IT Security Architect

San Diego, CA, United States

Facility: Corporate Offices

City San Diego

Department

Job Status

Regular

Shift

Day

FTE

1

Shift Start Time

Shift End Time

Certified Information Systems Security Professional (CISSP) - (ISC)²; Certified in Risk and Information Systems Control (CRISC) - ISACA; Offensive Security Certified Professional (OSCP) - Offensive Security; Bachelor's Degree; Master's Degree

Hours

Shift Start Time:

9 AM

Shift End Time:

5 PM

Additional Shift Information:

Weekend Requirements:

As Needed

On-Call Required:

Yes

Hourly Pay Range (Minimum - Midpoint - Maximum):

$66.636 - $85.982 - $105.328

The stated pay scale reflects the range that Sharp reasonably expects to pay for this position. The actual pay rate and pay grade for this position will be dependent on a variety of factors, including an applicant’s years of experience, unique skills and abilities, education, alignment with similar internal candidates, marketplace factors, other requirements for the position, and employer business practices.

What You Will Do

Principal Information Technology (IT) Security Architects; perform risk assessments of Sharp HealthCare infrastructure, applications, services, and processes; develop and implement policies and minimum security standards; and develop, implement, and monitor security controls throughout Sharp HealthCare enterprise. In case of a security breach or directed insider threat, Principal IT Security Architects lead incident response and investigative activities as necessary. Principal IT Security Architects act as mentors to staff and subject matter experts to stakeholders across the wide spectrum of IT disciplines, e.g., applications, operating systems, databases, and digital forensics.

Required Qualifications

Bachelor's Degree Applicable field (Computer Science or Electrical, Mechanical, or Computer Engineering is highly desired.)

10 Or More Years Experience designing, developing, configuring, installing, supporting, and monitoring IT systems such as; TCP/IP networking devices; operating systems; databases; and other IT applications

Preferred Qualifications

Master's Degree

Ability to develop moderately complex applications utilizing common languages such as Java, Python, C, or C++ Certified Information Systems Security Professional (CISSP) - (ISC)² -PREFERRED

Certified in Risk and Information Systems Control (CRISC) - ISACA -PREFERRED

Offensive Security Certified Professional (OSCP) - Offensive Security -PREFERRED

Other Qualification Requirements

Certified Information Security Auditor (CISA) Required within 12 months of hire. EnCase Certified Examiner (EnCE) Required within 12 months of hire.

Essential Functions

Communication and mentoringAssumes a technical leadership role in ITRM process and solutions development, providing supervision and guidance to other team members as appropriate. Must demonstrate a consistent ability to lead others and work without supervision. Presents feedback to both team members and leadership to effectively manage both individual and team performance. Manages stakeholder and department expectations through effective client communication, resolving conflicts and department issues independently through effective decisions.Provides guidance for new and existing ITRM team members in operational tasks in order to maximize effectiveness.Proposes and implements creative solutions to IT security issues with follow-through to resolution.Works independently with ability to exercise discretion and make decisions based on distinct issues.Provides technical direction, guidance and oversight for service-related activities of ITRM members.Leads training of ITRM forensic and investigative processes.

Department supportEnsure that information systems are designed, acquired, installed, implemented, documented and supported to provide the best business value to the information security program. Ensure that any applicable standards, workflows and processes associated with these solutions are documented and communicated to all team members.Demonstrates a strong understanding of Sharp HealthCare, IT and ITRM business goals and objectives.Integrate ITRM governance into the overall enterprise governance framework.Provides expert guidance to team members about monitoring, measuring, testing and reporting on the effectiveness and efficiency of ITRM controls and compliance policies.Leads department efforts to evaluate, recommend and implement methods and approaches to providing continuous monitoring of security activities in the enterprise's infrastructure and business applications.Plan, coordinate, and execute significant initiatives to a successful conclusion.Leads department efforts to evaluate, recommend and implement testing of the effectiveness and applicability of information security controls (e.g., penetration testing, password cracking, social engineering, assessment tools).Develops moderately complex applications and processes in order to optimize ITRM security operations.

