Information Security Architect - HCA Healthcare
Nashville, TN 37203
About the Job
Description
Introduction
Do you have the career opportunities as a(an) Information Security Architect you want with your current employer? We have an exciting opportunity for you to join HCA Healthcare which is part of the nation's leading provider of healthcare services, HCA Healthcare.
Benefits
HCA Healthcare, offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:
- Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.
- Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.
- Free counseling services and resources for emotional, physical and financial wellbeing
- 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)
- Employee Stock Purchase Plan with 10% off HCA Healthcare stock
- Family support through fertility and family building benefits with Progyny and adoption assistance.
- Referral services for child, elder and pet care, home and auto repair, event planning and more
- Consumer discounts through Abenity and Consumer Discounts
- Retirement readiness, rollover assistance services and preferred banking partnerships
- Education assistance (tuition, student loan, certification support, dependent scholarships)
- Colleague recognition program
- Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)
- Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.
Learn more about Employee Benefits
Note: Eligibility for benefits may vary by location.
Our teams are a committed, caring group of colleagues. Do you want to work as a(an) Information Security Architect where your passion for creating positive patient interactions is valued? If you are dedicated to caring for the well-being of others, this could be your next opportunity. We want your knowledge and expertise!
Job Summary
The Information Security Consulting Architect is a technical leadership position without direct reports. Their main role is to be the primary lead, representative and advocate for balanced and reasonable risk management of IT and Information on engagements throughout HCA’s enterprise. This position will report to the Information Security Consulting Team Manager and is responsible for ensuring that security requirements are adequately addressed in all aspects of enterprise architecture, including reference models, segment and solution architectures, and the resulting systems that protect and support organizational mission and business processes.
This role will operate with limited day-to-day supervision after their goals and requirements have been discovered or provided. They will accept high-level goals from management without complete facts and drive them to completion in many cases. This role is expected to understand delegated authority and the impact decisions may have on the company.
This role will function as an information security advisor to the business to advocate for balanced and reasonable cyber risk management and the ITG (Information Technology Group) to facilitate secure development and deployment of technology solutions. This position is responsible for ensuring security strategies & roadmaps for key technology domains are considered in all work and to also provide technical leadership during the evaluation, design, build, and implementation of key information security technologies and processes.
Major Responsibilities:
- Risk Analysis and Mitigation: Provide balanced risk analysis, resolution, and mitigation recommendations on projects and initiatives. Success is measured by the effective implementation of risk mitigation strategies and proper risk acceptance, when necessary, facilitated through collaboration with project management, business owners, and technical team members.
- Secure Architecture Design: Ensure secure architecture design is implemented and lead engagements through Enterprise Architecture Review Board (ARB) sessions. Performance is evaluated based on the successful approval and implementation of secure designs.
- Advisory on Architecture and Risk Management: Advise on cloud architecture, network architecture, system integration, application development, regulatory and business risk management, and technical threat and vulnerability management. Effectiveness is measured by the quality and impact of the advice provided, leading to improved security postures.
- Accuracy in Security Design: Ensure the accuracy of security design and functionality for IT projects, software products, cloud technologies, and network security. Performance is assessed by the successful deployment and operational effectiveness of secure designs.
- External Leadership and Relationship Building: Develop relationships with vendors and other external entities to ensure functional and secure design rollouts within the HCA enterprise. Success is measured by the strength and effectiveness of these relationships and the security of implemented designs.
- Resilient IT Systems: Advise on architectures and designs of IT systems that are resilient and provide protection against attacks proportional to risk vectors. Performance is evaluated based on the resilience and security of the systems designed.
- Weakness Detection and Rectification: Detect weaknesses in systems or cloud services and recommend rectification methods. Success is measured by the identification and effective mitigation of vulnerabilities.
- Quality Improvement: Improve quality results by evaluating, suggesting upgrades, and directing enterprise-wide changes. Performance is assessed by the tangible improvements in quality and security outcomes.
