Principal Cybersecurity Architect

Avera Downtown Building-Sioux Falls

Worker Type:

Regular

Work Shift:

Day Shift (United States of America)

Pay Range:

The pay range for this position is listed below. Actual pay rate dependent upon experience.

$121160.00 - $180960.00

Position Highlights

You Belong at Avera

Be part of a multidisciplinary team built with compassion and the goal of Moving Health Forward for you and our patients. Work where you matter.

A Brief Overview

The Principal Cybersecurity Architect at Avera is the senior-most technical authority responsible for defining designing and guiding the enterprise cybersecurity architecture across the health system including hospitals clinics senior care home health and payer operations. This role ensures that cybersecurity architecture principles frameworks and reference models support business strategy safeguard patient safety comply with regulatory requirements (HIPAA OCR CMS) and enable secure digital transformation. The Principal Architect partners closely with IT Infrastructure Data Analytics IT Architecture Network Engineering Clinical Engineering DevOps and Application teams to design secure resilient scalable solutions and serve as a key advisor to the CISO and senior leadership.

What you will do

• Enterprise Security Architecture & Strategy: Develop and maintain the Enterprise Security Architecture Blueprint including reference architectures for cloud on-prem hybrid and edge environments (clinical devices IoT). Establish and champion Zero Trust Architecture across identity network endpoint and application workloads. Define long-term security technology roadmaps aligned with organizational strategy and cybersecurity maturity goals. Translate business requirements into security architecture requirements for new systems acquisitions and enterprise initiatives.
• Cloud & Infrastructure Architecture: Lead secure architecture for Azure AWS and SaaS platforms ensuring proper identity segmentation encryption workload isolation and secure configuration baselines. Partner with Infrastructure/Network teams to design micro-segmentation firewall policies SD-WAN security and secure remote access solutions.
• Clinical & Enterprise Systems Security: Develop secure design guidelines for EHR (Epic) PACS VDI data platforms IoMT/biomedical devices and other clinical technologies. Collaborate with Clinical Engineering to ensure IoMT vulnerabilities patching constraints device segmentation and lifecycle management align with enterprise security controls. Validate security of vendor integrations APIs and interfaces with PHI flows.
• Security Controls Standards & Governance: Define enterprise security standards patterns and reusable control templates (NIST CSF NIST 800-53 CIS). Review and approve all high-risk architecture designs cloud deployments and technical exceptions. Oversee threat modeling and secure design reviews for major projects. Maintain architecture governance processes and ensure alignment with GRC and compliance requirements.
• Threat Modeling & Risk Reduction: Conduct threat modeling on new solutions and major system changes using frameworks such as STRIDE MITRE ATT&CK and DREAD. Provide expert-level guidance on attack paths privilege escalation risks identity architecture weaknesses and compensating controls. Work closely with the SOC and Incident Response teams to design detection and response visibility into new architectures.
• M&A Vendor Due Diligence and Third-Party Integrations: Lead technical due diligence for acquisitions affiliation partners and new clinical applications. Evaluate vendor security architecture API exposure access models and integration risks. Ensure third-party environments meet enterprise security architecture requirements before connection or data sharing.
• Leadership Influence & Mentorship: Serve as the technical advisor to the CISO and a trusted consultant to senior IT and business leaders. Mentor security engineers and architects enabling career growth and improving architectural maturity. Communicate complex architectural decisions and risks to executives in clear business terms.

Essential Qualifications

The individual must be able to work the hours specified. To perform this job successfully an individual must be able to perform each essential job function satisfactorily including having visual acuity adequate to perform position duties and the ability to communicate effectively with others hear understand and distinguish speech and other sounds. These requirements and those listed above are representative of the knowledge skills and abilities required to perform the essential job functions. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions as long as the accommodations do not cause undue hardship to the employer.

Required Education License/Certification or Work Experience:

• Bachelors in Cybersecurity Computer Science Engineering Information Systems or a related field.
• 10 years in cybersecurity architecture and engineering with demonstrated leadership.
• Demonstrated experience in a regulated environment (healthcare preferred).
• Deep expertise in: Identity & Access Management (IAM) including Azure AD MFA SSO privileged access. Cloud security (Azure AWS) cloud architecture frameworks and DevSecOps practices. Network security: segmentation firewalls VPN SD-WAN proxies. Application security (API security microservices OWASP Top 10). Endpoint and workload security: EDR/XDR hardening.
• Key Competencies: Strategic thinking and ability to align architecture with business goals. Strong communication skills; ability to simplify complex topics for executives. Analytical mindset with strong problem-solving capabilities. Highly collaborative and consultative working style. Ability to manage multiple high-stake initiatives simultaneously.

Preferred Education License/Certification or Work Experience:

• Masters in Cybersecurity Computer Science Engineering Information Systems or a related field.
• Certified Information Systems Security Professional (CISSP) - International Information System Security Certification Consortium (ISC2)
• Certified Information Security Manager (CISM) - ISACA
• Certified Cloud Security Professional (CCSP) - International Information System Security Certification Consortium (ISC2)
• Sherwood Applied Business Security Architecture (SABSA) - SABSA Institute
• The Open Group Architecture Framework (TOGAF) - Open Group
• Azure - Microsoft or similar vendor-specific cloud architecture certifications.
• AWS - Amazon Web Services or similar vendor-specific cloud architecture certifications.
• Experience in large EHR ecosystems (Epic) and clinical application security.
• Experience designing/implementing Zero Trust in a complex enterprise.
• Hands-on experience with MDR SIEM SOAR PKI data security and secret management tools.
• Strong understanding of HIPAA NIST 800-53 NIST CSF HICP PCI and HITRUST frameworks.

Expectations and Standards

• Commitment to the daily application of Averas mission vision core values and social principles to serve patients their families and our community.
• Promote Averas values of compassion hospitality and stewardship.
• Uphold Averas standards of Communication Attitude Responsiveness and Engagement (CARE) with enthusiasm and sincerity.
• Maintain confidentiality.
• Work effectively in a team environment coordinating work flow with other team members and ensuring a productive and efficient environment.
• Comply with safety principles laws regulations and standards associated with but not limited to CMS The Joint Commission DHHS and OSHA if applicable.

Benefits You Need & Then Some

Avera is proud to offer a wide range of benefits to qualifying part-time and full-time employees. We support you with opportunities to help live balanced healthy lives. Benefits are designed to meet needs of today and into the future.

• PTO available day 1 for eligible hires.

• Up to 5% employer matching contribution for retirement

• Career development guided by hands-on training and mentorship

Avera is an Equal Opportunity Employer - Qualified applicants will receive consideration for employment without regard to race color religion sex national origin disability Veteran Status or other categories protected by law. If you are an individual with a disability and would like to request an accommodation for help with your online application please call 1- or send an email to .