Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation’s largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 137 hospital-based locations, in addition to its home-based services and virtual care offerings. CommonSpirit has more than 157,000 employees, 45,000 nurses and 25,000 physicians and advanced practice providers across 24 states and contributes more than $4.2 billion annually in charity care, community benefits and unreimbursed government programs. Together with our patients, physicians, partners, and communities, we are creating a more just, equitable, and innovative healthcare delivery system.

This is a remote position.

Job Summary

CommonSpirit Health is seeking a highly skilled and experienced Application Security Architect to join our Enterprise Cybersecurity Architecture team as a Cybersecurity Principal Engineer. This position will be one of the lead technical authorities for Cybersecurity protections. 

Responsible for monitoring the threat landscape and changing business requirements to identify functional, technological and/or control solutions. Defining integration of Cybersecurity controls in an optimal manner to best protect the organization from cyber threats and exposures. Assist  solution owners with technology selection based on business requirements, required controls, emerging threats, use cases, and desired outcomes. Oversees the design, development, and implementation of solutions while helping to optimize solutions to resolve highly complex technical and business issues related to cybersecurity.  Designs, and develops architectures and solutions to successfully integrate new information security systems with the existing architecture.  

Will be involved in multiple concurrent Information Technology and Cybersecurity initiatives. Acts as a subject matter expert (SME) for one or more cybersecurity, or risk management areas. Mentors other engineers and teams as a leader in the organization.

Job Responsibilities

• Designs, and develops solutions to resolve complex technical and business issues related to information security across multiple functions.
• Reviews and consults on cybersecurity of technology solutions to resolve complex technical and business issues.
• Participates in the design and development process to define Cybersecurity requirements for new solutions within the existing or newly defined architecture. 
• Serves as SME for multiple technical solutions.
• Provide technical assessments of risk associated with new or existing internal and external cloud based solutions.
• Lead security efforts for integration of infrastructure and business solutions associated with cloud environments, including providing cloud expertise in the assessment of cloud provider Request For Information (RFI) and Requests for Proposal (RFP).
• Analyze solution designs for alignment to CommonSpirit Health Cybersecurity Policy and Standards,  best practices and security frameworks e.g. National Institute of Standards and Technology (NIST), The Open Group Architecture Framework (TOGAF), CIS Critical Security Controls, International Organization for Standardization (ISO), MITRE Framework.
• Assess currently deployed environments; provide requirements or recommendations to the design or configurations to address security risk.
• Provide technical guidance/support in troubleshooting security-related issues escalated to Cybersecurity.
• Provide security technical guidance to IAM and/or application security design and configurations. Coordinates with technical teams and business owners’ security solutions to resolve highly complex technical and business issues.
• Works on multiple functions of high complexity with business owners, project management teams and multiple IT technical resources.
• Perform other duties as required.

• Bachelors preferred or equivalent work experience required.
• 7+ years of related job experience required of which minimum 5 years in Security Architecture function.
• Experienced in security architecture of multiple application security platforms. 
• Experienced in Architecture principles and document creation such as Policies, Standards, Principles, Blueprints, Patterns and Whitepapers. 
• Proficient in security assessment in Unix, Network, Cloud, Application and End User/Mobile devices
• Proficiency in at least one or more scripting languages like PowerShell, Python
• Working base knowledge cloud formation automation like Terraform.
• Demonstrated experience working in a high paced multi-tasking environment.
• Strong analytical and problem-solving skills with the ability to function as a change agent
• Strong interpersonal skills and extremely resourceful
• Strong skills with intermediate to advanced level expertise with Excel and PowerPoint or equivalents.
• 2 or more relevant technical/professional security certifications such as Certified Information Systems Security Professional (CISSP), Governance, Risk and Compliance Professional (GRCP), Certified in Risk and Information Systems Control (CRISC), or Certified Information Security Manager (CISM) are preferred

#LI-Remote

#LI-CSH