Principal Cybersecurity Architect

Location: Avera Downtown Building-Sioux Falls Worker Type: Regular Work Shift: Day Shift (United States of America) Pay Range: The pay range for this position is listed below. Actual pay rate dependent upon experience. $121,160.00 - $180,960.00 Position Highlights You Belong at Avera Be part of a multidisciplinary team built with compassion and the goal of Moving Health Forward for you and our patients. Work where you matter. A Brief Overview The Principal Cybersecurity Architect at Avera is the senior-most technical authority responsible for defining, designing, and guiding the enterprise cybersecurity architecture across the health system, including hospitals, clinics, senior care, home health, and payer operations. This role ensures that cybersecurity architecture principles, frameworks, and reference models support business strategy, safeguard patient safety, comply with regulatory requirements (HIPAA, OCR, CMS), and enable secure digital transformation. The Principal Architect partners closely with IT Infrastructure, Data Analytics, IT Architecture, Network Engineering, Clinical Engineering, DevOps, and Application teams to design secure, resilient, scalable solutions and serve as a key advisor to the CISO and senior leadership. What you will do Enterprise Security Architecture & Strategy: • Develop and maintain the Enterprise Security Architecture Blueprint, including reference architectures for cloud, on-prem, hybrid, and edge environments (clinical devices, IoT). • Establish and champion Zero Trust Architecture across identity, network, endpoint, and application workloads. • Define long-term security technology roadmaps aligned with organizational strategy and cybersecurity maturity goals. • Translate business requirements into security architecture requirements for new systems, acquisitions, and enterprise initiatives. Cloud & Infrastructure Architecture: • Lead secure architecture for Azure, AWS, and SaaS platforms, ensuring proper identity segmentation, encryption, workload isolation, and secure configuration baselines. • Partner with Infrastructure/Network teams to design micro-segmentation, firewall policies, SD-WAN security, and secure remote access solutions. Clinical & Enterprise Systems Security: • Develop secure design guidelines for EHR (Epic), PACS, VDI, data platforms, IoMT/biomedical devices, and other clinical technologies. • Collaborate with Clinical Engineering to ensure IoMT vulnerabilities, patching constraints, device segmentation, and lifecycle management align with enterprise security controls. • Validate security of vendor integrations, APIs, and interfaces with PHI flows. Security Controls, Standards & Governance: • Define enterprise security standards, patterns, and reusable control templates (NIST CSF, NIST 800-53, CIS). • Review and approve all high-risk architecture designs, cloud deployments, and technical exceptions. • Oversee threat modeling and secure design reviews for major projects. • Maintain architecture governance processes and ensure alignment with GRC and compliance requirements. Threat Modeling & Risk Reduction: • Conduct threat modeling on new solutions and major system changes using frameworks such as STRIDE, MITRE ATT&CK, and DREAD. • Provide expert-level guidance on attack paths, privilege escalation risks, identity architecture weaknesses, and compensating controls. • Work closely with the SOC and Incident Response teams to design detection and response visibility into new architectures. M&A, Vendor Due Diligence, and Third-Party Integrations: • Lead technical due diligence for acquisitions, affiliation partners, and new clinical applications. • Evaluate vendor security architecture, API exposure, access models, and integration risks. • Ensure third-party environments meet enterprise security architecture requirements before connection or data sharing. Leadership, Influence & Mentorship: • Serve as the technical advisor to the CISO and a trusted consultant to senior IT and business leaders. • Mentor security engineers and architects, enabling career growth and improving architectural maturity. • Communicate complex architectural decisions and risks to executives in clear business terms. Essential Qualifications The individual must be able to work the hours specified. To perform this job successfully, an individual must be able to perform each essential job function satisfactorily including having visual acuity adequate to perform position duties and the ability to communicate effectively with others, hear, understand and distinguish speech and other sounds. These requirements and those listed above are representative of the knowledge, skills, and abilities required to perform the essential job functions. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions, as long as the accommodations do not cause undue hardship to the employer. Required Education, License/Certification, or Work Experience: Bachelor's in Cybersecurity, Computer Science, Engineering, Information Systems, or a related field. 10 years in cybersecurity architecture and engineering, with demonstrated leadership. Demonstrated experience in a regulated environment (healthcare preferred). Deep expertise in: • Identity & Access Management (IAM), including Azure AD, MFA, SSO, privileged access. • Cloud security (Azure, AWS), cloud architecture frameworks, and DevSecOps practices. • Network security: segmentation, firewalls, VPN, SD-WAN, proxies. • Application security (API security, microservices, OWASP Top 10). • Endpoint and workload security: EDR/XDR, hardening. Key Competencies: • Strategic thinking and ability to align architecture with business goals. • Strong communication skills; ability to simplify complex topics for executives. • Analytical mindset with strong problem-solving capabilities. • Highly collaborative and consultative working style. • Ability to manage multiple high-stake initiatives simultaneously. Preferred Education, License/Certification, or Work Experience: Master's in Cybersecurity, Computer Science, Engineering, Information Systems, or a related field. Certified Information Systems Security Professional (CISSP) - International Information System Security Certification Consortium (ISC2) Certified Information Security Manager (CISM) - ISACA Certified Cloud Security Professional (CCSP) - International Information System Security Certification Consortium (ISC2) Sherwood Applied Business Security Architecture (SABSA) - SABSA Institute The Open Group Architecture Framework (TOGAF) - Open Group Azure - Microsoft or similar vendor-specific cloud architecture certifications. AWS - Amazon Web Services or similar vendor-specific cloud architecture certifications. Experience in large EHR ecosystems (Epic) and clinical application security. Experience designing/implementing Zero Trust in a complex enterprise. Hands-on experience with MDR, SIEM, SOAR, PKI, data security, and secret management tools. Strong understanding of HIPAA, NIST 800-53, NIST CSF, HICP, PCI, and HITRUST frameworks. Expectations and Standards Commitment to the daily application of Avera’s mission, vision, core values, and social principles to serve patients, their families, and our community. Promote Avera’s values of compassion, hospitality, and stewardship. Uphold Avera’s standards of Communication, Attitude, Responsiveness, and Engagement (CARE) with enthusiasm and sincerity. Maintain confidentiality. Work effectively in a team environment, coordinating work flow with other team members and ensuring a productive and efficient environment. Comply with safety principles, laws, regulations, and standards associated with, but not limited to, CMS, The Joint Commission, DHHS, and OSHA if applicable. Benefits You Need & Then Some Avera is proud to offer a wide range of benefits to qualifying part-time and full-time employees. We support you with opportunities to help live balanced, healthy lives. Benefits are designed to meet needs of today and into the future. PTO available day 1 for eligible hires. Up to 5% employer matching contribution for retirement Career development guided by hands-on training and mentorship Avera is an Equal Opportunity Employer - Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, Veteran Status, or other categories protected by law. If you are an individual with a disability and would like to request an accommodation for help with your online application, please call 1-605-504-4444 or send an email to talent@avera.org. At Avera, the way you are treated as an employee translates into the compassionate care you deliver to patients and team members. Because we consider health care a ministry, you can live out your faith, uphold the dignity and respect of all persons while not compromising high-quality services. Join us in making a positive impact on moving health forward.

Salary : $121,160 - $180,960