Cybersecurity Architect

Acadia Healthcare is seeking a Cybersecurity Architect to join our team in Franklin, TN!

The first 90 days in this role will be fully in-person to ensure comprehensive onboarding and training. After the initial period, the position will transition to a hybrid model, with 3 days in the office and 2 days remote each week.

PURPOSE STATEMENT :

The Cybersecurity Architect will play a pivotal role in establishing and maintaining a secure and resilient cyber architecture that safeguards Acadia's information assets, systems, and data. This role is responsible for designing, implementing, and enhancing security frameworks and technologies, with a focus on advanced threat detection, secure network design, and resilience in multi-cloud and hybrid environments. The Cybersecurity Architect will partner closely with cross-functional teams to embed security within the company's systems and infrastructure and drive the adoption of best practices to mitigate cyber risks and maintain compliance with industry regulations.

ESSENTIAL FUNCTIONS :

• Architectural Strategy : Develop and drive Acadia's cybersecurity architecture strategy, aligning with organizational goals, industry standards, and regulatory requirements, including those specific to behavioral health.
• Security Framework Design : Lead the design and implementation of security architectures across on-premises, cloud, and hybrid environments, ensuring robust protection against internal and external threats while incorporating Zero Trust principles.
• Risk Management : Identify security risks and gaps in IT systems, conduct risk assessments, and develop a risk management plan to mitigate vulnerabilities.
• Continuous Improvement : Regularly evaluate the security architecture and recommend improvements to address emerging threats, technological advancements, and changing business requirements.
• Secure Configuration Management : Follow best practices in secure configuration management, ensuring security standards are consistently applied across all systems and environments.
• Identity and Access Management (IAM) : Collaborate with IAM and IT teams to integrate secure identity and access management solutions, including single sign-on (SSO), multi-factor authentication (MFA), and privileged access management (PAM).
• Documentation and Standards : Document security systems, configurations, and procedures to maintain consistency and support team training, audits, and incident response.
• Threat Modeling & Detection : Develop threat models and deploy advanced threat detection capabilities to identify potential security gaps. Implement strategies for incident response, security monitoring, and intrusion detection across all layers.
• Network Security : Assist in the design of secure network infrastructures, including firewalls, intrusion prevention systems, and secure network segmentation to protect against unauthorized access and data breaches.
• Data Protection : Establish and enforce data protection protocols, including encryption, secure key management, and data loss prevention (DLP) measures to protect sensitive information and ensure data integrity. Ensure data protection compliance with regulations such as HIPAA, 42 CFR Part 2, GDPR, and CCPA. Develop and enforce comprehensive data privacy protocols.
• Compliance : Ensure the security architecture meets industry regulations such as HIPAA, SOX, and PCI, and adhere to industry standards like NIST and ISO. Implement security policies, controls, and procedures to support compliance efforts.
• Emerging Technology & AI Integration : Assess the impact of emerging technologies, such as AI and machine learning, on cybersecurity. Explore AI-driven solutions for threat detection, predictive analysis, and process optimization.
• Collaboration & Stakeholder Engagement : Work closely with IT, compliance, and business units to align security initiatives with organizational objectives and operational requirements. Work closely with business continuity management (BCM) teams to validate security practices during failover events and ensure resilience. Provide security-planning advice for application and infrastructure projects.
• Performance Metrics & Reporting : Establish key performance indicators (KPIs) for cybersecurity activities, report metrics to stakeholders, and provide actionable insights for continuous improvement.
• Team Leadership & Mentorship : Provide technical guidance to security and IT teams on best practices in secure system design, fostering a culture of security-first development and continuous learning.
• Healthcare Systems Security : Implement and enhance security measures for Electronic Health Record (EHR) systems, medical devices, and Internet of Things (IoT) infrastructure in alignment with healthcare security standards.
• Disaster Recovery and Business Continuity : Develop and maintain robust disaster recovery and business continuity plans, ensuring minimal disruption to critical systems and data in the event of an incident.
• Performance Metrics & Reporting : Establish and track key performance indicators (KPIs) for cybersecurity activities, linking these metrics to business outcomes and compliance requirements. Provide actionable insights to leadership and recommend strategies for continuous improvement.

OTHER FUNCTIONS :

STANDARD EXPECTATIONS :

EDUCATION / EXPERIENCE / SKILL REQUIREMENTS :

LICENSES / DESIGNATIONS / CERTIFICATIONS :

We are committed toprovidingequalemploymentopportunitiestoall applicantsforemploymentregardlessofanindividual'scharacteristicsprotected byapplicable state,federalandlocallaws.

AHCORP

LI-AH