About City of Hope
City of Hope's mission is to deliver the cures of tomorrow to the people who need them today. Founded in 1913, City of Hope has grown into one of the largest cancer research and treatment organizations in the U.S. and one of the leading research centers for diabetes and other life-threatening illnesses. City of Hope research has been the basis for numerous breakthrough cancer medicines, as well as human synthetic insulin and monoclonal antibodies. With an independent, National Cancer Institute-designated comprehensive cancer center at its core, City of Hope brings a uniquely integrated model to patients spanning cancer care, research and development, academics and training, and innovation initiatives. City of Hope’s growing national system includes its Los Angeles campus, a network of clinical care locations across Southern California, a new cancer center in Orange County, California, and treatment facilities in Atlanta, Chicago and Phoenix. City of Hope’s affiliated family of organizations includes Translational Genomics Research Institute and AccessHopeTM. For more information about City of Hope, follow us on Facebook, Twitter, YouTube, Instagram and LinkedIn.

City of Hope’s commitment to Diversity, Equity and Inclusion
We believe diversity, equity and inclusion is key in serving our mission to provide compassionate patient care, drive innovative discovery, and advance vital education focused on eliminating cancer and diabetes in all of our communities. Our commitment to Diversity, Equity and Inclusion ensures we bring the full range of skills, perspectives, cultural backgrounds and experiences to our work -- and that our teams align with the people we serve in order to build trust and understanding. We are dedicated to fostering a community that embraces diversity - in ideas, backgrounds and perspectives; this is reflected in our work and represented in our people.

** This is a Fully Remote Opportunity. You may sit at any of the 48 States **

Position Summary
The Senior Information Security Architect supports the Office of Information Security in evolving the confidentiality, integrity, and availability of the information assets related to City of Hope business and information systems. The incumbent in this role must have a professional image, the ability to work under pressure, and be able to resolve problems and conflicts.

The incumbent takes a technical leadership role in the information security program by contributing to the development of an enterprise-wide security risk program, policies and standards, vulnerability life-cycle management and remediation, evaluation of new security technologies, and contributes to security incident and event management. The incumbent takes a leadership role in supporting and assisting with coordination and implementation of all process and technical aspects of the Information Security Program. The incumbent will present technical analysis and measures to executive management. Provide input into new security strategies and trends as well as measure and report on the processes that affect the integrity, functionality, and reliability of the City of Hope’s security control framework.

Additional tasks include, but not limited to:

• Conduct infosec due diligence as part of services and product acquisition as well as the M&A process to ensure alignment with defined controls and architecture.
• Develop and maintain a security architecture – define policy, review and approve security impacted projects and changes. Perform periodic assessment against those policies
• Perform regular, periodic reviews of any security testing (e.g. code reviews, health screenings, and penetration tests)
• Monitor the certification and accreditation prior to releasing new systems to production
• Approval of minimum security baseline configurations as well as the controls monitoring functions
• Define host and network based controls
• Define, review, and approve network perimeter controls (e.g. periodic review of firewall rule sets)
• Be a product security champion by driving Security Architecture and Design/Implementation/optimization for Network, Web, API, and Mobile management
• Engage in the initial requirements definition (including analysis of threats, risks, and alignment with Information Security, IT, and Architectural standards
• Conduct and facilitate security reviews, threat modelling, and design reviews throughout the development lifecycle
• Conduct security due diligence as part of the services and product acquisition, as well as the M&A process to ensure alignment with defined controls and architecture
• Define audit logging and monitoring policy and alerting thresholds for tools and events that are managed and identified by Cyber Operations/SOC
• Act as liaison to the COH Architecture Review Board and Change

Key Responsibilities include:

• Architects enterprise wide information security solutions to address the current and emerging security and compliance needs of the business.
• Architects information technology and security controls across complex and diverse networks, applications and infrastructures.
• Develops comprehensive build documentation for security engineers as a blueprint for implementing security architecture and tools
• Develops, reviews, and approves the configuration and installation requirements for LANs, WANs, VPNs, routers, firewalls, and all other related network and security devices.
• Provides guidance in the creation and maintenance of Standard Operating Procedures and other similar documentation.
• Provides highly skilled technical expertise in the planning, implementation, and monitoring of IT enterprise security systems.
• Reviews and approves authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets.
• Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
• Contributes to the team’s continuous improvement efforts
• Oversees and monitors risk mitigation and coordination of policies, standards and controls with the Sr. Manager, CISO and Chief Compliance Officer.
• Develops and implements processes and methodologies for new and existing security tools and technologies.
• Produces high‐quality security architecture specifications, white papers, technical documentation, roadmaps and presentation materials.
• Assess, research, analyze, understand and test emerging innovative security solutions and industry trends around On-prem / Multi-Cloud Security.
• Ensures access to IT systems follow the principal of least privilege, granting assess exclusively based on the requirements to perform job duties.
• Routinely reviews and approves configurations of all security tools and network related security devices.
• Performs special projects as assigned by the Sr. Manager of Information Security.
• Internal Contacts: Across all ITS departments, COH business, research and clinical areas, and VP/Director/Managers.
• External Contacts: Software/hardware vendors.
• Evaluate current information technology systems for information security gaps, identify, and implement remediation solutions.
• Performs other related duties as assigned or requested.
  

Basic education, experience and skills required for consideration:

• Bachelor
• Seven or more years in a technology related field, with a minimum of 5 years in information security specific experience. Hospital/healthcare industry experience is desirable, but not required.
• Working knowledge of Information Security tools, practices, policies and processes in a multi-vendor environment with an emphasis on risk analysis, risk assessment and risk management.
• Management/Computer Information Systems (MIS/CIS), Computer/Electrical Engineering, Computer Science or related field

Required Certification/Licensure:

• CISSP - Certified Information Systems Security Professional (or within 12 months of hire)

Preferred education experience and skills:

Any other certification is highly desirable:

• CISM – Certified Information Security Manager
• CISA – Certified Information Systems Auditor
• GIAC:
  • GISP – Information Security Professional,
  • GSEC – Security Essentials Certification,
  • SSCP- Systems Security Certified Practitioner,
  • GISF- Information Security Forensics,

Additional Information:
The estimated pay scale represents the typical [salary/hourly] range City of Hope reasonably expects to pay for this position, with offers determined based on several factors which may include, but not be limited to, the candidate’s experience, expertise, skills, education, job scope, training, internal equity, geography/market, etc. This pay scale is subject to change from time to time.

As a condition of employment, City of Hope requires staff to comply with all state and federal vaccination mandates.

City of Hope is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, or status as a qualified individual with disability.
#LI-CL