IT Security Architect

RemoteRemotemid

EngineeringSecurity

0 views0 saves0 applied

Apply Now

Quick Summary

Key Responsibilities

Owns the enterprise security architecture and multi year roadmap, defining target state designs, security standards,

Requirements Summary

The Information Security Architect serves as the deputy leader for the Information Security program and is responsible for designing, implementing,

Technical Tools

EngineeringSecurity

Vail Health has become the world’s most advanced mountain healthcare system. Vail Health consists of an updated 520,000-square-foot, 56-bed hospital. This state-of-the-art facility provides exceptional care to all of our patients, with the most beautiful views in the area, located centrally in Vail. Learn more about Vail Health here.

Some roles may be based outside of our Colorado office (remote-only positions). Roles based outside of our primary office can sit in any of the following states: AZ, CO, CT, FL, GA, ID, IL, KS, MA, MD, MI, NC, NJ, OH, OR, PA, SC, TN, TX, UT, VA, WA, and WI. Please only apply if you are able to live and work primarily in one of the states listed above. State locations and specifics are subject to change as our hiring requirements shift.

About the opportunity:

The Information Security Architect serves as the deputy leader for the Information Security program and is responsible for designing, implementing, and maintaining the organization’s enterprise security architecture to ensure the confidentiality, integrity, and availability of systems and data. This role owns security architecture and provides hands‑on guidance across Identity & Access Management (IAM/IGA/PAM), Security Operations (SIEM/XDR), Governance, Risk & Compliance (GRC), Cloud and Network Security, Security Automation, Incident Response, and Data Security & Access Governance. The Security Architect leads efforts to identify, assess, and mitigate security risks across infrastructure, applications, and enterprise systems; defines reference architectures and security guardrails; and drives zero‑trust adoption. Working closely with IT, compliance, and business stakeholders, this role integrates secure‑by‑design practices and enables proactive defense strategies aligned with organizational objectives and regulatory requirements, including those applicable to regulated healthcare environments (HIPAA, HITECH, HITRUST).

What you will do:

Owns the enterprise security architecture and multi year roadmap, defining target state designs, security standards, and investment priorities; acts as a trusted advisor to executive leadership and drives cross functional delivery across IT, cloud, and product teams.
Establishes and governs enterprise identity, access, and data protection strategy, including SSO/MFA, federation (SAML, OIDC, OAuth), RBAC/ABAC, IGA lifecycle automation, privileged access management (PAM), and secrets and certificate management—enforcing least privilege and zero standing access at scale.
Defines and executes cloud security strategy across Azure and AWS by designing secure landing zones and zero trust guardrails; implements and operationalizes CSPM, CWPP, and CIEM capabilities to continuously reduce cloud risk and misconfiguration exposure.
Leads network and Zero Trust architecture modernization, including micro segmentation, NAC, next generation firewalls, secure remote access, and policy enforcement; delivers measurable isolation of critical systems and reduction of lateral movement risk.
Elevates security operations architecture and detection strategy, shaping SIEM and XDR correlation across endpoint, identity, email, cloud, and network telemetry; optimizes signal to noise, detection fidelity, and mean time to detect and respond (MTTD/MTTR).
Owns incident response architecture and organizational readiness, developing playbooks for containment, eradication, and recovery; ensures forensic readiness; leads post incident executive reviews and drives durable control improvements aligned to root cause analysis.
Scales security automation and orchestration through SOAR and API driven integrations, automating high impact detections, incident response workflows, access reviews, and vulnerability and patch pipelines; maintains policy as code and audit ready evidence collection.
Hardens enterprise email and social engineering defenses, enforcing DMARC, DKIM, and SPF, advanced BEC protections, and SEG/SASE integrations; analyzing attack trends to inform preventative controls and security awareness initiatives.
Owns enterprise vulnerability and patch governance, implementing risk based prioritization, remediation SLAs, executive dashboards, and validation of fixes; partners with Infrastructure and Cloud teams to continuously improve hardening baselines and exposure metrics.
Embed governance, risk, and compliance requirements into security architecture, aligning designs to HIPAA, HITECH, HITRUST, NIST CSF and 800 series controls, CIS Controls, and ISO 27001; delivering defensible metrics and board level reporting.
Applies healthcare specific security patterns for PHI, EMR/EHR platforms, and connected clinical devices, ensuring secure data flows, strong segmentation, and protection of patient care networks where applicable.
Leads security platform and vendor strategy, including evaluation and proof of value, selection, enterprise rollout, and optimization of EDR/XDR, SIEM, IAM/IGA/PAM, and cloud security platforms; demonstrate measurable risk reduction and return on security investment.

This description is not intended and should not be construed to be an exhaustive list of all responsibilities, skills and efforts or work conditions associated with the job. It is intended to be an accurate reflection of the general nature and level of the job.

What you will need:

Experience:

Five years of experience in Information Technology required (multiple areas preferred). 
Three years of experience in healthcare information security preferred.  
Demonstrated knowledge of Network Hardware Configuration, Network Protocols, Information Security requirements for healthcare, and policy creation required.  
Demonstrated knowledge of EMR products preferred.