Job Title: Director, Cybersecurity Architecture

Location: Remote in Chicago / DFW / Nashville (DFW and Nashville are preferred); need to be able to go to an office for meetings as necessary

Role Type: Direct Hire

Job Description:

The Director, Cybersecurity Architecture plays an integral role in leading the design and evolution of our enterprise security architecture within a complex healthcare ecosystem. This individual will play a critical role in protecting patient data, enabling secure clinical operations, and driving innovation across cloud, application, and data security domains.

As a trusted advisor to technology and business leaders, you will define the vision and roadmaps for cybersecurity architecture, ensure alignment with healthcare regulations, and lead cross-functional security design efforts across cloud platforms, clinical systems (EHR/EMR), and connected medical devices (IoMT).

The Director, Cybersecurity Architecture has a deep understanding of the elements of an IT ecosystem (applications, data, infrastructure, network, operations) which need to be secured, security standards/frameworks, security controls, and technology solutions used to implement these controls. They provide the necessary leadership and performs analysis / design tasks to support the implementation and optimization of security solutions. He / she has overall responsibility to ensure that solutions meet business needs and align with architectural governance and security standards. He or she creates deliverables for managing the organization's portfolio of target-state, interim and current-state security solutions.

The Director, Cybersecurity Architecture will be expected to advocate security requirements and objectives with stakeholders across network, infrastructure, app dev and operations domains, while also ensuring that security architecture and practices do not infringe on the needs of the business. Specifically, the cybersecurity architect will serve as a technical sounding board for the CISO’s interaction and engagement across the organization. They will be expected to collaborate with IT security stakeholders to evaluate new services, vendors, applications and security tools, among other items, from a technical perspective and translate the risk characteristics of these activities and functions into enterprise risk terms that the CISO can communicate to leaders within the organization.

Qualifications/Requirements:

• Define and own the cybersecurity architecture strategy aligned to healthcare risk, compliance, and operational requirements.
• Develop and maintain security reference architectures and design patterns across cloud, infrastructure, applications, and data environments.
• Lead and facilitate Security Architecture Review Boards (SARB) to assess new solutions and technology changes for security risks.
• Drive secure-by-design principles across cloud-native and hybrid deployments in Azure.
• Embed security into the SDLC and CI/CD pipelines for both clinical and non-clinical applications.
• Partner with development and DevOps teams to adopt DevSecOps, threat modeling, and secure coding standards.
• Ensure architecture designs comply with HIPAA guidance for the protection of PHI/ePHI.
• Address security for EHR/EMR platforms, patient portals, physician portals, and third-party health data platforms.
• Provide guidance on IoMT security – including risk modeling, segmentation, and device posture management.
• Define architectures for identity and access management (IAM, SSO, MFA, RBAC) across clinical and non-clinical users.
• Establish data protection strategies: encryption, tokenization, DLP, and data classification.
• Contribute to Zero Trust strategy development and implementation.
• Support the integration of NIST CSF, NIST 800-53, and HITECH controls into security architecture.
• Collaborate with GRC and legal teams on policy enforcement, third-party risk, and regulatory reporting.
• Build strong relationships with technology, clinical, and compliance stakeholders.
• Mentor a team of security architects and senior engineers.
• Evaluate and recommend emerging security technologies and frameworks to meet evolving threats.
• Coordinate with the privacy officer to document data flows of sensitive information within the organization (e.g., PII or ePHI) and recommends controls to ensure this data is adequately secured (e.g., encryption, tokenization, etc.)
• Review network segmentation to ensure least privilege for network access
• Conduct vulnerability assessments and other security reviews of systems, and prioritizes remediation based on the risk profile of the asset and guidance from the CISO
• Liaison with the vendor management team to oversee security risk assessments of existing and prospective vendors, especially those with which the organization shares intellectual property, PII, ePHI, regulated or other protected data.
• Evaluate the statements of work from vendors and partners to ensure that adequate security protections are in place. Assess the providers’ SSAE 16 SOC 1 and SOC 2 audit reports (or alternative sources) for security-related deficiencies and required “user controls,” and report any findings to the CISO and vendor management teams.
• Participate in application and infrastructure projects to provide security planning advice
• Liaison with the business continuity management team to validate security practices for both disaster recovery planning (DRP) and business continuity management (BCM) testing and operations when a failover occurs
• Review security technologies, tools and services, and makes recommendations to the broader security team for their use based on security, financial and operational metrics

