelerate secure delivery at scale.

I also drive modernization of SPE's vulnerability management capabilities by unifying findings across application, cloud, and infrastructure layers into centralized workflows with clear ownership and accountability. This approach provides leadership and application owners with an end-to-end view of security posture — from external exposure to runtime risk — while improving prioritization, remediation outcomes, and measurable risk reduction.

Previously, I served as the Director of Information Security at Howard Hughes where I executed cyber strategy, advanced security operations maturity, and strengthened governance across a hybrid environment. Prior to that, I led global security and compliance initiatives at TikTok, building a scalable framework and operating model to support secure, compliant growth of datacenters and applications. Earlier, I led global teams at Deloitte, delivering enterprise security transformations for clients across regulated industries by defining cloud security roadmaps, integrating security into CI/CD and Infrastructure-as-Code, implementing policy automation for continuous compliance, and performing Zero Trust-based architecture and application security reviews.

With a strong blend of technical and interpersonal skills, I excel in communicating with executives and collaborating with cross-functional teams to achieve shared goals.

02.Experience

Executive Director, Security Architecture · Sony Pictures Entertainment

CA  |  11/24 — Present

  • Lead security architecture reviews for business-critical applications, cloud workloads, and GenAI-enabled solutions, and establish governance for model vetting and secure adoption, aligned to secure-by-design principles.
  • Develop security reference architectures and secure design patterns to standardize controls across applications, cloud services, identity flows, data protection, and third-party integrations.
  • Define and publish Secure Application Development Standards and secure engineering requirements to improve consistency across engineering teams and reduce design flaws early in the SDLC.
  • Modernized vulnerability management by centralizing findings across application, cloud, and infrastructure layers into ServiceNow workflows, automating ownership assignment, and enabling an end-to-end view of exposure and remediation status.
  • Enhance Cloud and SaaS security posture by operationalizing Wiz and Palo Alto SaaS Inline Security, improving visibility into risk, misconfigurations, and shadow SaaS exposure.
  • Implement Snyk and embed security scanning into build/release workflows to enable early detection of open-source and container risks through CI/CD automation.
  • Produce target-state security architecture and a multi-phase implementation roadmap, aligning stakeholders on priorities, dependencies, and measurable outcomes.

Director of Information Security · Howard Hughes

The Woodlands, TX  |  11/23 — 08/24

  • Reported cyber strategy, risk posture, and key initiatives to executive leadership and the Board.
  • Led and developed a cybersecurity team and managed budget, vendors, and the security roadmap.
  • Improved detection and response maturity by optimizing logging/monitoring, IR playbooks, and tabletop exercises; improved MTTD/MTTR by 30%.
  • Built a measurable security program: 90% phishing reporting, reduced click rate from 8% to 3%.
  • Established GenAI security governance and reviewed AWS-hosted applications; delivered risk findings and prioritized remediation.
  • Partnered with Legal on SEC cyber disclosure readiness, cyber insurance alignment, and strengthening vendor security requirements.
  • Increased critical/high patch SLA compliance from 70% to 90% in 3 months through clear ownership and prioritization.
  • Created OT/ICS inventory and designed segmentation to isolate industrial assets from corp. networks.

Information Security & GRC Program Manager · TikTok

San Jose, CA  |  05/22 — 11/23

  • Led a global team of 6 regional managers to build and scale an enterprise security framework.
  • Established governance with Risk, Legal, HR, Security, and Internal Audit to align on control ownership and risk escalation.
  • Assessed maturity against ISO 27001/PCI-DSS and delivered prioritized remediation roadmap.
  • Partnered with engineering teams to define security standards for large-scale platforms and services supporting secure, compliant growth.
  • Instituted vulnerability management processes to improve prioritization, accountability, and remediation execution.

Manager, Cloud Cyber Risk Services · Deloitte

Houston, TX  |  02/20 — 05/22

  • Led security architecture reviews and control design for migration of 130 on-prem applications to AWS, Azure, and GCP.
  • Managed a $2.1MM cloud security governance program leading a 10-person global team to implement security guardrails and policy automation.
  • Built cloud security strategy and roadmap for enterprise workloads, delivering maturity assessments and prioritized remediation plans.
  • Integrated security controls into CI/CD and Infrastructure-as-Code delivery to improve prevention and continuous compliance.
  • Drove Azure/M365 cyber pursuits totaling ~$3MM and produced proposals, SOWs, and pricing models.

IT Risk Manager / Sr. Security Architect · Chevron Phillips Chemical

Houston, TX  |  02/13 — 02/20

  • Led a team of 5 to build a third-party data risk management program supporting GDPR, PCI-DSS, and HITRUST-aligned requirements.
  • Mapped policies, standards, controls, and risks to NIST CSF and delivered executive-facing risk reporting and remediation plans.
  • Supported SOX/ITGC audits by driving remediation planning and control improvements.
  • Integrated security testing into CI/CD to advance secure SDLC practices and reduce release risk.
  • Developed Azure security reference architectures for identity, networking, encryption, privileged access, and application protection.

03.Tools & Technologies

Identity & Access Management

  • Entra ID
  • PingFederate
  • CyberArk

Cloud Security

  • Microsoft Defender for Cloud
  • Wiz
  • Azure Policy
  • Azure API Management

Endpoint Security

  • Microsoft Defender for Endpoint
  • CrowdStrike Falcon
  • Qualys VMDR
  • Forcepoint DLP
  • Intune
  • Jamf

DevSecOps

  • Azure DevOps
  • GitHub
  • Terraform
  • Chef
  • SonarQube
  • Snyk

Network Security

  • FortiGate NGFW
  • FortiGuard IPS
  • Palo Alto NGFW

Asset Management

  • Axonius
  • BMC Discovery
  • Palo Alto SaaS Inline Security
  • Qualys EASM

GRC / Compliance & Frameworks

  • ISO 27001
  • NIST CSF
  • PCI-DSS
  • FedRAMP

04.Certifications & Education

  • Certified Information Systems Security Professional (CISSP)
  • Project Management Professional (PMP)
  • AWS Certified Solutions Architect - Associate
  • Azure Security Engineer Associate
  • CompTIA Security+

Master of Business Administration, Finance

Rutgers University, New Brunswick, NJ

Bachelor of Science in Computer Science, Minor in Mathematics

Rutgers University, New Brunswick, NJ

05.Contact

I'm always open to discussing security architecture challenges, advisory work, or interesting problems. Reach out and I'll get back to you.

Say Hello