Information Security Architect

About The Position

Requirements

• Bachelor's in Cybersecurity, Computer Science, Engineering, Information Systems, or a related field.
• 10+ years in cybersecurity architecture and engineering, with demonstrated leadership.
• Demonstrated experience in a regulated environment (healthcare preferred).
• Deep expertise in: Identity & Access Management (IAM), including Azure AD, MFA, SSO, privileged access.
• Cloud security (Azure, AWS), cloud architecture frameworks, and DevSecOps practices.
• Network security: segmentation, firewalls, VPN, SD-WAN, proxies.
• Application security (API security, microservices, OWASP Top 10).
• Endpoint and workload security: EDR/XDR, hardening.
• Strategic thinking and ability to align architecture with business goals.
• Strong communication skills; ability to simplify complex topics for executives.
• Analytical mindset with strong problem-solving capabilities.
• Highly collaborative and consultative working style.
• Ability to manage multiple high-stake initiatives simultaneously.

Nice To Haves

• Master's in Cybersecurity, Computer Science, Engineering, Information Systems, or a related field.
• Certified Information Systems Security Professional (CISSP) - International Information System Security Certification Consortium (ISC2)
• Certified Information Security Manager (CISM) - ISACA
• Certified Cloud Security Professional (CCSP) - International Information System Security Certification Consortium (ISC2)
• Sherwood Applied Business Security Architecture (SABSA) - SABSA Institute
• The Open Group Architecture Framework (TOGAF) - Open Group
• Azure - Microsoft or similar vendor-specific cloud architecture certifications.
• AWS - Amazon Web Services or similar vendor-specific cloud architecture certifications.
• Experience in large EHR ecosystems (Epic) and clinical application security.
• Experience designing/implementing Zero Trust in a complex enterprise.
• Hands-on experience with MDR, SIEM, SOAR, PKI, data security, and secret management tools.
• Strong understanding of HIPAA, NIST 800-53, NIST CSF, HICP, PCI, and HITRUST frameworks.

Responsibilities

• Enterprise Security Architecture & Strategy: Develop and maintain the Enterprise Security Architecture Blueprint, including reference architectures for cloud, on-prem, hybrid, and edge environments (clinical devices, IoT).
• Establish and champion Zero Trust Architecture across identity, network, endpoint, and application workloads.
• Define long-term security technology roadmaps aligned with organizational strategy and cybersecurity maturity goals.
• Translate business requirements into security architecture requirements for new systems, acquisitions, and enterprise initiatives.
• Cloud & Infrastructure Architecture: Lead secure architecture for Azure, AWS, and SaaS platforms, ensuring proper identity segmentation, encryption, workload isolation, and secure configuration baselines.
• Partner with Infrastructure/Network teams to design micro-segmentation, firewall policies, SD-WAN security, and secure remote access solutions.
• Clinical & Enterprise Systems Security: Develop secure design guidelines for EHR (Epic), PACS, VDI, data platforms, IoMT/biomedical devices, and other clinical technologies.
• Collaborate with Clinical Engineering to ensure IoMT vulnerabilities, patching constraints, device segmentation, and lifecycle management align with enterprise security controls.
• Validate security of vendor integrations, APIs, and interfaces with PHI flows.
• Security Controls, Standards & Governance: Define enterprise security standards, patterns, and reusable control templates (NIST CSF, NIST 800-53, CIS).
• Review and approve all high-risk architecture designs, cloud deployments, and technical exceptions.
• Oversee threat modeling and secure design reviews for major projects.
• Maintain architecture governance processes and ensure alignment with GRC and compliance requirements.
• Threat Modeling & Risk Reduction: Conduct threat modeling on new solutions and major system changes using frameworks such as STRIDE, MITRE ATT&CK, and DREAD.
• Provide expert-level guidance on attack paths, privilege escalation risks, identity architecture weaknesses, and compensating controls.
• Work closely with the SOC and Incident Response teams to design detection and response visibility into new architectures.
• M&A, Vendor Due Diligence, and Third-Party Integrations: Lead technical due diligence for acquisitions, affiliation partners, and new clinical applications.
• Evaluate vendor security architecture, API exposure, access models, and integration risks.
• Ensure third-party environments meet enterprise security architecture requirements before connection or data sharing.
• Leadership, Influence & Mentorship: Serve as the technical advisor to the CISO and a trusted consultant to senior IT and business leaders.
• Mentor security engineers and architects, enabling career growth and improving architectural maturity.
• Communicate complex architectural decisions and risks to executives in clear business terms.

Benefits

• PTO available day 1 for eligible hires.
• Up to 5% employer matching contribution for retirement
• Career development guided by hands-on training and mentorship