Qualifications/Requirements:

• Bachelor's degree in computer science, information systems, engineering, cybersecurity or a related field (Master’s preferred).
• 10–15+ years of progressive experience in cybersecurity, with at least 5 years in architecture and leadership roles.
• Proven experience designing and implementing enterprise-scale cybersecurity strategies, platforms, and controls.
• Deep understanding across multiple cybersecurity disciplines including:
• Cloud Security (AWS, Azure, GCP) – including identity, encryption, networking, workload protection.
• Application Security – secure SDLC, DevSecOps, threat modeling, code review practices.
• Identity & Access Management (IAM) – enterprise IAM, federation, Zero Trust principles.
• Network Security – segmentation, firewalls, VPNs, ZTNA.
• Endpoint Security – EDR/XDR, vulnerability management.
• Data Security & Privacy – encryption, tokenization, DLP, and relevant regulatory frameworks (HIPAA, CCPA).
• Security Operations – SIEM, SOAR, threat intelligence, incident response strategy.
• Governance, Risk, and Compliance (GRC) – familiarity with frameworks like NIST CSF, ISO 27001, SOC 2, HITRUST.
• Lead the development of enterprise security architecture blueprints and reference architectures.
• Translate business and technical needs into secure, scalable architecture designs.
• Evaluate and select security technologies (build vs. buy decisions).
• Partner with enterprise and solution architects to integrate security into all layers of architecture.
• Act as a trusted advisor to executive leadership, IT, engineering, and business units.
• Build relationships across stakeholders to promote a culture of security.
• Lead architecture governance bodies or security architecture review boards.
• Mentor and develop senior security engineers and architects.
• Influence budgets, roadmaps, and policy decisions.
• Excellent communication and storytelling for both technical and executive audiences.
• Experience working across multiple business units in a matrixed organization.
• Ability to assess and communicate risk in a business-aligned way.
• Strong presentation, whiteboarding, and documentation skills.
• Certifications highly preferred but not required:
• CISSP-ISSAP, SABSA, TOGAF, CISM
• AWS Certified Solutions Architect – Professional
• CCSP, Azure Solutions Architect Expert
• GCP Professional Cloud Security Engineer
• Frameworks: NIST 800-53/CSF, MITRE ATT&CK, ISO/IEC 27001
• Full-stack knowledge of IT infrastructure:
• Applications
• Databases
• Operating systems (Windows, UNIX and Linux)
• Hypervisors
• IP networks (WAN, LAN)
• Storage networks (Fibre Channel, iSCSI and NAS)
• Backup networks and media
• Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
• Change management
• Configuration management
• Asset management
• Incident management
• Problem management
• Experience designing the deployment of applications and infrastructure into public cloud services (e.g., AWS or Microsoft Azure)
• Practical knowledge of widely used standards, regulations and cybersecurity frameworks such as NIST, ISO 27001 / 27002, SOC2, HIPAA, FISMA, etc. and key security controls.
• Healthcare and/or Financial services industry experience preferable
• Understanding and knowledge of SDLC methodologies (such as waterfall, spiral, agile software development, rapid prototyping, incremental, synchronize and stabilize, and DevOps).
• Knowledge and understanding of different modeling languages (such as UML, BPMN and ArchiMate).
• Understanding and knowledge of IT standards and general controls.
• Excellent analytical, planning, organizational and technical and skills.
• Excellent written and verbal communication skills.
• Displays intellectual curiosity and integrity.
• Motivated and driven by achieving long-term business outcomes.
• Ability to work under pressure and prioritize during active incidents.
• Ability to work effectively in a team environment and partner with cross-functional teams.