Information Security Architect II

JOB DESCRIPTION

The position description is a guide to the critical duties and essential functions of the job, not an all-inclusive list of responsibilities, qualifications, physical demands, and work environment conditions. Position descriptions are reviewed and revised to meet the changing needs of the organization.

TITLE:

Information Security Architect II

JOB OVERVIEW:
Responsible for ensuring the confidentiality, integrity, and availability (CIA) of VMC computer systems and information to safeguard personnel and patient safety, while also maintaining compliance with HIPAA, PCI-DSS, cybersecurity industry best practices, frameworks, and standards.

DEPARTMENT:
Informational Technology

WORK HOURS:

Typically, Monday - Friday;
Hours may vary to meet departmental needs.

REPORTS TO:

Supervisor, Information Security

PREREQUISITES:

* Education:

Master's degree in computer science related field plus two (2) years industry related experience, OR Bachelor's degree in computer science related field plus three (3) years industry related experience, OR Associate's degree in computer science related field plus four (4) years industry related experience, OR five (5) years industry related experience.

* Certification:
Intermediate-level information security certification from a cybersecurity industry standard such as (ISC)2, Off Sec, EC-Council, GIAC, CompTIA, and other related certifications on approval. Current certification required.

* Applied Job

Experience:

Information Security Background:
Industry experience preferred as a Cybersecurity Practitioner, Security Operations Center (SOC) Analyst, Risk Assessment Auditor, Penetration Tester, Incident Response Handler, or Computer Forensics Investigator. Experience as a Systems Administrator or Network Engineer to be considered up to three (3) years as time towards.

QUALIFICATIONS:

* Working knowledge with scripting languages and automation such as Python, Power Shell, etc.

* Working knowledge with securing cloud computing and cloud services such as Azure and AWS.

* Working knowledge with securing operating system environments such as Windows, Mac, Linux, etc.

* Working knowledge with securing networking, wireless and virtual environments.

* Working knowledge with subnetting, segmentation, and zero-trust zones.

* Professional experience with PKI/certificate authority and OpenSSL.

* Professional experience with SEG, NGFW, AV and EDR.

* Professional experience with various SIEMs and SOC management.

* Professional experience with multi factor authentication implementation.

* Familiarity with security compliance standards such as HIPAA, PCI-DSS, GDPR, etc.

* Familiarity with security frameworks such as HITRUST, NIST, OWASP, ISO 27000, SANS CIS 20, STIGs, ITIL, etc.

* Familiarity with the full stack OSI model, as well as TCP/IP protocol suite.

* Familiarity with vulnerability management and patch cycles.

* Familiarity with risk assessments, pen-tests, table-top exercises, BCDR, and change management.

* Familiarity with writing and implementing IT policy, CSIRT plans, and training & awareness programs.

UNIQUE PHYSICAL/MENTAL DEMANDS, ENVIRONMENT AND

WORKING CONDITIONS:

* Requires ability to move items and equipment weighing up to 70 lbs.

* Requires ability to appropriately manage and handle highly confidential information.

* Requires ability to remain focused, self-motivated, and initiative-taking while working independently or on a team, regardless of working onsite or remotely with little to no instruction.

* Requires planning, organizing, and working on multiple tasks at one time with tight time constraints.

* Requires ability to identify the most important tasks and prioritize accordingly.

* Requires ability to implement a logical and structured approach to time management.

* Requires ability to demonstrate a high level of professionalism and show respect to all co-workers, patients, business partners, and members of the public.

* Requires ability to demonstrate a strong collaborative mindset, share knowledge, and function as a contributing member of the team.

* Requires ability to work effectively with all levels of the organization and broad technical understanding, while providing excellent customer service.

* Requires ability to demonstrate a high level of communication skills, both verbal (meeting organizer, training, etc.) and written (E-mail, IT policy, documentation, etc.) to C-level executives, auditors, end users, and engineers.

* Requires ability to quickly learn, conduct own research as necessary, and retain information.

* Requires ability to quickly understand information systems to identify and validate security requirements.

* Requires ability to stay up to date on all current cybersecurity events and zero-day exploitations.

* Requires ability to demonstrate strong critical-thinking and problem-solving skills.

* Requires ability to demonstrate acute attention to detail.

PERFORMANCE RESPONSIBILITIES:

* Monitor all security solutions, investigate all alerts, and respond appropriately to all identified…