- Continuous Learning and Knowledge Sharing: Update job knowledge by participating in educational opportunities, reading professional publications, maintaining personal networks, and participating in professional organizations. Success is measured by the application of new knowledge to improve security practices and the sharing of this knowledge with the team.
- Mentorship: Mentor junior consultants on the IS Consulting teams. Performance is evaluated based on the development and growth of junior consultants, as evidenced by their improved skills and contributions to the team.
- Cross-Functional Collaboration: Work closely with various business units and interface regularly with technical and non-technical members of the organization, as well as senior business and ITG/IPS leaders. Success is measured by the effectiveness of communication and collaboration, leading to successful project outcomes and enhanced security awareness across the organization.
- Proactive Communication: Demonstrate the ability to proactively communicate important updates and issues to management in a timely manner. Success is measured by the frequency and relevance of updates provided, ensuring management is well-informed and able to make strategic decisions based on accurate and current information.
Education & Experience:
- Bachelors degree in related field Required
- 10+ years of experience in Information Technology
- 7+ years of experience operating in large organizations and adapting to their culture
- 7+ years of measurable success in information security disciplines within large organizations
- 7+ years of experience developing and implementing risk assessment, risk management and risk reduction procedures
Other/Special Qualifications:
- At least one example of a design and implementation of a redundant, solution that provides high availability
- Expert knowledge and use of information security principles, standards, practices and technologies
- Experienced developing and implementing solutions to comply with industry and regulatory requirements (i.e., HIPAA, PCI, SOX, GDPR)
- Strong business acumen, deep critical thinking and decision-making skills
- Proven record of delivering critical projects with challenging deadlines, interacting with multiple stakeholders’ groups and competing priorities
- Ability to evaluate and suggest security improvements to identity and access controls for an integrated AD, Azure Entra ID, GCS and AWS environment
- Expert knowledge and expertise with various Information Security domains such as: Identity and Access Management, Endpoint, Network, Mobile and/or Application Security
- Expert knowledge of security specific technologies: Encryption, PKI, Authentication Protocols, Authorization Protocols, Directory Services, ID Federation, SSO Technologies, Cloud Containers & Kubernetes, Strong Authentication, etc
- Functional knowledge of many emerging technical domains: Cloud Computing, Virtualization, Mobile Computing, APT Attacks, Botnets, Client-Side Attacks, etc
- Demonstrated record as a strong, collaborative technical leader with the ability to think analytically and creatively to solve complex problems
- Provide technical leadership and contribute to departments' strategic planning and roadmap development
- Proven and fast decision-making ability with strong discussion and facilitation skills in meetings
- Excellent multi-tasking, prioritization and time management skills
- Strong communication and public speaking skills, can present to large audiences or upper management effectively
- Proven executive presence
- Proven strong background in evaluating and improving security in IT Security and Operational processes
- Able to discuss and demonstrate deep understanding of information security threat and vulnerability detection, risk assessment, risk management and risk reduction procedures
- Possesses strong conflict management skills
- Comfortable working independently or in a diverse team environment
- Experience working in a healthcare environment securing clinical applications and information is a preferred
- One of the following certifications: SABSA, CISSP, CISM, CCSP, CISA, GSEC, OWASP is preferred
- Experience and or Technical Training may be substituted for education
Additional Information:
- Position may require periodic after hours work and moderate travel at times with little notice.
- Candidates are expected to work most days at a corporate office location in Nashville during normal business hours.
- Must live in/near Greater Nashville, TN Area or be willing to relocate to the area.
HCA Healthcare has been recognized as one of the World's Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.
"Bricks and mortar do not make a hospital. People do."- Dr. Thomas Frist, Sr.
HCA Healthcare Co-Founder
If you are looking for an opportunity that provides satisfaction and personal growth, we encourage you to apply for our Information Security Architect opening. We promptly review all applications. Highly qualified candidates will be contacted for interviews. Unlock the possibilities and apply today!
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.