Director, Lead Security Architect

About the job

Job Description

Community Health Systems is a leading operator of general acute care hospitals and outpatient care centers in communities across the United States. CHS affiliates own, lease or operate 83 affiliated hospitals in 16 states with an aggregate of approximately 13,000 licensed beds. Healthcare services are also provided in more than 1,000 outpatient sites of care including affiliated physician practices, urgent care centers, freestanding emergency departments, imaging centers, cancer centers, and ambulatory surgery centers.

Community Health Systems is a leading operator of general acute care hospitals and outpatient care centers in communities across the United States. CHS affiliates own, lease or operate 83 affiliated hospitals in 16 states with an aggregate of approximately 13,000 licensed beds. Healthcare services are also provided in more than 1,000 outpatient sites of care including affiliated physician practices, urgent care centers, freestanding emergency departments, imaging centers, cancer centers, and ambulatory surgery centers.

Summary

This position is responsible for coordinating and managing the successful delivery of cybersecurity architecture services for the Oracle ERP transformation program (Finance, Supply Chain and Human Capital suite of products) to ensure enterprise technology solutions comply with security and compliance policies, standards, and requirements. The person in this role will work with the project team to define the scope, work effort, and deliverables for the security engagement and will oversee multiple workstream engagements executing in parallel. Additionally, the lead cybersecurity architect is responsible for meeting or exceeding engagement expectations, on-time and on-budget, and is expected to effectively exercise leadership and guidance to enable the ERP team’s success. This role is also responsible for the development and continued improvement of Cloud services (including IaaS, SaaS and PaaS) at CHS. This person must be able to draw from a deep background in enterprise technology and security principles and solutions, as well as their understanding of business functions, to clearly articulate and discuss identified business risks and various options for mitigating those risks. Communicating security risks and solutions to the project team, business partners and IT staff will be a critical part of this role.

Responsibilities

• Develop cybersecurity cloud architecture strategy plan and roadmap based on sound industry and enterprise architecture practices
• Develop and maintain cybersecurity cloud reference architecture based on industry standards and a “fit” for CHS
• Develop and maintain cybersecurity cloud architecture artifacts (e.g., models, patterns, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
• Determine baseline security configuration standards for cloud services
• Develop standards and practices for cloud protection
• Provide cyber security guidance to the implementation of the Oracle ERP Transformation program based on CHS cybersecurity policies and standards
• Scope the cybersecurity portion of the ERP transformation program
• Develop reference architectures and design patterns for the ERP system in terms of cybersecurity controls
• Responsible for the design, of security functionality within the Oracle Cloud application across Finance, Supply Chain and Human Capital suite of products
• Partner and collaborate with transformation functional workstreams to understand and facilitate the ERP transformation by ensuring users have sufficient privileges to perform duties with Oracle Cloud, while meeting compliance objectives
• Support security reviews and access audits, recommend security solutions, advise on application-level security configurations
• Work with the enterprise architect and solution architect to develop the program “security view of architecture”
• Perform architecture decomposition and define and validate security requirements through every phase of implementation
• Develop and drive implementation of technical security specifications
• Determine technical security residual risks and recommendations

Job Requirements

Education

• Bachelor’s or Master’s Degree in Computer Science, Information Systems, or other related field.

Knowledge And Experience

• 8+ years of hands-on experience in the information security field with expert knowledge of ERP platform, application, storage, data, network, virtualization, cloud and mobile security required.
• 2+ years of leadership experience with planning and managing security engagements.
• In-depth knowledge of cybersecurity frameworks including but not limited to NIST CF, HITRUST CSF, ISO 27001.
• Strong knowledge of laws and regulations including but not limited to PCI-DSS, and HIPAA-HITECH.
• Experience in using architecture methodologies such as SABSA, Zachman, or TOGAF
• A strong working understanding of enterprise ERP technologies, operations, and architectural principles and models.
• Knowledge of laws, regulations, and standards relevant to publicly traded companies and the healthcare industry.
• Excellent written and verbal communication skills. Must be able to effectively communicate technical concepts to a non-technical audience.

Certification

• CISSP certification desired but not required.

Physical Demands

In order to successfully perform this job, with or without a reasonable accommodation, the following are outlined below:

• The Employee is required to read, review, prepare and analyze written data and figures, using a PC or similar, and should possess visual acuity.
• The Employee may be required to occasionally climb, push, stand, walk, reach, grasp, kneel, stoop, and/or perform repetitive motions.
• The Employee is not substantially exposed to adverse environmental conditions and; therefore, job functions are typically performed under conditions such as those found within general office or administrative work.