Senior InfoSec Architect

Harvard Medical School

Boston, MA

ID: 7232768 (Ref.No. hh-65408BR)
Posted: March 28, 2024

Job Description

Position Description
The Senior Information Security Architect is a pivotal role focused on safeguarding the data and IT infrastructure of Harvard Medical School and Harvard School of Dental Medicine from cyber threats. This professional is responsible for the architectural design, implementation, and ongoing enhancement of security solutions. The role demands a sophisticated understanding of HMS and HSDM IT systems, a forward-thinking approach to threat detection and mitigation, and effective collaboration across various departments. This role will closely partner with others across HMS IT and Security to further enable the HMS mission through implementing an effective security eco-system.

Key Responsibilities:
  • Security Strategy Development: Lead the creation and execution of a strategic, comprehensive enterprise information security architecture and design methodology to ensure the protection of information assets.
  • Secure Architecture Assessment: Assess current systems and platforms in place for risk assessment/recommendations based on current systems and programs.
  • Security Architecture Design: Design and implement secure systems and networks, ensuring they fulfill technical and functional security requirements.
  • Secure SDLC Design: Integrate security best practices and methodologies through all phases of the Software Development Life Cycle (SDLC) to ensure secure design, development and deployment of applications.
  • Compliance and Standards: Work with compliance and risk teams to ensure industry standards and regulatory requirements such as ISO 27001, GDPR, HIPAA, SOC 2, etc.
  • Threat Modeling: Lead the design and implementation of a threat-modeling program at HMS. Conduct detailed threat modeling to identify potential security issues and vulnerabilities, developing strategies to counteract these risks.
  • Penetration Testing: Coordinate and execute penetration testing activities to proactively discover and rectify security weaknesses within the organization's IT environment.
  • Building and Maintaining Security Asset Management Platform: Develop and sustain an integrated security asset management platform to ensure a comprehensive understanding and management of all security-related assets. This includes inventory tracking, security posture assessment, and lifecycle management to enhance the organization's security framework.
  • Emerging Technology Monitoring: Keep abreast of the latest security technologies and trends, along with potential threats, to continuously improve the security stance of the organization.
  • Stakeholder Collaboration: Work closely with IT, compliance, and business units to ensure security measures are aligned with business objectives and operational needs.
Basic Qualifications
  • Minimum of seven years’ post-secondary education or relevant work experience
Additional Qualifications and Skills
  • Minimum of 5-7 years experience in an information security role, with at least 2-3 years in security architecture or similar capacity.
  • Professional security management certification, such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or equivalent, is highly preferred.
  • Deep knowledge of security protocols, cryptography, authentication, authorization, and overall security.
  • Proficiency in cloud security architecture and mobile security.
  • Expertise in threat modeling, penetration testing, and security asset management.
  • Experience designing and implementing enterprise-wide security programs and frameworks.
  • Excellent verbal and written communication skills, with the ability to effectively communicate security and risk-related concepts to a broad audience.
  • Strong collaboration and influence skills to partner with stakeholders.
  • Demonstrated leadership skills and the ability to mentor team members.
Additional Information
The health of our workforce is a priority for Harvard University. With that in mind, we strongly encourage all employees to be up-to-date on CDC-recommended vaccines.

Please note that we are currently conducting a majority of interviews and onboarding remotely and virtually. We appreciate your understanding.

The Harvard Medical School is not able to provide visa sponsorship for this position.

Not ready to apply? Join our talent community to keep in touch and learn about future opportunities! ( ?formID=16341e35-cbc6-4904-88a3-09b35763307e)
Commitment to Equity, Diversity, Inclusion, and Belonging
We are committed to cultivating an inclusive workplace culture of faculty, staff, and students with diverse backgrounds, styles, abilities, and motivations. We appreciate and leverage the capabilities, insights, and ideas of all individuals. Harvard Medical School Mission and Community Values
EEO Statement
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, gender identity, sexual orientation, pregnancy and pregnancy-related conditions, or any other characteristic protected by law.

Harvard Medical School strives to cultivate an environment that promotes inclusiveness and collaboration among students, faculty and staff and to create new avenues for discussion that will advance our shared mission to improve the health of people throughout the world.