What We Offer As part of our Digital Products and Services team, you will play a critical role in safeguarding our information systems throughout their lifecycle. This includes ensuring compliance, enforcing security principles, and responding effectively to cybersecurity incidents. Under general supervision, the Information Security Architect III develops and implements enterprise-level security architecture and technology solutions to meet current and emerging business needs. You will contribute to the enterprise technical security strategy, analyze industry trends, and design secure systems that protect sensitive data such as PHI, PII, and payment card information. Schedule: 8:00AM – 5:00PM Monday – Friday (On call support required, as needed). Location: Remote Department: Enterprise Technologies Services – Information Security Key Responsibilities + Develop and implement enterprise information security architecture and technology solutions. + Contribute to the technical security strategy based on business trends, compliance standards, and evolving threats. + Conduct research on security topics and present findings through position papers and presentations. + Collaborate with IT teams to ensure security and compliance in enterprise technology initiatives. + Provide technical expertise in planning, designing, implementing, and monitoring IT security systems. + Participate in vendor risk management and serve as a subject matter expert for secure system design. + Develop secure systems and network architectures and assist other teams in securing their designs. + Ensure compliance with corporate security policies, ISO 27001, HIPAA, and other regulations governing PHI, PII, and payment card data. Qualifications + Strong understanding of information security technology, design principles, and industry developments. + Solid technical background to address complex security challenges. + Ability to work independently on most phases of security planning, design, implementation, and monitoring. + Experience with incident response, risk management, and secure architecture design. + Familiarity with regulatory frameworks such as ISO 27001, HIPAA , and data protection standards. What We're Looking For Education: High School or GED required. 4 Year / Bachelors Degree, preferred. Experience: Minimum three years proven information security experience. Minimum five years information system administration, implementation, or design experience. Minimum three years customer service experience, preferred. Licensure/Certification: Security+ or equivalent, required. CASP, SSCP, C|EH, SANS GIAC, CISM, CRISC, CISSP, preferred. Additional Skills/Requirements (required): Able to develop productive working relationships with business and technical groups. Working knowledge of information management systems, data structures, data analysis, and report generation. Functional Knowledge of HIPAA, ISO 27001/27002 framework, NIST Standards, PCI-DSS, and COBIT. Able to effectively communicate with technical and non-technical audiences. Excellent written and verbal communication skills to be able to present to a target audience. High degree of professional poise, presence, and personal integrity. Demonstrated ability to effectively prioritize multiple responsibilities. Takes responsibility and demonstrates ownership of delegated projects, tasks, and issues. Strong attention to detail, communication skills, organization skills, and analytical abilities. Strong understanding of the different layers in the OSI model as well as how they interact. Strong knowledge of security concepts and best practices for technologies including (but not limited to): Microsoft Windows, MS Active Directory, Linux/Unix, Firewalls, MS SQL, routing, logging and monitoring, authentication systems, wireless, IDS/IPS, proxy technologies, remote access solutions (VPN, SSL, IPSEC) with two factor authentication, Citrix, network access control, network security monitoring, traffic analysis, data loss prevention, etc. Ability to analyze and communicate strengths and weaknesses of network technology security solutions, as they relate to performance and cost. Strong technical knowledge of security in more than one of the following areas: applications, server systems, databases, networks, middleware, mobile devices/mobile apps, encryption, web, identity and access management, etc. Technical knowledge of emerging security solutions. Familiarity with the concept of Defense in-depth a must. Intermediate to advanced knowledge of MS Office products and SharePoint. Ability to take direction as well as work with a high degree of independence. Teamwork oriented. Occasional after hours and weekend work required. Ability to drive/travel to multiple locations/facilities as needed. Additional Skills/Requirements (preferred): CASP, SSCP, C|EH, SANS GIAC, or equivalent. One or more additional professional security or technology specific certifications (CISM, CRISC, CISSP, CCSP, CCNP, OSCP, MCITP:EA/SA, MCSE, MCSA, Network+). ITIL Foundation. Experience assessing HIPAA Security Rule controls a plus. Experience evaluating network penetration test results and application security assessments, and vulnerability reports a plus. Ability to negotiate resolutions for conflicting security and business objectives. Previous network and systems architecture experience. Why Choose Novant Health? At Novant Health, we believe remarkable care starts with compassion for our patients, our communities, and each other. We value belonging, courage, personal growth, and teamwork, creating a space where everyone is respected, supported, and safe to show up as their full selves. Job Opening ID 130368