Job Summary
The Solutions Architect is responsible for the design, evaluation, implementation, and continuous improvement of enterprise cybersecurity architectures and security controls across the health system. This role serves as a strategic and technical advisor to Information Technology, Information Security, Clinical Engineering, and business stakeholders to ensure that security requirements are appropriately integrated into technology initiatives. The Solutions Architect develops secure architectural standards, evaluates emerging technologies, guides security design decisions, and helps ensure compliance with healthcare regulatory requirements including HIPAA, industry frameworks, and organizational cybersecurity standards. The position plays a critical role in protecting the confidentiality, integrity, and availability of patient, clinical, financial, and operational information assets.
Essential Job Functions
The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.
§ Responsible for:
§ Cross cross-platform integration
§ Workflow mapping
§ API security
§ Identity mapping across 400 apps
§ SSO expansion
§ Specific Project Focus:
§ Secure API strategy
§ Interoperability improvements
§ Leading Tier 3 data recovery remediation initiatives, including application and workflow mapping, documenting cross-system dependencies, and aligning BC/DR plans with clinical and business operations
§ Design and maintain enterprise cybersecurity architectures aligned with business objectives, risk tolerance, and regulatory requirements.
§ Serve as the cybersecurity lead for strategic technology initiatives, including cloud deployments, application implementations, infrastructure modernization efforts, and digital transformation projects.
§ Conduct security architecture reviews for new and existing systems, applications, networks, and third-party solutions.
§ Develop and maintain cybersecurity reference architectures, standards, patterns, and technical design documentation.
§ Collaborate with infrastructure, networking, application development, cloud, and clinical technology teams to integrate security controls into solution designs.
§ Evaluate emerging technologies and recommend appropriate security controls and architectural approaches.
§ Perform threat modeling and risk assessments for critical technology initiatives and systems.
§ Provide technical guidance regarding identity and access management, network security, endpoint protection, cloud security, data protection, encryption, and security monitoring solutions.
§ Support implementation of Zero Trust principles and security-by-design methodologies across the organization.
§ Review and approve security exceptions, compensating controls, and risk mitigation strategies.
§ Assist in the development and maintenance of cybersecurity policies, standards, procedures, and technical guidelines.
§ Participate in incident response activities, root cause analysis, and post-incident remediation planning as needed.
§ Support internal and external audits, regulatory assessments, and compliance initiatives.
§ Collaborate with vendors and third-party service providers to evaluate security capabilities and risks.
§ Develop technical roadmaps and recommendations that enhance the maturity of the organization's cybersecurity program.
§ Provide mentorship and technical guidance to cybersecurity engineers, analysts, and other IT personnel.
§ Maintain awareness of evolving cybersecurity threats, healthcare industry risks, and regulatory requirements.
Knowledge & Skills
Education & Experience
§ Bachelor's degree in Information Technology, Information Security, Computer Science, Engineering, or a related field required.
§ Minimum of 7 years of progressively responsible experience in information technology, cybersecurity, or infrastructure engineering.
§ Minimum of 3 years of experience designing enterprise security architectures and implementing cybersecurity controls.
§ Experience supporting healthcare organizations, health systems, hospitals, or other highly regulated environments preferred.
§ Experience with cloud platforms including Microsoft Azure, Amazon Web Services (AWS), and/or Google Cloud Platform (GCP) preferred.
§ Experience with enterprise security technologies such as SIEM, IAM, EDR/XDR, vulnerability management, data protection, and network security platforms.
§ Experience conducting risk assessments, security architecture reviews, and threat modeling activities.
§ Experience supporting regulatory and compliance frameworks including HIPAA, NIST CSF, HITRUST, CIS Controls, PCI DSS, and ISO 27001 preferred.
Special Skills & Knowledge
§ Advanced knowledge of cybersecurity architecture principles, methodologies, and best practices.
§ Strong understanding of healthcare information systems, electronic health records (EHRs), medical devices, and clinical workflows.
§ Knowledge of healthcare regulatory and compliance requirements, including HIPAA Security Rule and privacy regulations.
§ Expertise in cloud security architecture, identity and access management, network segmentation, and data protection technologies.
§ Strong understanding of Zero Trust Architecture concepts and implementation strategies.
§ Knowledge of application security principles, secure software development practices, and DevSecOps methodologies.
§ Familiarity with cybersecurity frameworks including NIST Cybersecurity Framework (CSF), NIST SP 800-53, HITRUST, CIS Controls, and ISO 27001.
§ Ability to perform technical risk assessments and communicate findings to both technical and executive audiences.
§ Strong analytical, problem-solving, and decision-making skills.
§ Excellent verbal, written, and presentation communication skills.
§ Ability to develop executive-level recommendations and business-focused risk analyses.
§ Ability to influence technical and business stakeholders without direct authority.
§ Strong project leadership and cross-functional collaboration skills.
§ Ability to balance security requirements with operational, clinical, and business objectives.
§ Demonstrated ability to manage multiple priorities in a fast-paced healthcare environment.
§ Commitment to continuous learning and professional development in cybersecurity and healthcare technology.
Licenses, Certifications, etc.
§ Required certifications: CISSP, CCSP, CISM, or similar/equivalent.
Requirements
Supervisory Responsibility
§ N/A
Working Conditions & Travel Requirements
§ Hybrid in Austin, TX or Nashville, TN.
§ Travel as needed
Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities. If a reasonable accommodation is needed to perform this position, you need to inform Fortified Health Security People and Culture Team of such request. Signatures below indicate the receipt and review of this job description by the associate assigned to the position and the People and Culture Team.
