IT SECURITY ARCHITECT

Montefiore is ranked among the top hospitals nationally and regionally by U.S. News & World Report. For more than 100 years we have been innovating new treatments, new procedures, and new approaches to patient care, producing stellar outcomes, and raising the bar for medical centers in the region and around the world.

We seek an IT Security Architect to play a pivotal role in defining, maintaining, and implementing the organization's IT security strategy, ensuring the confidentiality, integrity, and availability of all the healthcare and hospital system's data. This individual will apply their deep expertise in information security technologies, concepts, and methods to combat potential cyber threats and ensure regulatory compliance.

While this team works remotely some of the time, you must be prepared to work in our office as required. Montefiore requires employees to reside in NY, NJ, CT, or PA, and to be vaccinated including for COVID and flu.

Daily Task List includes:

1. Design, build and implement enterprise-class security systems for a production environment.
2. Align standards, frameworks and security with overall business and technology strategy.
3. Identify and communicate current and emerging security threats.
4. Create solutions that balance business requirements with information and cybersecurity requirements.
5. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
6. Design security architecture elements to mitigate threats as they emerge.
7. Create and manage the network security strategy and roadmap.
8. Develop security requirements, standards, and guidelines.
9. Coordinate with IT teams to ensure a unified approach to IT security across the organization.
10. Conduct or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application.
11. Ensure compliance with the changing laws and applicable regulations.
12. Translate complex risk management issues into manageable parts for other teams.

Key responsibilities include:

• Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers.
• Develop security strategy plans and roadmaps based on sound enterprise architecture practices.
• Develop and maintain security architecture artifacts (e.g., models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.
• Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts.
• Participate in application and infrastructure projects to provide security-planning advice.
• Draft security procedures and standards to be reviewed and approved by executive management and/or formally authorized by the CISO.
• Ensure that security architecture and practices do not infringe on the needs of the business, staff, and patients.

Qualifications include:

• Significant experience in a similar role in an enterprise organization.

• Certifications such as CISSP, CISM, CISA, CCSP, or SABSA are a plus.
• Proven experience in enterprise security architecture design and implementation in a complex, multi-platform environment.
• Strong knowledge of laws and regulations related to healthcare data security (HIPAA, HITECH, etc.).
• Familiarity with cloud security architectures and tools.
• Proficient in security risk management, incident response, identity and access management, and security operations.
• Excellent communication and leadership skills.
• Bachelor's degree in Computer Science, Information Systems or related field, or equivalent experience. A Master's degree is preferred.

Z