Enterprise Security Architect

Childrens Mercy Hospital   •  

Kansas City, MO

Industry: Hospitals & Medical Centers


8 - 10 years

Posted 28 days ago

Job Responsibilities:

The enterprise information security architect plays an integral role in defining and assessing the organization's security strategy, architecture and practices. The enterprise information security architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. The enterprise security architect will be responsible to align information security strategy with business goals and work towards finding the optimum balance between information security risks and controls while enabling the business.

The enterprise security architect will be responsible for the following activities and functions:

  • Develop and maintain an information security architecture process that enables the enterprise to develop and implement information security solutions and capabilities that are clearly aligned with business, technology and threat drivers
  • Develop a system-wide, layered defense-in-depth information security strategy plans and roadmaps based on sound enterprise architecture practices
  • Develop and maintain cloud security strategy and architecture which aligns with business goals
  • Develop and maintain information security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage informationsecurity capabilities in projects and operations
  • Align standards, frameworks and security with overall business and technology strategy
  • Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
  • Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in informationsecurity strategy plans and architecture artifacts
  • Participate in projects to provide security-planning advice, within Information Systems and outside, as needed
  • Determine baseline information security configuration standards for operating systems (e.g., OS hardening), network segmentation, identity and access management (IAM), and other areas, as needed
  • Develop standards and practices for data encryption and tokenization in the organization, based on the organization's data classification criteria
  • Conduct or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application
  • Ensure a complete, accurate and valid inventory of all systems, infrastructure, and applications that should be logged by the security information and event management (SIEM) or log management tool
  • Establish a taxonomy of indicators of compromise (IOCs) and share this detail with other information security colleagues, including the security operations center (SOC), information security managers and analysts, as well as counterparts within the network operations center (NOC)
  • Coordinate with the privacy officer or office to document data flow of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
  • Validate IT infrastructure and other reference architectures for informationsecurity best practices and recommend changes to enhance security and reduce risks, where applicable
  • Validate security configurations and access to information security infrastructure tools, including but not limited to firewalls, IPSs, WAFs and anti-malware/endpoint protection systems
  • Review network segmentation to ensure the least privilege for network access
  • Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data:
  • Software as a service (SaaS) providers
  • Cloud/infrastructure as a service (IaaS) providers
  • Managed service providers (MSPs)
  • Payroll providers
  • Liaise with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security controls
  • Review information security technologies, tools, and services, and make recommendations to the broader information security team for their use, based on security, financial and operational metrics
  • Coordinate with operational and facility management teams to assess the security of operational technology (OT) and Internet of Things (IoT) systems
  • Possesses knowledge of Electronic Health Records (EHR) systems and protecting patient information in compliance with the Health Insurance Portability and Accountability Act (HIPAA)
  • Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
  • Exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills
  • Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments
  • Demonstrated ability to identify risks associated with business processes, operations, information security programs, and technology project
  • The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background

Job Requirements:

  • Bachelor's degree in Information Security, Science, Engineering, Mathematics, or Information Technology and 7 or more years' experience
  • Certified Information Systems Security Professional (CISSP) required/or willing to obtain within a year of employment
  • Certified Ethical Hacker (CEH) required/or willing to obtain within a year of employment
  • Experience in a consultancy role providing technical security guidance and direction to non-security teams
  • Experience using architecture methodologies such as SABSA, Zachman and/or TOGAF
  • Full-stack knowledge of IT infrastructure: Applications, Databases, Operating systems - Windows, Unix and Linux, Hypervisors, IP networks - WAN and LAN, Storage networks - Fibre Channel, iSCSI and NAS, Backup networks and media
  • Direct experience designing IAM technologies and services:
  • Active Directory
  • Lightweight Directory Access Protocol (LDAP)
  • Microsoft Azure IAM
  • Strong working knowledge of IT service management
  • Relevant National Institute of Standards and Technology (NIST) standards, along with HIPAA, HITRUST, ISO27001, ITIL, PCI, GDPR, Center for Internet Security Benchmarks (CIS)
  • Preferred qualifications:
  • Certified Information Security Manager (CISM)
  • Information Systems Security Architect Professional (ISSAP)
  • Palo Alto Networks Certified Network Security Engineer
  • Cisco Certified Security Professional (CCSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Cloud Security Professional (CCSP)

EEO Employer/Disabled/Vet