Reporting to the organization's Chief Information Security Officer, the Information Technology (IT) Security Architect supports the overall vision of the Keck Medicine's Information Security Program. The IT Security Architect is a skilled IT professional who uses his/her deep knowledge of the IT environment and a risk-based approach to design and develop complex IT solutions. She/he serves as the primary liaison between the enterprise IT architects and the systems security engineering teams and coordinates with system owners, and stakeholders on the allocation of security controls. The IT Security Architect works in close coordination with the CTO and CISO on security-related issues, including establishing system boundaries, assessing the severity of weaknesses and deficiencies in IT systems, creating, and tracking plans of action and milestones, designing risk mitigation approaches, and advising on potential adverse effects of identified vulnerabilities. This position will lead IT security architecture activities required for the secure design, development, deployment, sustainment and decommissioning of IT systems supporting an academic medical center. He/she ensures the effectiveness of IT security controls throughout a system lifecycle. The IT Security Architect communicates with and educates IT process owners on the importance of controls, leading practices, and effective control alternatives to achieve compliance with Keck Medicine policy and industry or government regulatory requirements to reduce risk.

Essential Duties:

• Develop and direct IT security architecture documentation and ensure privacy, compliance, and security requirements are met within system solution designs. Own and manage all security architecture processes and initiatives.
• Develop, implement, and maintain a strategic and tactical vision for Keck Medicine’s IT system and enterprise architectures, as they relate to information security. Establish plans and procedures for assessment of new requirements and develop appropriate standards. Execute continuous process improvement on established architecture lifecycle processes.
• Assess risk in new architecture designs, ensure related risks are managed to the appropriate level of acceptable residual risk. Track risk throughout system lifecycles.
• Assist in reviewing and assessing security requirement adherence during system acquisition and integration. Evaluate proposed acquisition designs or system development documentation to ensure they are consistent with Keck Medicine’s information security guidelines. Advise customers and stakeholders on security best practices and conduct risk-based analysis of alternatives that balances security, cost and organizational benefit.
• Work closely with users, organizational leaders, and IT colleagues to develop short-term (tactical) and long-term goals and forecasts and associated plans to improve security designs so that they meet anticipated needs. Align department goals with organizational vision and goals; communicate and dialogue with staff and organization regarding organizational services initiatives and to incorporate latest advances in security. Emphasize team and cross-departmental focus and behaviors.
• Coordinate with and advise senior management, CISO and CTO, on security architectures to support information technology (IT) security goals and objectives.
• Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders. Communicate effectively in writing when describing complex information security and IT concepts.
• Collaborate with the CISO to design/integrate an information security strategy that outlines the vision, mission, and goals that align with Keck Medicine’s strategic plans.
• Apply risk-based methods, standards, and approaches for describing, analyzing, and documenting Keck Medicine’s enterprise IT architecture
• Assess and recognize vulnerabilities in security systems and recommend mitigation strategies to reduce risk
• Apply organizational goals and objectives to develop and maintain IT architectures

Required Qualifications:

• Req Bachelor’s Degree Degree in in Computer Science or related field

• Req 5 years Minimum 5 years in Information Security.
• Req 7 years Minimum 7 years of experience in an IT architecture role with strong emphasis on a customer service background (Healthcare and/or Academic industry preferred).
• Req Experience building project teams and driving change within an organization.
• Req Experience meeting corporate policies, procedures and standards and regulatory requirements.

• Req Strong leadership skills with a high level of drive and initiative.
• Req Ability to work with minimal supervision.

Preferred Qualifications:

• Pref Master’s degree in Computer Science, Healthcare or Business preferred
• Pref Some Project Management experience preferred.

Required Licenses/Certifications:

• Req Fire Life Safety Training (LA City) If no card upon hire, one must be obtained within 30 days of hire and maintained by renewal before expiration date. (Required within LA City only)

The annual base salary range for this position is $133,120.00 - $219,648.00. When extending an offer of employment, the University of Southern California considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate’s work experience, education/training, key skills, internal peer equity, federal, state, and local laws, contractual stipulations, grant funding, as well as external market and organizational considerations. Current employees apply here