Information Security Architect

POSITION OVERVIEW

The Information Security Architect brings an innovative, hands-on approach in analyzing information security systems and applications, recommending and identifying security measures to protect information against unauthorized data modification, access control, intrusion detection, malware protection, incident response, security engineering, and development and implementation of security policies and procedures are some of the areas that this position engages in on a regular basis.

Diversity, Equity, and Inclusion Statement

At NBME ®, we continue to innovate and improve how we fulfill the evolving needs of the health care community. This commitment starts and ends with the people at NBME. By recruiting and empowering talented individuals from various disciplines and backgrounds, which includes professionals with diverse life experiences, abilities, and perspectives, NBME can take a well-informed, robust approach to advancing medical education and assessment for years to come. We also continue to focus on ensuring that our DEI work is impactful and ingrained in everything we do, including with our staff, workplace culture, products and services, the Philadelphia community and the broader medical education landscape.

RESPONSIBILITIES

• Function as the subject matter expert for incident response, investigations, formal general controls audits of critical systems both within the organization and at third party vendors covering the entire ISO Open Systems Interconnection model, as well as digital forensics. Requires an understanding of attack vectors, current threats, and remediation strategies combined with experience developing incident response and investigative practices and procedures.
• Work with Solutions Architects in Information Technology and liaise with various other stakeholders and areas of the organization to ensure the appropriate level of security controls are in place to meet the needs of the business, the requirements of regulatory bodies, and industry best practice. Educate and communicate security requirements and procedures to employees.
• Serve as security architect for enterprise level infrastructure and application software projects. Design security models and educate stakeholders on the creation of threat models and review for appropriate security controls.
• Participate in defining security requirements and evaluate, from a security perspective, the following: private, public and hybrid cloud computing platforms, endpoint threat detection software, authentication mechanisms, etc. to protect the infrastructure and its confidential data.
• Continuously evaluate and assess the infrastructure and data to identify vulnerabilities caused by weaknesses in the configuration of the software or hardware that could expose the computing environment and data to a security breach. Make recommendations to improve security based on assessments, security audits and knowledge of current and emerging threats. Quantify security risks to the business.

DELIVERABLES (IF APPLICABLE)

• Lead and develop security design and reference architecture on large enterprise projects.
• Lead the implementation and review of various areas of the information security program strategy, policy, processes and technologies.
• Develop strategies and plans to enforce security requirements to address identified risks. Provide guidance and direction on best practices for the protection of information.
• Perform threat models for internal and external systems (e.g., cloud services) and ensure the appropriate controls are designed into the services.
• Perform internal and external security assessments to validate the presence and effectiveness of security measures. Identify and make recommendations for improvements and enhancements address security weaknesses.
• Research, evaluate, design, recommend and plan the implementation of new security controls to reduce the risk of data loss. Preemptively counter the possibility of system breach through unauthorized access of data.
• Provide written analysis on security scenarios and recommended next steps.

QUALIFICATIONS

Skills and Abilities

• Experienced with incident response, security investigations, and digital forensics.
• Understanding and knowledge of SIEM, endpoint protection, network layer security, application layer security, and cloud security, including authentication and encryption mechanisms.
• Keeps abreast of current and emerging security technologies and threats.
• Excellent written and verbal communication and presentation abilities.
• Orchestration of high priority security initiatives across multiple layers of management and heterogeneous departments.
• A self-starter who is able to perform independent research to support critical security decisions and to keep stakeholders informed of industry security trends

Experience

• 10 years of experience

Education

• Bachelor's degree in an information technology related field or a combination of equivalent education and experience
• CISSP required. CISA, CCSK desirable

About NBME:

NBME offers a versatile selection of high-quality assessments and educational services for students, professionals, educators, regulators and institutions dedicated to the evolving needs of medical education and health care. To ensure our assessments meet the highest standards of quality, stay relevant and align to the current curriculum in medical schools and training programs, we rely on a wide network of collaborators. These include the volunteers who help develop our exam questions, the committees and panels who represent various groups within the medical education community, external researchers and health profession organizations.

We are committed to meeting the needs of educators and learners globally with assessment products and expert services such as NBME® , , s, the ® Program and . Together with the Federation of State Medical Boards, NBME develops and manages the , which measures the ability to apply knowledge and skills that form the basis of safe and effective patient care. Our Competency-based Assessment unit is focused on new methods as well as the optimization of assessment in the workplace and education.

As a result of leadership in ongoing research, innovative measurement practices and the exploration of forward-thinking assessment modalities and improvements, NBME advances assessment science. Our grant and funding opportunities further support this dedication to medical education and assessment science. We help develop the next generation of assessment professionals through our . Through the , and , researchers and educators can continue to improve the assessment of health care professionals around the world.

NBME views diversity, equity and inclusion (DEI) as foundational and enduring to our strategy and vision. We continue to focus on ensuring that our DEI work is impactful and ingrained in everything we do, including with our staff, culture, products and services, the Philadelphia community and the broader medical education landscape. Our commitment manifests in our hiring and staff development, recruitment for committees, grants programs, design and review of our assessments, and involvement in our local and national communities.

Learn more about NBME at .

The NBME offers competitive salaries, excellent benefits, and a rewarding work environment. Excellent Benefits include: Healthcare, Dental, Prescription, and Vision plans; 401(k) w/match; Retirement Income Plan, Tuition Reimbursement Plan, Commuter Benefit: Public Transit or Parking options. Remote Friendly Workplace.

COVID-19 Considerations:

Being fully vaccinated against COVID-19 is a condition of employment, subject to potential reasonable accommodations for legitimate medical or religious reasons which prevent such vaccination. Applicants who have received a conditional offer of employment will be requested to provide information about their COVID-19 vaccination status.

NBME is an EEO employer as defined by the EEOC.