API Architect​/API Governance Lead

Duration: 4 to 5 month engagement, possibility of extension

CMK is looking for an experienced API Governance Lead / Architect to establish and operationalize enterprise wide API governance. This role will assess the current state of API design, security, management, and lifecycle practices, define a scalable target state governance model, and drive adoption across Enterprise Technology Services leadership.

The objective is to deliver a documented, auditable, and enforceable API governance framework, including standards, tooling, engineering practices, and reporting mechanisms, applicable to all APIs across the enterprise, including internal application microservices.

This is a strategic and hands on architecture engagement requiring both enterprise influence and practical implementation guidance.

The API Governance Lead will evaluate the current API landscape, define governance standards, align security and compliance controls, and create an adoption roadmap that ensures long term sustainability and audit readiness.

• Conduct enterprise wide discovery of existing APIs, including internal, external, and microservices
• Evaluate governance maturity across design, security, lifecycle, documentation, and monitoring
• Identify control gaps, tooling deficiencies, and security risks
• Deliver a formal maturity assessment and gap analysis

• Define enterprise API governance principles, standards, and operating model
• Establish reference architecture for secure API design and management
• Define lifecycle governance including design review, versioning, publishing, deprecation, and retirement
• Create standardized documentation templates and architectural patterns

• Define API security standards including authentication, authorization, token strategy, encryption, and rate limiting
• Establish controls aligned with audit and regulatory expectations
• Design a control testing approach for governance validation and audit readiness
• Define monitoring, logging, and reporting requirements

• Identify and recommend API management, gateway, catalog, and governance tooling
• Define CI/CD integration patterns for governance enforcement
• Develop engineering practices to embed governance within the SDLC
• Define measurable KPIs and compliance reporting metrics

• Collaborate with ETS leadership to refine and ratify the governance framework
• Facilitate stakeholder workshops and working sessions
• Iterate documentation based on feedback until formal adoption
• Provide a practical implementation roadmap for sustained governance adoption
• API Governance Charter and Operating Model
• Enterprise API Standards and Procedures Documentation
• Security and Compliance Control Framework
• Tooling Recommendations and Integration Blueprint
• Engineering Practice Playbook
• Governance Testing and Audit Approach
• Adoption Roadmap and Reporting Framework

• 10 plus years of experience in enterprise architecture, API architecture, or platform governance roles
• Demonstrated experience building and operationalizing API governance at enterprise scale
• Deep understanding of:
• OAuth2 and OIDC
• API gateways and management platforms
• CI/CD governance enforcement
• Experience working with audit, risk, or compliance teams
• Strong stakeholder management and executive communication skills
• Proven ability to deliver formal standards, governance frameworks, and ratified policy documentation

• Experience implementing governance in large, federated enterprises
• Familiarity with API management platforms such as Apigee, Kong, Mule Soft, Azure API Management, or AWS API Gateway
• Experience aligning API governance to NIST, ISO, SOC2, or similar frameworks
• Background in Dev Sec Ops  and platform engineering
• Experience with API cataloging and lifecycle automation tools