Information Security Architect

Community Health Network of Connecticut, Inc. (CHNCT) is currently seeking an Information Security Architect.

Primary Responsibilities:

• Under the direction of the Vice President and Chief Information Security Officer (CISO), the Information Security Architect (ISA) is tasked with the strategic planning, designing, testing, implementing, overseeing, and maintaining the organization's information security infrastructure.
• This role demands the ISA acquire an in-depth understanding of the company's business operations and the technologies it employs to serve our members and protect their information.
• Key attributes of an effective Information Security Architect include: the ability to think strategically and align OISR's information security and risk initiatives with business requirements; the ability to think from the perspectives of a malicious hacker, an insider, and a typical user in order to anticipate and mitigate information security risks; a comprehensive understanding of the business executive's perspective; skills to manage and mentor Information Security team members; effective communication skills with key stakeholders, including business and technical leaders, privacy and compliance officers, external legal counsel, auditors, security service providers, and third-party vendors.
• The Information Security Architect must be capable of explaining risk (likelihood and impact) using practical examples in non-technical terms.
• The ISA needs technical expertise to build security infrastructure from scratch or update existing systems in response to new security threats and regulatory changes.
• The role involves developing and leading vulnerability discovery initiatives and strategies to address threats and risks, as well as representing the Office of Information Security and RISK (OISR) interests and requirements in business, IS, and IT infrastructure projects.

Tasks Performed:

• The Information Security Architect is a key player in evaluating, developing, and implementing security standards, procedures, and guidelines across multiple platforms and diverse system environments.
• The ISA provides technical security expertise and leadership to IT's operations, development, and management teams, and supports OISR staff and contractors in threat and vulnerability discovery, assessment, reporting, remediation, governance, and the operational aspects of information security procedures and products.
• Working closely with the CISO, The Information Security Architect ensures that departmental activities are appropriately prioritized, staffed, and completed.
• The ISA participates in and provides input to the Information Security Management Plan, security risk assessments, HITRUST and other certification assessments, cyber insurance assessments, NIST testing protocols, and Information Security Continuous Monitoring (ISCM).
• With minimal supervision, the Information Security Architect identifies and develops processes, procedures, and associated documentation related to the security of company computer systems, networks, and telecommunications.
• The ISA leads incident response teams as needed, drive the remediation of control failures, and provide guidance and oversight for the organization's vulnerability management controls.
• The Information Security Architect participates in reviewing contracts and security addendums for products and solutions ensuring the testing, and implementation of security plans, products, and control techniques.
• Additionally, the ISA consults with management and staff in the design and implementation of new or modified information security processes.
• The ISA recommends new security tools to management, providing guidance and expertise in their implementation.
• The Information Security Architect investigates and recommends appropriate corrective actions for information security incidents and is knowledgeable in forensic investigations, data recovery, and the handling of digital evidence.
• The ISA conducts third-party and application security assessments, oversees and advises on access control and account administration of critical information resources and key users, and acts as a liaison to IT and Development groups to assist in implementing security technologies and applications security.
• In conjunction with technical counterparts in IT, the Information Security Architect works to remediate audit and security findings.
• The ISA mentors junior employees on security best practices and performs related duties as assigned or requested.

Essential Functions:

• Architect, design, implement and maintain information security systems to support the Information Security Management Program (ISMP).
• Ensure compliance with established policies and procedures and security standards under HIPAA/HITECH, HITRUST, NIST and other applicable frameworks and regulations.
• Participate in the creation and maintenance of the Information Security strategy.
• Monitor, assess, and audit, per policy, all aspects of the ISMP, including endpoints, servers, applications, firewalls, routers, and relevant third parties' systems and activities.
• Manage and lead incident identification and response and communicate potential violations of the company's information security policies to CHNCT's Vice President and Chief Information Security Officer.
• Independently act to prevent or deter security breaches or intrusions that threaten the integrity of mission critical data or applications.

Desired Education: 4 years post-secondary schooling or equivalent experience and professional training

Desired Degree: Bachelors degree

Desired Major: Cyber Security, Computer Technology or Computer Science

Desired Job Experience: Ten plus years of solid progressive work experience in a technical Information Security role or an equivalent combination of education and work experience in a Healthcare Information Security environment. Understands local and federal laws concerning Information security and relevant specific security guidelines such as HIPAA, SOX, and PCI. Knowledge of healthcare industry

Other Qualifications: Knowledgeable in the management and setup of security-related software and hardware. Excellent analytical ability, strong judgment and problem analysis and a broad knowledge of business function(s), information technologies and Information Security best practices. Knowledgeable in risk assessment and threat modeling. Highly developed communication, negotiation, presentation and consensus building skills. Knowledge of new and trending technology including Artificial Intelligence, layered security principles, tactics, and techniques.

Familiarity with many of the following:
Modern WAN/LAN Networking
Cloud services and delivery models
Network monitoring utilities, patch management VMware, Citrix, Windows Servers and OS
Virtualization
Operating systems and associated security and access control models
Proper dev/test/prod practices
Modern coding languages
REST APIs
Databases and practices for working with and manipulating data structures
Web technologies and framework

CHNCT is an equal opportunity, affirmative action employer m/f/d/v and proud of the diversity of our workforce.