Job Description

IS Security Architect

Cancer care is all we do

Hope in healing

Cancer Treatment Centers of America® (CTCA®) takes a unique and integrative approach to cancer care. Our patient-centered care model is founded on a commitment to personalized medicine, tailoring a combination of treatments to the needs of each individual patient. At the same time, we support patients’ quality of life by offering therapies designed to help them manage the side effects of treatment, addressing their physical, spiritual and emotional needs, so they are better able to stay on their treatment regimens and get back to life. At the core of our whole-person approach is what we call the Mother Standard® of care, so named because it requires that we treat our patients, and one another, like we would want our loved ones to be treated. This innovative approach has earned our hospitals a Best Place to Work distinction and numerous accreditations. Each of us has a stake in the successful outcomes of every patient we treat.

Job Description:

Job Overview

The Information Security Architect plays an integral role in defining and assessing CTCA’s strategy, architecture and practices. The Security Architect will be required to effectively translate business objectives and risk management strategies into specific information security processes enabled by information security technologies and services. Works closely with Information Services, Compliance, and Information Owners to identify appropriate solutions, related risks and the appropriate strategies to accept, transfer, reduce, or mitigate risk.  The Security Architect advocates for security requirements and objectives with these constituencies, while ensuring that security architectures and practices do not impede the needs of the business.

Job Responsibilities

10% Develop and maintain a security architecture process that enables CTCA to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers. Validates IS infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce or address risks, where applicable.

15% Develops security strategy plans and roadmaps based on sound enterprise architecture practices and maintains security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations. Tracks developments and changes in the technology and threat environments to ensure that they're appropriately addressed in security strategy plans and architecture artifacts.

15% Participate in application and infrastructure projects to provide security-planning advice. Liaise with other Stakeholders to conduct security assessments of existing and prospective vendors, especially those with which CTCA shares or consider sharing sensitive or protected data.  Evaluate the statements of work (SOWs) for these providers to ensure that adequate security protections are in place. Assess the providers' SSAE 18 SOC and HITRUST reports for security-related deficiencies and required "user controls" and report any findings to the CISO and vendor management teams.

5% Review security policies and draft security procedures to be reviewed and approved by the Chief Information Security Officer (CISO). Liaise with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs.

20% Conduct or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application. Coordinate with biomedical and site management teams to assess the security of biomedical technology (BMET), operational technology (OT), and Internet of Things (IoT) systems Review network segmentation to ensure least privilege for network access. Validates security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and anti-malware/endpoint protection systems. Validate a complete, accurate and valid inventory of all systems, infrastructure and applications that should be logged by the security information and event management (SIEM).

10% Coordinate with Compliance office to document data flows of sensitive information within CCTA (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization). Develop practices for data encryption and tokenization at CTCA, based on CTCA's data classification criteria.

10% Coordinate with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices to the CISO. Supports the testing and validation of internal security controls, as directed by the CISO.

15% Review security technologies, tools and services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics. Update the taxonomy of indicators of compromise (IOCs) and share this detail with other Information Security colleagues Information Technology Stakeholders. Liaise with other information technology and security practitioners to share best practices and insights.

Skills, Education and Additional Information

  • Four-year university degree or college diploma in the field of Information Security, Computer Science, Information Systems or related field is required. 

  • Preferred experience in using security architecture methodologies such as SABSA, Zachman and/or TOGAF.

  • Direct, hands-on experience or strong working knowledge of managing security infrastructure - e.g., firewalls, IPS, web application firewalls (WAFs), endpoint protection, SIEM, and DLP technology as well as vulnerability and configuration management tools.

  • Verifiable experience or strong working knowledge of manual or technical reviewing application code for security vulnerabilities.

  • Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.

  • Experience designing the deployment and management of applications and infrastructure into public cloud services.

  • Full-stack knowledge of IT infrastructure including securing: Applications, Databases, Operating systems (Windows, Unix/Linux and Mac), Hypervisors, IP networks (WAN and LAN), Storage networks, CI/CD pipelines, Backup networks and media, and  Containers/Kubernetes

  • Direct experience or strong working knowledge of designing IAM technologies and services using: Active Directory, Azure Active Directory, Lightweight Directory Access Protocol (LDAP), Privileged Access Management, Multifactor Authentication, and Amazon Web Service (AWS) IAM

  • Strong working knowledge of IT service management (e.g., ITIL-related disciplines): Asset management, Configuration management, Incident management, Problem management, Change management, and Vendor/Supplier Management.

  • Business related skills in strategic planning, communication, financial analysis, and project management.

Knowledge and understanding of relevant:

  • Legal and regulatory requirements including HIPAA, HITECH, CMS, and PCI-DSS

  • Standards and frameworks including ITIL and NIST

  • Privacy and data protection practices including CCPA and GDPR,

  • Security architecture frameworks such as SABSA or TOGAF

  • Professional security management certification, such as a ISC2’s CISSP, ISACA’s CISA, CRISC or CISM, SANS GDSA, Open Group TOGAF or other similar credentials, is desired.  SABSA Foundation, Practitioner and or Master preferred.

  • Demonstrate the following key behaviors and competencies: adaptability, business acumen, openness to learning, and conceptual thinking.

  • Ability to develop strong working relationships and compromise, persuade and negotiate effectively.

  • Self-motivated with ability to prioritize multiple objectives under tight deadlines and ability to work independently with little to no oversight.

We win together

Each CTCA employee is a Stakeholder, driven to make a true difference and help win the fight against cancer. Each day is a challenge, but this unique experience comes with rewards that you may never have thought possible. To ensure each team member brings his or her best self, we offer exceptional support and immersive training to encourage your personal and professional growth. If you’re ready to be part of something bigger and work with a passionate, dynamic group of care professionals, we invite you to join us. 

Visit: to begin your journey.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online