About the job
The Architect – Security establishes, monitors and maintains the overall Security Architecture within Sidra, as the roles primary function. The post holder reports into the Manager – Architecture Services and is responsible for the design, review and ongoing improvement of secure, stable and available solutions to Sidra Medicine and its patients and partner organizations.
The Architect sets and maintains the security standards for Sidra and measures compliance and improvement plans against these set standards. The incumbent is seen as a mentor and leader to the wider organization who is directly involved in the assessment, management and troubleshooting of all security related issues and solutions. S/he sets the strategic direction for security in relation to the overall ‘IMT Urban Planning’ at Sidra Medicine. S/he maintains a significant knowledge base and certification in Security Architecture, Healthcare IT, Risk Management, Governance and Disaster Recovery.
The Architect works hand-in-glove with security governance, operational security and infra teams to ensure that Sidra is compliant to technical, legal and licensure requirements. S/he evaluates current and proposed solution architectures and sets the standard for the deployment, adoption and retirement of systems and operational processes. S/he keeps knowledge current and relevant to Sidra Medicine and maintains the security asset inventory within the Sidra Enterprise Architecture framework. The post holder reviews current security measures, recommends enhancements, identifies areas or weaknesses and oversees mediation and improvement plans put in place to address risks and issues identified.
The Architect continuously evaluates security systems along with the Infrastructure Architect including (but not limited to) networking, VPN, routers, firewalls, intrusion detection, security appliances, storage, PKI, certificate auth., OS configuration and application design and configuration.
The Architect works with the Data & Information Architect in the security and definition of Data, the corporate wide data security identification and classification, Information and Integration standards and patterns to ensure that they are secure, reliable and available. The incumbent, therefore, has a sound understanding of information models in Healthcare and experience in software development.
The Architect works with application configuration and development teams, evaluates and responds to security risks and issues identified. The role holder requires sound understanding and experience of Cloud security for solutions that are hosted within the cloud in various different forms, strong emphasis on subjects such as the sovereignty of data and information privacy as Sidra Medicine is moving towards a model where cloud services are a critical part of the IT and Information ecosystem at Sidra Medicine.
The Architect participates in the evaluation and subsequent implementation of solutions for their area of specialism. The work requires inputs to be provided from the relevant architectural and functional standard and for the post holder to review, recommend and resolve differences between solutions proposed and what can be accepted at Sidra Medicine. The incumbent facilitates and participates in regular compliance and audit processes to ensure that all solutions are compliant and/or the risks of the solution are known and acknowledged by the Sponsor. The post holder maintains a program to continuously evaluate, provide assurance and report on the effectiveness of the security controls within vendors’ and services providers’ environments.
KEY ROLE ACCOUNTABILITIES
Planning and Design Activities:
- Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
- Develops security strategy plans and roadmaps based on sound enterprise architecture practices
- Develops and maintains security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
- Develops and maintains IT solutions evaluation and validation framework (procedures, questionnaires, forms and templates) to cover IT solutions lifecycle (initial requirements definition and procurement, security accreditation criteria, deployment validation and post implementation review)
- Determines baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation and identity and access management (IAM)
- Develops and maintains a program for data security identification, classification and impact assessment.
- Develops standards and practices for data encryption and tokenization in the organization, based on the organization’s data classification criteria
- Drafts security procedures and standards to be reviewed and approved by executive management
- Establishes a taxonomy of indicators of compromise (IOCs) and share this detail with other security colleagues, including the security operations center (SOC), information security managers and analysts, as well as counterparts within the network operations center (NOC)
Bachelor’s Degree in computer science, information systems, cybersecurity, or a related field.
- 7+ years of experience inclusive of
- Experience in IT, technology, Healthcare IT environment
- Experience in IT management
- Experience in IT Security and risk management
- Professional Cloud Solutions Architect Certification
- Azure Security Engineer Associate
- TOGAF 9 Certification
- CompTIA Security+ certification
- CISSP Certification