Senior Information Security Architect

Harvard University, United States

Updated: 26 days ago

27-Mar-2024

Harvard Medical School

65408BR


Position Description

The Senior Information Security Architect is a pivotal role focused on safeguarding the data and IT infrastructure of Harvard Medical School and Harvard School of Dental Medicine from cyber threats. This professional is responsible for the architectural design, implementation, and ongoing enhancement of security solutions. The role demands a sophisticated understanding of HMS and HSDM IT systems, a forward-thinking approach to threat detection and mitigation, and effective collaboration across various departments. This role will closely partner with others across HMS IT and Security to further enable the HMS mission through implementing an effective security eco-system.

Key Responsibilities:

  • Security Strategy Development: Lead the creation and execution of a strategic, comprehensive enterprise information security architecture and design methodology to ensure the protection of information assets.
  • Secure Architecture Assessment: Assess current systems and platforms in place for risk assessment/recommendations based on current systems and programs.
  • Security Architecture Design: Design and implement secure systems and networks, ensuring they fulfill technical and functional security requirements.
  • Secure SDLC Design: Integrate security best practices and methodologies through all phases of the Software Development Life Cycle (SDLC) to ensure secure design, development and deployment of applications.
  • Compliance and Standards: Work with compliance and risk teams to ensure industry standards and regulatory requirements such as ISO 27001, GDPR, HIPAA, SOC 2, etc.
  • Threat Modeling: Lead the design and implementation of a threat-modeling program at HMS. Conduct detailed threat modeling to identify potential security issues and vulnerabilities, developing strategies to counteract these risks.
  • Penetration Testing: Coordinate and execute penetration testing activities to proactively discover and rectify security weaknesses within the organization's IT environment.
  • Building and Maintaining Security Asset Management Platform: Develop and sustain an integrated security asset management platform to ensure a comprehensive understanding and management of all security-related assets. This includes inventory tracking, security posture assessment, and lifecycle management to enhance the organization's security framework.
  • Emerging Technology Monitoring: Keep abreast of the latest security technologies and trends, along with potential threats, to continuously improve the security stance of the organization.
  • Stakeholder Collaboration: Work closely with IT, compliance, and business units to ensure security measures are aligned with business objectives and operational needs.

Basic Qualifications

  • Minimum of seven years’ post-secondary education or relevant work experience

Additional Qualifications and Skills

  • Minimum of 5-7 years experience in an information security role, with at least 2-3 years in security architecture or similar capacity.
  • Professional security management certification, such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or equivalent, is highly preferred.
  • Deep knowledge of security protocols, cryptography, authentication, authorization, and overall security.
  • Proficiency in cloud security architecture and mobile security.
  • Expertise in threat modeling, penetration testing, and security asset management.
  • Experience designing and implementing enterprise-wide security programs and frameworks.
  • Excellent verbal and written communication skills, with the ability to effectively communicate security and risk-related concepts to a broad audience.
  • Strong collaboration and influence skills to partner with stakeholders.
  • Demonstrated leadership skills and the ability to mentor team members.
  •  

Certificates and Licenses

  • Completion of Harvard IT Academy Information Security Foundations course (or external equivalent) preferred
  • IT Security Certification preferred; e.g., CISSP, CISA/CISM, and/or GIAC

Additional Information

The health of our workforce is a priority for Harvard University. With that in mind, we strongly encourage all employees to be up-to-date on CDC-recommended vaccines.

Please note that we are currently conducting a majority of interviews and onboarding remotely and virtually. We appreciate your understanding.

The Harvard Medical School is not able to provide visa sponsorship for this position.

Not ready to apply? Join our talent community to keep in touch and learn about future opportunities! ( https://www.gem.com ?formID=16341e35-cbc6-4904-88a3-09b35763307e)


Work Format Details

This position is eligible for 100% remote work. Employees may work from any of the Harvard Registered Payroll States, which currently includes Massachusetts, Connecticut, Maine, New Hampshire, Rhode Island, Vermont, Georgia, Illinois, Maryland, New Jersey, New York, Virginia, Washington, and California (CA for exempt positions only). Certain visa types and funding sources may limit work location. Individuals must meet work location sponsorship requirements prior to employment.


Benefits

We invite you to visit Harvard's Total Rewards website (https://hr.harvard.edu/totalrewards ) to learn more about our outstanding benefits package, which may include:

  • Paid Time Off: 3-4 weeks of accrued vacation time per year (3 weeks for support staff and 4 weeks for administrative/professional staff), 12 accrued sick days per year, 12.5 holidays plus a Winter Recess in December/January, 3 personal days per year (prorated based on date of hire), and up to 12 weeks of paid leave for new parents who are primary care givers.
  • Health and Welfare: Comprehensive medical, dental, and vision benefits, disability and life insurance programs, along with voluntary benefits. Most coverage begins as of your start date.
  • Work/Life and Wellness: Child and elder/adult care resources including on campus childcare centers, Employee Assistance Program, and wellness programs related to stress management, nutrition, meditation, and more.
  • Retirement: University-funded retirement plan with contributions from 5% to 15% of eligible compensation, based on age and earnings with full vesting after 3 years of service.
  • Tuition Assistance Program: Competitive program including $40 per class at the Harvard Extension School and reduced tuition through other participating Harvard graduate schools.
  • Tuition Reimbursement: Program that provides 75% to 90% reimbursement up to $5,250 per calendar year for eligible courses taken at other accredited institutions.
  • Professional Development: Programs and classes at little or no cost, including through the Harvard Center for Workplace Development and LinkedIn Learning.
  • Commuting and Transportation: Various commuter options handled through the Parking Office, including discounted parking, half-priced public transportation passes and pre-tax transit passes, biking benefits, and more.
  • Harvard Facilities Access, Discounts and Perks: Access to Harvard athletic and fitness facilities, libraries, campus events, credit union, and more, as well as discounts to various types of services (legal, financial, etc.) and cultural and leisure activities throughout metro-Boston.

Job Function

Information Technology


Department Office Location

USA - MA - Boston


Job Code

I0459P IT Info Security Professnl V


Department

Information Technology | Security


Union

00 - Non Union, Exempt or Temporary


Pre-Employment Screening

Criminal, Identity


Commitment to Equity, Diversity, Inclusion, and Belonging

We are committed to cultivating an inclusive workplace culture of faculty, staff, and students with diverse backgrounds, styles, abilities, and motivations. We appreciate and leverage the capabilities, insights, and ideas of all individuals. Harvard Medical School Mission and Community Values

https://hms.harvard.edu/about-hms/campus-culture/mission-community-values-diversity-statement


EEO Statement

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, gender identity, sexual orientation, pregnancy and pregnancy-related conditions, or any other characteristic protected by law.


LinkedIn Recruiter Tag (for internal use only)

#LI-DK1


Similar Positions