Position Purpose
As a member of the global Orion Health Information Security Team, the Information Security Architect will support the Information Security strategy through the implementation, integration and maintenance of application and infrastructure security. In addition to this, the role takes part in ensuring “secure-by-design” practices in support of Cybersecurity best practices and Orion Health policies and processes, as well as applicable industry regulations and standards.
Success in this Role looks like...
- Security and IT tools are used appropriately to prevent and detect key technical risks to the enterprise
- Security projects are delivered with security solutions within agreed upon timeframes
- Successful delivery and maintenance of Orion Health’s security controls, capabilities and compliance levels
- Products and services are secure by design through efficient processes and collaboration with development and
- deployment teams
- Product risks are identified and appropriately mi/gated through secure solutions
- Security gaps that are beyond an acceptable risk threshold are managed
- Identified development opportunities and training are undertaken to progress as a Cybersecurity professional
Business Unit
Security and Assurance – Information Security team
The Information Security Team contributes to Orion Health’s success by providing services to Orion Health to preserve the Confidentiality, Integrity and Availability of Orion Health Information assets and systems.
Key Relationships
• Internal: Chief Information Security Officer, Cybersecurity Officer, Information Security Team; Professional and Managed Services teams; Assurance team; R&D Product teams; 3rd Party Suppliers
• External: Client, Third Party vendors
Essential Functions
- Work closely with all members of the Security team, provide support to the global Orion Health businesses across multiple /me zones
- Collaborate with customer delivery teams to provide secure solutions for customers
- Interpret complex requirements and implement agreed solutions to address security concerns in a timely manner
- Coordinate with third par/es to organize application and network based penetration testing.
- Help ensure that all newly developed applications are secure and resilient through threat modelling and other risk assessment activity.
- Advise and approve of changes in solutions and architectures for assigned areas from a security perspective.
- Develop repeatable security deployment architectures, working with internal and external partners to ensure that products and services are implemented in a secure manner.
- Function as subject ma[er expert for security and risk management, translating requirements and gaps into meaningful risk management summaries and recommendations.
- Manage third party suppliers, questionnaires and support integrations
- Support security incident response to ensure that they are identified, contained and resolved in a timely manner
- Represent Orion Security while meeting and consulting with clients to describe security practices and advise on security solutions.
- Operate and maintain tools and associated documentation owned by the Security team
- Contribute to the development of security policy and procedures
Behavioural and Technical Capabilities
The successful candidate will possess the following traits:
- Communicates clearly and concisely (spoken, written, presentation)
- Strong interpersonal and consultative skills
- Possesses technical and problem-solving skills
- Analytical problem solving with a drive to build consensus.
- Develops and implements plans to efficiently accomplish goals
- Manages /me effectively
- Drives for solutions even when faced with difficulties and
- setbacks
- Takes initiative to identify and complete tasks in support of team goals
- Works effectively within a team to achieve results Relevant Experience
Knowledge of or demonstrated experience in:
- Operating system, application, network, and database architectures and security controls
- Experience with cloud deployment architectures (e.g. Amazon Web Services or Azure)
- Applica/on and Network penetra/on tes/ng
- Architecting secure solutions in cloud-based environments
- Application vulnerability assessments
- Identifying risks and proposing appropriate controls
- Security compliance testing and risk assessments
- Advanced technical, physical, and administrative controls Preferred experience in:
- STRIDE threat model
- Securing SaaS-based solutions
- Monitoring network and application events
- Incident response protocols
- Security and deploying automation tools
- Analyzing TCP/IP network traffic and event logs
- Security tools such as SIEMs, firewalls, vulnerability scanners, intrusion detection / prevention systems, antivirus
Education and Qualifications
- Bachelor’s degree in Computer Science or equivalent relevant work experience
- 2-5 years of experience in IT
- 2-5 years of experience with cloud services
Desirable:
- Security certifications (e.g., Certified Ethical Hacker, Certified Incident Handler etc)
- Scripting or programming languages
- Experience securing cloud-based solutions
- HIPAA or HITRUST understanding