Description:
We are hiring for this client an experienced Security Architect with proven expertise in healthcare IT security, compliance frameworks, and enterprise-grade architecture. The selected candidate will play a critical role in securing sensitive healthcare data, ensuring compliance with strict US healthcare regulations, and shaping the security posture of enterprise systems.
Key Responsibilities
- Architect and implement end-to-end security solutions across EHR, billing, and credentialing platforms.
- Ensure compliance with HIPAA, HITRUST, SOC 2, and NIST CSF standards.
- Design and enforce Zero Trust Architecture (ZTA) across systems and environments.
- Lead threat modeling, vulnerability management, and penetration testing coordination.
- Build secure cloud infrastructures (AWS/Azure/GCP) with advanced IAM, encryption, and monitoring.
- Develop and oversee incident response, forensics, and disaster recovery processes.
- Implement DevSec Ops practices within CI/CD pipelines.
- Establish strong data security policies: encryption at rest/in transit, tokenization, secure data exchange.
Qualifications
- 8+ years in IT security, with at least 4+ years as a Security Architect or equivalent role.
- In-depth knowledge of healthcare regulations (HIPAA, HITRUST, SOC 2, GDPR for healthcare).
- Hands-on experience with:
- Cloud security (AWS KMS, IAM, Azure Security Center).
- IAM (Azure AD, SAML/OAuth2.0, RBAC).
- Application security (OWASP Top 10, API security, container security – Docker/Kubernetes).
- Network security (firewalls, IDS/IPS, VPNs).
- Familiarity with Zero Trust, Identity Federation, and SSO frameworks.
- Relevant certifications highly preferred: CISSP, CISM, CCSP, HCISPP, HITRUST CCSFP.