IS Security Architect

About The Position

Requirements

• High school diploma or equivalent and a Bachelor’s degree in related field. Equivalent combination of education and experience will be considered.
• 5–8 years of experience in Information Security, with at least 3 years focused on security architecture, security engineering, or solution design.
• Strong verbal, written, and diagrammatic communication skills, with the ability to clearly translate complex security concepts to technical and non-technical stakeholders.
• Working knowledge of enterprise IT environments, including cloud (AWS, Azure, GCP), on-prem infrastructure, networking, and application architectures.
• Understanding of security architecture principles, including secure-by-design, least privilege, and zero trust concepts.
• Knowledge of identity and access management concepts, including SSO, MFA, service accounts, and non-human identity patterns.
• Familiarity with systems development lifecycle (SDLC) and the ability to integrate security into design, development, and implementation phases.
• Working knowledge of integration patterns, APIs, and enterprise service architectures, including their security implications.
• Understanding of security considerations for clinical systems and medical devices, including patient safety and operational risk impacts.
• Knowledge of regulatory and security frameworks, including National Institute of Standards and Technology guidance and HIPAA requirements.
• Ability to assess risk, analyze complex problems, and recommend practical and scalable security solutions.
• Strong organizational and time management skills, with the ability to manage multiple initiatives and priorities.
• Ability to work independently, take initiative, and remain accountable for delivering results.
• Ability to work a flexible schedule (e.g. 24/7, weekend, holiday, on call availability).

Nice To Haves

• Relevant certifications such as CISSP, CCSP, or cloud provider certifications (AWS, Azure, GCP).

Responsibilities

• Develops and maintains security architecture designs and patterns that align with business, clinical, technology, and threat drivers across cloud, on-prem, and medical environments.
• Participates in application, infrastructure, and clinical technology initiatives to provide security architecture guidance during design and implementation phases.
• Conducts formal security architecture reviews through established governance processes and provides clear, actionable recommendations to project teams.
• Designs and recommends security controls across cloud platforms (AWS, Azure, GCP), network segmentation, and identity integration, ensuring alignment with enterprise standards.
• Reviews medical devices and clinical systems, including FDA-regulated and connected technologies, to ensure appropriate security controls and consideration of patient safety and operational impact.
• Identifies security risks in proposed solutions and works with stakeholders to define mitigation strategies, compensating controls, and acceptable risk decisions.
• Documents security risks, exceptions, and architectural decisions in alignment with enterprise risk management and governance practices.
• Validates that implemented solutions align with approved security designs and works with Security Engineering teams to confirm control effectiveness and proper configuration.
• Collaborates with Identity and Access Management teams to ensure consistent implementation of authentication, authorization, and least privilege access models.
• Ensures security designs align with enterprise standards and regulatory requirements, including National Institute of Standards and Technology guidance and HIPAA requirements.
• Interfaces with audit, compliance, and GRC teams to support control validation, regulatory reviews, and audit activities.
• Tracks changes in technology and threat landscapes and incorporates relevant considerations into security architecture recommendations.
• Performs other related duties as required.
• Remains knowledgeable on current federal, state and local laws, accreditation standards or regulatory agency requirements that apply to the assigned area of responsibility and ensures compliance with all such laws, regulations and standards.
• This employer maintains and complies with its Compliance & Privacy Program and Standards of Conduct, including the immediate reporting of any known or suspected unethical or questionable behaviors or conduct; patient/employee safety, patient privacy, and/or other compliance related concerns.

Benefits

• The employer is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.