Information Security Architect

POSITION OVERVIEW

The Information Security Architect brings an innovative, hands-on approach in evaluating and solutioning information security controls, recommending and identifying security measures to protect information against unauthorized data modification and exposure, access control, intrusion detection, malware protection, incident response, security engineering, are some of the areas that this position engages in on a regular basis.

Diversity, Equity, and Inclusion Statement

At NBME ®, we continue to innovate and improve how we fulfill the evolving needs of the health care community. This commitment starts and ends with the people at NBME. By recruiting and empowering talented individuals from various disciplines and backgrounds, which includes professionals with diverse life experiences, abilities, and perspectives, NBME can take a well-informed, robust approach to advancing medical education and assessment for years to come. We also continue to focus on ensuring that our DEI work is impactful and ingrained in everything we do, including with our staff, workplace culture, products and services, the Philadelphia community and the broader medical education landscape.

RESPONSIBILITIES

• Work with Solutions Architects in Information Technology and liaise with various other stakeholders and areas of the organization to ensure the appropriate level of security controls are in place to meet the needs of the business, the requirements of regulatory bodies, and industry best practices.

• Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data. Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately. Requires an understanding of attack vectors, current threats, and remediation strategies.

• Serve as security architect for enterprise level infrastructure and application software projects. Develop architecture patterns and security approaches to new technologies. Design security models and educate stakeholders on the creation of threat models and review for appropriate security controls.
• Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines.
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan, including quantifying risk to the business.
• Serve on various governance teams with a focus on DevSecOps and Cloud Security to ensure security is appropriately integrated and aligned with best practices.
• Keeps abreast of current and emerging security technologies and threats.

DELIVERABLES (IF APPLICABLE)

• Lead and develop security design and reference architecture on large enterprise projects.
• Develop strategies and plans to enforce security requirements to address identified risks. Provide guidance and direction on best practices for the protection of information.
• Perform threat models for internal and external systems (e.g., cloud services) and ensure the appropriate controls are designed into the services.
• Research, evaluate, design, recommend and plan the implementation of new security controls to reduce the risk of data loss. Preemptively counter the possibility of system breach through unauthorized access of data.
• Provide written analysis on security threats and recommended next steps.

QUALIFICATIONS

Skills and Abilities

• Knowledge of the application firewall concepts and functions (e.g., single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).
• Ability to design architectures and frameworks.
• Knowledge of remote access technology concepts.
• Excellent written and verbal communication and presentation abilities.
• Orchestration of high priority security initiatives across multiple layers of management and heterogeneous departments.
• A self-starter who is able to perform independent research to support critical security decisions and to keep stakeholders informed of industry security trends.
• Ability to quickly come up to speed on the cyber security aspects of new platforms you many not have experienced before

Experience

• 10 years of experience; minimum of 5 years in cyber security.
• Recent experience with reviewing AWS/Azure security, including authentication, identity configuration, key management systems, and API security is preferred.

Education

• Bachelor's degree in an information technology related field or a combination of equivalent education and experience.
• CISSP required. AWS SA, CCSK or similar certification desirable

About NBME:

NBME offers a versatile selection of high-quality assessments and educational services for students, professionals, educators, regulators and institutions dedicated to the evolving needs of medical education and health care. To ensure our assessments meet the highest standards of quality, stay relevant and align to the current curriculum in medical schools and training programs, we rely on a wide network of collaborators. These include the volunteers who help develop our exam questions, the committees and panels who represent various groups within the medical education community, external researchers and health profession organizations.

We are committed to meeting the needs of educators and learners globally with assessment products and expert services such as NBME® Subject Examinations, Customized Assessment Services, Self-Assessments, the International Foundations of Medicine® Program and Item Writing Workshops. Together with the Federation of State Medical Boards, NBME develops and manages the United States Medical Licensing Examination®, which measures the ability to apply knowledge and skills that form the basis of safe and effective patient care. Our Competency-based Assessment unit is focused on new methods as well as the optimization of assessment in the workplace and education.

As a result of leadership in ongoing research, innovative measurement practices and the exploration of forward-thinking assessment modalities and improvements, NBME advances assessment science. Our grant and funding opportunities further support this dedication to medical education and assessment science. We help develop the next generation of assessment professionals through our Summer Psychometric Internship Program. Through the Stemmler Fund, Strategic Educators Enhancement Fund and Latin America Grants Program, researchers and educators can continue to improve the assessment of health care professionals around the world.

NBME views diversity, equity and inclusion (DEI) as foundational and enduring to our strategy and vision. We continue to focus on ensuring that our DEI work is impactful and ingrained in everything we do, including with our staff, culture, products and services, the Philadelphia community and the broader medical education landscape. Our commitment manifests in our hiring and staff development, recruitment for committees, grants programs, design and review of our assessments, and involvement in our local and national communities.

Learn more about NBME at NBME.org.

The NBME offers competitive salaries, excellent benefits, and a rewarding work environment. Excellent Benefits include: Healthcare, Dental, Prescription, and Vision plans; 401(k) w/match; Retirement Income Plan, Tuition Reimbursement Plan, Commuter Benefit: Public Transit or Parking options. Remote Friendly Workplace.

NBME is an equal opportunity employer as defined by the EEOC.