Search for staff jobs. You will create a profile with your first application submission. Questions? Ask HR.

Information Security Architect

  • Requisition no: 501971
  • Work type: Full Time
  • Location: Medical Center
  • School/Department: CUIMC IT
  • Grade: Grade 107
  • Categories: Information Technology
  • Job Type: Officer of Administration
  • Bargaining Unit:
  • Regular/Temporary: Regular
  • End Date if Temporary:
  • Hours Per Week: 35
  • Salary Range: Commensurate with experience

Position Summary

Reporting to the Chief Information Security Officer of Columbia University Irving Medical Center (CUIMC); the Information Security Architect will be a senior technical individual contributor and act as a member of the information security leadership team. The Information Security Architect will have a significant impact on new initiatives, such as the rapid adoption of cloud platforms and infrastructure, and existing processes and security architecture, far into the future of the Medical Center.   As this is a new position for CUIMC you will have the opportunity to shape the position and responsibilities as well.


  • Driving CUIMC security technology strategy, and influence overall IT strategy, across the medical center 15%

  • Aligning standards, frameworks and security with overall business and technology strategy  10%

  • Creating solutions that balance business requirements threat mitigation, and compliance requirements in an effort to provide effective, efficient, and appropriate risk mitigation  10%

  • Researching, evaluating, piloting and recommending new technologies for potential implementation, and existing technology for continued efficacy  10%

  • Working with the security leadership team to develop - and monitor the success of - the systems supporting the information security program (ex: network monitoring and response, log management/SIEM, advanced endpoint security, multi-factor authentication); providing security architecture and design guidance for major IT initiatives from project inception to service rollout (ex: Office365 implementation, enterprise VDI, AWS)  10%

  • Understanding all the layers of CUIMC key systems, from layer 2 network to virtualized systems infrastructure to top level application stack as well as complex technical interdependencies, and understands the implications and enterprise impact of system failure and key CUIMC data  5%

  • Understanding technology-dependent key business processes and the security issues that can occur from complex people and process interactions  5%

  • Keeping current on attack trends and security threats - technical, social, and any combination therein; prioritizing, escalating and communicating shifts in threat actors appropriately  5%

  • Keeping current on security architecture implications of relevant regulatory requirements (ex: HIPAA, PCI, New York State regs)  5%

  • Reviewing and interpreting data use agreements, contracts and regulatory compliance documents, and be able to articulate their technical requirements and security risk implications  5%

  • Supporting Risk Management, Security Operations, and overall IT operations as a senior technical expert  5%

  • Contributing back out to the healthcare, higher education, and broader information security community  5%

  • Providing mentor-ship and coaching to technical security staff as time allows  5%

  • All other duties as assigned  5%

Minimum Qualifications

  • Bachelor's degree and/or its equivalent required. Advanced degree desirable.  Minimum 7 years of related experience.

Preferred Qualifications

  • Although not a data steward the Architect must know what our key data is, where it comes from, where it is going, and where our key risks are

  • Excellent knowledge of core information security principles, their applicability, and common tradeoffs.  An ability to prioritize and judge those tradeoffs within the context of an academic medical center and the strict operational requirements of providing world-class patient care

  • Excellent critical and lateral thinking skills.  Willingness and ability to perform in-depth research and pore over – and critically assess – any technology or process that comes to them. The architect must be absolutely unwilling to accept "I don't know how that works", "because that's the way it's always been done", or “that’s how the government and 12 other schools do it" as justification for insecure system design. They must also be critical of security systems, vendors, and their peers, and be able to bust FUD (Fear, Uncertainty, and Doubt) whenever necessary

  • Broad generalized technical background, and extensive understanding of a number of technical domains (ex: operating systems, networks, web applications, databases).  Good understanding of secure systems design, and secure software development; network protocols and network design; most major operating systems with in-depth expertise of at least one

  • Passion for understanding technology and experience doing so.  The architect must be obsessed with understanding what makes things tick, preferably so they can figure out how to make them stop ticking and help design around discovered weaknesses. They must a data-driven, evidence-based decision zealot

  • Excellent written and verbal communication skills, willingness and ability to debate complex security issues and defend positions with evidence

  • Demonstrated ability to work in a fast-paced, deadline driven environment

  • Ability to work with changing priorities and with multiple projects

  • Ability to be precise and attentive to detail is essential

  • Ability to work with minimal supervision

  • Ability to work weekend and off-hour work on occasion

  • In-depth knowledge of security-related protocols (ex: SAML, SSL/TLS,) and common network security technologies.  In-depth experience of at least one open-source or commercial product in each (ex: firewall, network DLP, IDS/IPS, SIEM)

  • Knowledge of common server and endpoint security technologies and built-in capabilities (ex: AV, EDR, endpoint DLP, permissions, app whitelisting)

  • General understanding of different kinds of encryption, how they work, and which types of encryption are useful against various threat and compliance scenarios

  • General understanding of fundamentals of identity and access management

  • Good understanding of cloud technology overall, the different challenges of SaaS vs PaaS vs IaaS.  Experience dealing with CASBs.  In-depth knowledge of common SaaS providers and at least one IaaS provider preferred.   Understanding of security advantages and risks of cloud computing

  • Social Engineering (aka "people skills").  Ability to sit with front-line engineers for two weeks to tease out technical details, then turnaround and sit with executive management for two hours to abstract out key concepts from their findings

  • Experience working in a HIPAA/HITECH/OMNIBUS-regulated environment. Functional knowledge of other relevant compliance regulations (PCI, FERPA, Data Breach Acts, FISMA) and security standards (HITRUST, PCI-DSS, ISO 27001/2, NIST).  Experience working in an academic medical center or hospital environment a plus

  • Threat-based mindset and general belief that security systems exist primarily to protect the organization and community from malicious actors.  This requires an understanding of common threats, attacker behavior and motivations, and general trends in the security threat landscape.  Strategic thinking.   Ability to envision a future architectural state that supports our goals and principles; realistically estimate the time, money, and effort it will take to achieve that state; and lead the effort to make those changes

  • Risk-oriented mindset and good understanding of risk management.  Understanding of risk quantification preferred but not required

  • Presence in information sharing/trust communities – public or private


Equal Opportunity Employer / Disability / Veteran

Columbia University is committed to the hiring of qualified local residents.

Applications open: Eastern Daylight Time
Applications close:

Back Apply Share

Share this via:

| More
Back to Top