Data Loss Detection and PreventionDevelops and maintains skills in establishing controls to monitor for inappropriate handling or distribution of Sharp HealthCare's sensitive data. Establishes appropriate controls to protect Sharp HealthCare's sensitive data, and monitors for potential loss of that data.Leads efforts to develop and maintain processes and controls to monitor for anomalous and/or suspicious activity related the handling of Sharp HealthCare sensitive data.Responds appropriately to issues discovered through established controls.Works with stakeholders to ensure that proper handling and processing of Sharp HealthCare's sensitive data is maintained.Ensures that potential data breaches are communicated effectively to the appropriate management in a timely manner.

Risk Assessment and Security ArchitectureDevelops and maintains skills in assessing risk, and creatively developing and communicating meaningful controls that align with Sharp HealthCare's business drivers. Acts as in-house consultant and subject matter expert to stakeholders, and is responsible for performing risk assessments, delivering risk reports and recommended remediation guidelines, and ensuring issues are effectively tracked to an acceptable resolution.Assesses risks, threats and vulnerabilities associated with new and existing systems and business processes.Develops and recommends internal control solutions that are proportional to risk.Report significant changes in IT security risk to appropriate levels of management for remediation on both a periodic and event-driven basis.Proactively monitors and reports on status and progress of all risk assessment and IT security architecture assignments.Performs detailed review for architectural and technical risk assessments prepared by ITRM team members as requested.Provides detailed feedback and mentoring to ITRM team members as appropriate regarding information security architecture and technical risk assessment principles, tools, and techniques.Demonstrates knowledge of regulatory requirements and their potential business impact from an IT security and risk management standpoint.Proactively reviews technology and industry trends in risk, threat, and vulnerabilities and leverages this knowledge to recommend meaningful internal control solutions to protect the systems, processes, and sensitive data of Sharp HealthCare.

Security Event MonitoringDevelops and maintains effective security event monitoring, controls, processes, and technologies that identify threats to Sharp HealthCare's infrastructure and systems so that patient care is not disrupted.Collaborates with stakeholders and other ITRM team members to define reasonable, meaningful, and actionable security controls.Proactively monitors established controls for known threats and anomalous activity indicating potential risk to Sharp HealthCare's ability to deliver patient care.Responds to all security events within the required time period as defined by ITRM leadership.Ensures that all assigned aspects of security events are tracked to completion, and adequately resolved.Assists in the development, collection, and interpretation of key performance indicators and reports as to the efficacy of Sharp HealthCare's established controls.

Incident Response and InvestigationsDevelops and maintains skills in responding to system and data breaches by internal and external threat actors. Performs forensic duties in support of Sharp HealthCare as necessary.Leads efforts to ensure that forensic capabilities and processes are tested periodically for proper functionality.Supports stakeholders in performing forensic collections and investigations, and delivering comprehensive reports of findings as requested.Leads investigations of information security events (e.g., forensics, evidence collection and preservation, log analysis, interviewing).Maintain and develop knowledge in the components of incident response and investigations.Demonstrates knowledge of the forensic requirements for collecting, preserving and presenting evidence (e.g. admissibility, quality and completeness of evidence, chain of custody).Develops processes in order to, and ensures that investigation reports, supporting evidence and data, and other incident or investigative-related documentation is adequately maintained.Proposes and develops new capabilities to align with the emerging technologies and changes to Sharp HealthCare's enterprise.Acts as ITRM Event Commander during critical ITRM Event Management instances.

Knowledge, Skills, and Abilities

Must have excellent customer service skills, and be a good communicator and team player.

Must be able to effectively work with Sharp management, staff, physicians, and vendors; to communicate accurately and effectively with people, verbally and in writing; to achieve results for the organization with and through people; to practice good time management and to demonstrate good leadership skills.

Demonstrates strong expertise in IT security principles and best practices, as applied to distributed systems, local area networks, clinical application systems, telecommunications, mobile devices and other IT disciplines.

Must have a solid understanding of the legal, ethical, managerial and organizational principles and standards for acute care hospitals and multi-facility health systems in California (Preferred).

Sharp HealthCare is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, gender identity, sexual orientation, age, status as a protected veteran, among other things, or status as a qualified individual with disability or any other protected class