About the opportunity:
The Information Security Architect serves as the deputy leader for the Information Security program and is responsible for designing, implementing, and maintaining the organization’s enterprise security architecture to ensure the confidentiality, integrity, and availability of systems and data. This role owns security architecture and provides hands‑on guidance across Identity & Access Management (IAM/IGA/PAM), Security Operations (SIEM/XDR), Governance, Risk & Compliance (GRC), Cloud and Network Security, Security Automation, Incident Response, and Data Security & Access Governance. The Security Architect leads efforts to identify, assess, and mitigate security risks across infrastructure, applications, and enterprise systems; defines reference architectures and security guardrails; and drives zero‑trust adoption. Working closely with IT, compliance, and business stakeholders, this role integrates secure‑by‑design practices and enables proactive defense strategies aligned with organizational objectives and regulatory requirements, including those applicable to regulated healthcare environments (HIPAA, HITECH, HITRUST).
What you will do:
- Owns the enterprise security architecture and multi year roadmap, defining target state designs, security standards, and investment priorities; acts as a trusted advisor to executive leadership and drives cross functional delivery across IT, cloud, and product teams.
- Establishes and governs enterprise identity, access, and data protection strategy, including SSO/MFA, federation (SAML, OIDC, OAuth), RBAC/ABAC, IGA lifecycle automation, privileged access management (PAM), and secrets and certificate management—enforcing least privilege and zero standing access at scale.
- Defines and executes cloud security strategy across Azure and AWS by designing secure landing zones and zero trust guardrails; implements and operationalizes CSPM, CWPP, and CIEM capabilities to continuously reduce cloud risk and misconfiguration exposure.
- Leads network and Zero Trust architecture modernization, including micro segmentation, NAC, next generation firewalls, secure remote access, and policy enforcement; delivers measurable isolation of critical systems and reduction of lateral movement risk.
- Elevates security operations architecture and detection strategy, shaping SIEM and XDR correlation across endpoint, identity, email, cloud, and network telemetry; optimizes signal to noise, detection fidelity, and mean time to detect and respond (MTTD/MTTR).
- Owns incident response architecture and organizational readiness, developing playbooks for containment, eradication, and recovery; ensures forensic readiness; leads post incident executive reviews and drives durable control improvements aligned to root cause analysis.
- Scales security automation and orchestration through SOAR and API driven integrations, automating high impact detections, incident response workflows, access reviews, and vulnerability and patch pipelines; maintains policy as code and audit ready evidence collection.
- Hardens enterprise email and social engineering defenses, enforcing DMARC, DKIM, and SPF, advanced BEC protections, and SEG/SASE integrations; analyzing attack trends to inform preventative controls and security awareness initiatives.
- Owns enterprise vulnerability and patch governance, implementing risk based prioritization, remediation SLAs, executive dashboards, and validation of fixes; partners with Infrastructure and Cloud teams to continuously improve hardening baselines and exposure metrics.
- Embed governance, risk, and compliance requirements into security architecture, aligning designs to HIPAA, HITECH, HITRUST, NIST CSF and 800 series controls, CIS Controls, and ISO 27001; delivering defensible metrics and board level reporting.
- Applies healthcare specific security patterns for PHI, EMR/EHR platforms, and connected clinical devices, ensuring secure data flows, strong segmentation, and protection of patient care networks where applicable.
- Leads security platform and vendor strategy, including evaluation and proof of value, selection, enterprise rollout, and optimization of EDR/XDR, SIEM, IAM/IGA/PAM, and cloud security platforms; demonstrate measurable risk reduction and return on security investment.
This description is not intended and should not be construed to be an exhaustive list of all responsibilities, skills and efforts or work conditions associated with the job. It is intended to be an accurate reflection of the general nature and level of the job.
What you will need:
Experience:
- Five years of experience in Information Technology required (multiple areas preferred).
- Three years of experience in healthcare information security preferred.
- Demonstrated knowledge of Network Hardware Configuration, Network Protocols, Information Security requirements for healthcare, and policy creation required.
- Demonstrated knowledge of EMR products preferred.
License(s) & Certification(s):
- Certified Information Systems Security Professional (CISSP) required
- Other IT Security Certifications Desired: CISM, CISA, Microsoft, Cisco
Education:
- Bachelor’s degree in computer science or information systems preferred.
Benefits at Vail Health (Full Time) Include:
- Competitive Wages & Family Benefits:
- Competitive wages
- Parental leave (4 weeks paid)
- Housing programs
- Childcare reimbursement
- Comprehensive Health Benefits:
- Educational Programs:
- Tuition Assistance
- Existing Student Loan Repayment
- Specialty Certification Reimbursement
- Annual Supplemental Educational Funds
- Paid Time Off:
- Up to five weeks in your first year of employment and continues to grow each year.
- Retirement & Supplemental Insurance:
- 403(b) Retirement plan with immediate matching
- Life insurance
- Short and long-term disability
- Recreation Benefits, Wellness & More:
- Up to $1,000 annual wellbeing reimbursement
- Recreation discounts
- Pet insurance
