Please apply online using a laptop or desktop computer.
NMDP is a non-profit organization in the exciting and rapidly evolving cellular therapy industry. We seek an Information Security Architect to maintain and improve our security practice with system integration, software development, and application deployment pipelines.
The Information Security Architect is responsible for the definition, standardization and reuse of practical security architecture patterns for internally developed applications, integration of third-party applications and the supporting infrastructure. This role is responsible for ensuring that solution security patterns are in alignment with NMDP's Enterprise Architecture, Infrastructure and Information Security strategies, as well as with company's business strategies and product roadmaps.
The successful Information Security Architect will work across the global corporate organization to translate business requirements into security architectures and requirements, build security blueprints and roadmaps, provide long-range guidance on technology selection and implementation within one or more shared systems, and will assume a technical leadership and mentoring position on large development initiatives. This is a hybrid position in Minneapolis. #LI-Hybrid
Check out our video Saving Lives: It's the Best Job Ever
ACCOUNTABILITIES:
Collaborates across all areas of Information Technology to ensure solution patterns, technologies and toolsets align with the Enterprise Security and Information Technology strategic plans and budgets.
Mature the DevSecOps solutions and practices to maintain and accommodate the changing needs of Application Development teams.
Provides architecture support and guidance to the project delivery teams. The Information Security Architect will:
Provide technical guidance, analysis and direction, for enterprise wide key projects and strategic initiatives as it relates to information security and privacy. Find common ground and gain cooperation when conflicts arise and provide process improvements.
Influence the integration of information security principles in the solution design, processes, and standards, based on business, regulatory, or customer requirements.
Define and specify the artifacts and the requirements to be met at the project level and to be included in project plans.
Manage the relationship with project teams by providing positive and solution-oriented leadership.
Provide support on use of the Enterprise Security architecture standards and promote their use and enhancement with new or existing solutions.
Assess solution architectures for new or existing solutions and conduct security reviews at various stages during the project life cycle. Identify security risks, through threat modeling, associated with solution architectures, and recommend actions and mitigation strategies to address them.
Create security architecture documentation that provides a comprehensive overview of a system's security plan.
Coach engineering and related teams on securing CI-CD/DevOps practices.
Assists Enterprise Architecture with the definition and management of the organization's security architecture, its roadmap and its realization through application and infrastructure development lifecycles.
Other duties as assigned.
REQUIRED QUALIFICATIONS:
Knowledge of:
Deep understanding of the relationship between application design, data and infrastructure environments. Demonstrated experience working across security competencies, such as Identity and Access Management, Cloud Security, Data Security, Container Security, and Application Security.
Strong understanding of secure software development practices and technologies, including vulnerability detection/identification/remediation.
Intimate knowledge of threat modeling (OWASP, MITRE).
General knowledge of security frameworks (ISO, NIST, HIPAA, etc.)
Ability to:
Demonstrate strong business and technical skills in the planning, administration, and management of information systems, administrative and technical security controls; and security risk analysis, threat modeling and management.
Demonstrate strong interpersonal and organizational skills; demonstrated success in working both independently and in a team environment. Above average written and oral communication skills. Demonstrated strong analytical and creative problem solving, and the ability to manage multiple and rapidly changing priorities.
Demonstrate excellent written and oral presentation skills. Excellent facilitation, collaboration and negotiation skills.
Education and/or Experience:
Bachelor's degree in computer science, management information systems, or related field. However, upon evaluation, equivalent related experience and/or education may be substituted for the degree.
Eight years of Information Security experience with responsibilities spanning many Information Security disciplines. Prior health care experience strongly preferred.
PREFERRED QUALIFICATIONS: (Additional qualifications that may make a person even more effective in the role, but are not required for consideration)
At least one Information Security industry certification (e.g., CISSP, GIAC, CISM) is strongly preferred.
Cloud security and risk assessment experience preferred.
Experience with Salesforce a plus.
DEI COMMITMENT:
As part of our values, we are committed to supporting diversity, equity, and inclusion at NMDP. We actively celebrate colleagues' different abilities, sexual orientation, ethnicity, faith, and gender. Everyone is welcome and supported in their development at all stages in their journey with us.
NMDP offers regular, full-time employees medical, dental, vision, life and disability, accident/critical illness/hospital, well-being, legal, identity theft and pet benefits. Retirement, paid time off/holidays, leave and incentive plans are also offered to eligible employees. Please reference this link for more information: NMDP Benefit Information