Members of the MemorialCare System Cybersecurity job family implement security systems, analyze current systems for vulnerabilities, and work collaboratively, to protect computer systems, networks, and data. MemorialCare's Cybersecurity Team uses industry standards and cybersecurity intelligence to implement security measures to mitigate risks and respond to incidents.
Sr. Principal Cybersecurity Architects are experts in information security, analysis, and control solutions. They focus on multiple cybersecurity functions and partner with a team of experts to ensure MemorialCare's technology teams are building solutions that enhance our security from all angles. They spearhead ongoing IT security control initiatives and are involved in cybersecurity response, control development and risk management. They collaborate across our global technology teams and lines of business to ensure we have the proper policies and controls in place. Sr. Principal Cybersecurity Architects serve as a central point of contact to ensure operations and strategy are working as planned. They work with the primary stakeholders and help develop and implement programs that will mature MemorialCare. Additionally, as a recognized subject matter expert in cybersecurity and risk, they engage in strategic dialogue with business and technology leaders from across the company and have a direct influence on the future state of cybersecurity at MemorialCare.
Essential Functions and Responsibilities of the Job
Plan security systems by evaluating network and security technologies.
Design public key infrastructures (PKIs), adhering to industry standards.
Oversee the response to Critical and High severity vulnerabilities.
Identify, propose, and realize strategic security initiatives to improve capabilities.
Set direction and rules for enterprise-wide management IT security risk.
Function as an application security spokesperson translating security concepts into language that is meaningful to varying audiences.
Conduct business level security architecture assessments to evaluate existing security program(s) and cloud application architecture.
Lead the development and execution of security architecture and engineering, supporting enterprise initiatives.
Evaluate new means to solve existing production security issues. Recommend modifications in legal, technical, and regulatory areas that affect IT security.
Stay abreast of cyber security threats and solution landscapes. Manage changes in software, hardware, facilities, telecommunications and user needs.
Manage overall Cyber Security maintenance of business (MOB) including monitoring and maintaining operational configurations, reviewing security logs and reports, and monitoring ticketing queues and investigating reported problems.
Partner with IS teams to remediate security vulnerabilities and respond to information security incidents.
Participate in performing the deployment, integration, and initial configuration of all new security solutions. Report regular status of projects and operational issues.
Assume technical ownership of critical areas of MemorialCare's operational security
Experience
Minimum 11 years technical specialist or equivalent IT security experience
Demonstrated ability to plan, manage and implement large scale security systems/projects
Proven ability to work cross-functionally with other technologies and program teams
Experienced integrating new architectural analysis of cybersecurity features and relates existing system to future needs and trends
Demonstrated strategic vision with a track record of successful delivery of business objectives
Proven mastery of multiple business disciplines and functions, including risk and control assessments, access controls, secure systems development lifecycle, vulnerability management, and data protection
Demonstrated broad knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer facing services.
Proven understanding of security for structured databases and unstructured data, such as access controls, encryption, and monitoring.
Proven working knowledge of technology used in modern data center environments, such as virtualization, containerization, cloud, high availability and disaster recovery
Established understanding of Software Development Lifecycle (SDLC) and Infrastructure Development Lifecycle (IDLC) processes
Proven ability to work with compliance frameworks and requirements such as PCI, HIPAA, GDPR, and SOX
Proven strong security architecture and network design experience
Established technical knowledge of overall organizational IT infrastructure and software administration protocols.
Demonstrated hands on experience in building and troubleshooting complex technology deployments
Experienced in securing a wide variety of systems in many different operating environments
Demonstrated extensive knowledge of Health Care industry security/privacy policies, regulatory issues and requirements (HIPAA, HITECH, NIST, PCI) with previous participation in organizational policy development and compliance
Education
Master's degree or an equivalent combination of education and relevant experience
Certified Information Systems Security Professional (CISSP) preferred
Cisco Certified Network Professional (CCNP) preferred