Sr Information Security Architect (Remote)
American Specialty Health is seeking a Sr Information Security Architect to join our Enterprise Security Programs department. This position will build security into our products and services through all project phases including planning, development and implementation. This position will work with various security and project teams to make sure policies and controls are implemented and operationalized. This position will also be responsible for doing threat models and risk mitigation strategies for various initiatives. Responsible for working with the CISO, Security Operations, and Compliance daily to balance security and operational concerns.
American Specialty Health complies with state and federal wage and hour laws and compensation depends upon candidate’s qualifications, education, skill set, years of experience, and internal equity. $173,500 to $336,880 Full-Time Annual Salary
Remote Worker Considerations:
Candidates who are selected for this position will be trained remotely and must be able to work from home in a designated work area with company-provided technology equipment.
- Integrate Security into all new projects from planning to implementation.
- Responsible for implementing controls and securing enterprise information systems by developing and reviewing security requirements and technology solutions from design to implementation.
- Provide standards and governance oversight for the enterprise.
- Lead security solution design efforts and threat modeling analysis related to the introduction of new technologies.
- Analyze tabletop, red team and penetration testers reports to develop risk mitigations.
- Participate and validate security threat intelligence and assess solutions.
- Collaborate with IT and software engineering teams to ensure alignment with security requirements and architecture standards.
- Coordinate with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices.
- Coordinate with the privacy officer or office to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
- Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
- Be a security advocate and leader for security initiatives and operational processes
- Assist security operation teams during incident response or business continuity scenarios.
- Assists Information Security teams with initiatives and projects as assigned.
- Bachelor’s degree in Computer Science, Engineering, Cybersecurity or relevant work experience in Information Technology. If equivalent experience, high school diploma required.
- Minimum of Ten years combined experience in Information Technology and Security required.
- At least 3 years’ experience with securing Azure Cloud environments required.
- Knowledge of the following services preferred: Best Practices for Azure SECURITY (must have knowledge and skillset); Azure Governance, i.e. Azure Policies, ARM templates, Blueprints; Azure DevOps; Terraform and/or Bicep experience; Azure Kubernetes Services (AKS); CI/CD pipelines; Azure PIM (Privileged Identity Management); Logic Apps for alerting; Azure Key Vault; Azure Sentinel (SIEM) & SIEM integration work.
- CISSP: Certified Information Systems Security Professional certificate preferred
- CISSP: (ISSAP or ISSEP): Information Systems Security Architecture or Engineering Professional preferred.
- CCSP: Certified Cloud Security Professional preferred.
- OSCP: Offensive Security Certified Professional preferred.
- Experience with one or more of the following: MITRE AT&TCK, ITIL, ISO, NIST Frameworks along with STRIDE, DREAD, or other threat models.
- Excellent organizational, communication, documentation, and project management skills.
- In-depth knowledge of Operational Processes (Event, Incident, Change, Problem).
- In-depth knowledge of SIRP (Security Incident Response Process).
- Familiarity and strong understanding of cryptography, cloud security, data security, common vulnerabilities, and attack patterns.
- In depth understanding of networking.
- A strong ability to communicate and balance competing priorities.
- Demonstrated ability to interact in a positive, respectful manner and establish and maintain cooperative working relationships.
- Ability to display excellent customer service to meet the needs and expectations of both internal and external customers.
- Excellent listening and interpersonal communication skills to identify critical core competencies based on success factors and organizational environment.
- Ability to effectively organize, prioritize, multi-task and manage time.
- Demonstrated accuracy and productivity in a changing environment with constant interruptions.
- Demonstrated ability to analyze information, problems, issues, situations and procedures to develop effective solutions.
- Ability to exercise strict confidentiality in all matters.
Primarily sedentary, able to sit for long periods of time.
Ability to speak, see and hear other personnel and/or objects. Ability to communicate both in verbal and written form. Capable of using a telephone and computer keyboard.
Work-from-home (WFH) environment.
American Specialty Health is an Equal Opportunity/Affirmative Action Employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.
Please view Equal Employment Opportunity Posters provided by OFCCP here.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access our career center as a result of your disability. To request an accommodation, contact our Human Resources Department at (800) 848-3555 x6702.
ASH will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company’s legal duty to furnish information.