Application Architect; API Standards & Compliance Lead

Central Point Partners is currently interviewing candidates in the Columbus, Oh area for a large client.

Because this is a Contract to Hire position only GC’s and USC’s.

This position is Hybrid (4 Days onsite)!
Only candidates who are local to Columbus, Oh,
Minneapolis, Dallas, or Detroit will be considered!

Application Architect (API Standards & Compliance Lead)

Governance Framework & Standards

• Define and maintain enterprise-wide API design and governance policies aligned with architecture principles and industry standards (OpenAPI, REST, Graph
  
  QL).
• Establish naming conventions, versioning guidelines, backward compatibility expectations, deprecation/retirement policies, and documentation standards.
• Run the API Governance Board (reviews, approvals, waivers) and maintain the governance operating model and RACI.
• Author and maintain reference architecture, standards playbooks, and reusable policy templates.

Lifecycle Governance & Platform Integration (Apigee X)

• Design and oversee API onboarding workflows via the Developer Portal, ensuring proper documentation, cataloging, and discoverability.
• Define governance processes integrated with Apigee X for publishing, runtime policies (e.g., quotas, rate limiting), and analytics.
• Ensure consistent use of API products, proxies, and catalogs; promote high-quality API definitions and reusability.

Security & Regulatory Compliance

• Implement governance for security patterns (OAuth2, JWT, JWKS, mTLS) using Apigee X and Ping Identity.
• Align APIs to regulatory requirements (e.g., Open Banking, PSD2, HIPAA, GDPR) and enterprise security standards.
• Partner with Risk, Compliance, and Security Engineering to define control objectives, evidence, and auditability (e.g., NIST, ISO 27001, SOC
  2).

Developer Experience & Enablement

• Collaborate with the API Gateway and Dev Ex teams to optimize portal usability, API discoverability, and policy adoption.
• Provide training, guidance, and office hours on governance best practices and standards for internal teams.
• Create artifacts (cheat sheets, checklists, sample OpenAPI specs, policy catalogs) that accelerate compliant delivery.
• Define and track governance KPIs (e.g., % APIs compliant, time-to-approve, policy adoption rates, security defect trends).
• Use Apigee Analytics and GCP monitoring to identify gaps and refine standards based on data insights and evolving business needs.
• Conduct periodic maturity assessments; publish roadmaps and quarterly updates to stakeholders.

Risk, Audit & Controls

• Establish controls and evidence for audits (design-time and runtime), including conformity checks against policy and standards.
• Coordinate remediation plans for non-compliant APIs; manage waivers/exceptions with clear time-bound conditions.

Tooling & Automation

• Partner with platform teams to integrate policy-as-code checks (linting, contract validation, auth enforcement) into CI/CD.
• Evaluate governance tooling (spec linters, catalog quality checks, portal workflows) to automate compliance wherever feasible.

• 10+ years in IT, including strong API development/governance experience.
• 5+ years in API governance or platform leadership roles (enterprise scale).
• Deep familiarity with OpenAPI/Swagger, REST fundamentals, Graph
  
  QL design considerations, and API lifecycle management.
• Hands-on experience with security standards (OAuth2, JWT, JWKS, mTLS) and regulatory frameworks (Open Banking/PSD2, HIPAA, GDPR).
• Experience with Apigee X on GCP (or similar API management platforms like Kong, Mule Soft, AWS API Gateway, Azure APIM) from a governance/architecture perspective.
• Demonstrated ability to write clear policies, standards, and procedures; facilitate governance forums; drive alignment across stakeholders.
• Strong communication, stakeholder management, and change management skills.

• GCP certifications (e.g., Professional Cloud Architect); Apigee certifications a plus.
• Experience with Ping Identity integration and enterprise IAM.
• Familiarity with GCP services (Cloud Armor, IAM, VPC networking) and platform security controls.
• Background in Dev Sec Ops , CI/CD automation, and policy-as-code for API compliance.
• Experience improving API portals, catalogs, and developer experience, including analytics-driven enhancements.

• Strategic thinking and policy design
• Risk and compliance mindset
• Stakeholder facilitation and influence
• Data-driven continuous improvement
• Clear, concise technical writing and storytelling

• This is a governance, standards, and architecture leadership role—focused on policy, enablement, oversight, and measurable outcomes.
• Not a day-to-day software engineering or Apigee proxy development role.
• Limited hands-on configuration may be required to validate governance controls or demonstrate patterns.

For more information about this opportunity, please contact Bill Hart at  AND email your resume to bill.!