Director, Information Security Architecture and Solutions

Scheduled Hours

40

Position Summary

The Director of Information Security Architecture and Solutions leads a security architecture and consulting team and is responsible for defining and advancing the institution’s security architecture strategy, providing expert security consulting across clinical care, academic, research, and administrative units, and ensuring that security solutions are effective, scalable, and aligned with institutional goals.

The Director collaborates closely with the Chief Information Security Officer (CISO) and stakeholders across Information Security, Information Technology (IT), and the broader university. This position includes strategic planning, people leadership, and hands-on architectural and solutions consulting work.

Job Description

Primary Duties & Responsibilities:

Leadership and Strategy

• Define and maintain the enterprise security architecture vision and roadmap in alignment with university strategy, IT standards, and clinical care, research, and teaching missions.
• Lead the Security Architecture and Solutions team, including recruiting, mentoring, performance management, and professional development.
• Contribute to information security program strategy and planning with the CISO and other security leaders.

Security Architecture and Design

• Develop and maintain security reference architectures, patterns, and design standards for on-premises, cloud, and hybrid environments.
• Partner with the CTO’s infrastructure teams to ensure secure design and integration of core services (firewall, VPN, EDR, SIEM, IAM, networks, and platforms).
• Review and approve security designs for major technology initiatives, research platforms, and third-party services.

Security Consulting and Engagement

• Provide expert security consulting to IT, research, and business units on new systems, applications, and services.
• Facilitate design workshops and threat modeling to identify and address security risks early in project lifecycles.
• Communicate complex security concepts clearly to technical and non-technical stakeholders.

Risk Assessment and Control Implementation

• Support the GRC team in developing new security risk assessment methods for emerging technologies and new business cases.
• Perform deep technical assessments for custom applications and system configurations.
• Recommend security controls and enhancements to reduce risk while enabling innovation and usability.

Standards, Policies, and Continuous Improvement

• Contribute to the development and enforcement of security architecture standards, guidelines, and patterns.
• Monitor the effectiveness of implemented security controls and recommend improvements.
• Stay current with emerging threats, technologies, and best practices to inform architecture decisions.

Perform other related duties as assigned.

Working Conditions:

Job Location/Working Conditions

• Normal office environment
• Ability to travel to various on- and off-campus locations

Physical Effort

• Typically sitting at desk or table

Equipment

• Office equipment

The above statements are intended to describe the general nature and level of work performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all job duties performed by the personnel so classified. Management reserves the right to revise or amend duties at any time.

Required Qualifications

Education:

Bachelor’s degree or combination of education and/or experience may substitute for minimum education.

Certifications/Professional Licenses:

No specific certification/professional license is required for this position.

Work Experience:

Relevant Information Technology, Including Managing Information Security Teams (7 Years)

Skills:

Not Applicable

Driver's License:

A driver's license is not required for this position.

Preferred Qualifications

Education:

Master's degree

Certifications/Professional Licenses:

Certified Information Security Manager (CISM) - Information Systems Audit and Control Association (ISACA), Certified Information Systems Architecture Professional" (CISAP) - International Information System Security Certification Consortium (ISC2), Certified Information Systems Auditor (CISA) - Information Systems Audit and Control Association (ISACA), Certified Information Systems Security Professional (CISSP) - International Information System Security Certification Consortium (ISC2)

Work Experience:

No additional work experience unless stated elsewhere in the job posting.

Skills:

Analytical Problem Solving, Coaching, Cybersecurity, Employee Development, Employee Management, Goal-Oriented, Goal Setting, Information Technology (IT), Information Technology Security, Interpersonal Communication, Oral Communications, Problem Solving, Project Administration, Technical Projects, Written Communication

Grade

G17