Roles & Responsibilities

Five years of experience in Information Technology
Three years of experience in healthcare information security
Certified Information Systems Security Professional (CISSP) required
Bachelor’s degree in computer science or information systems preferred

Requirements:

Owns the enterprise security architecture and multi-year roadmap, defining target state designs, security standards, and investment priorities; acts as a trusted advisor to executive leadership and drives cross-functional delivery across IT, cloud, and product teams.
Establishes and governs enterprise identity, access, and data protection strategy, including SSO/MFA, federation (SAML, OIDC, OAuth), RBAC/ABAC, IGA lifecycle automation, PAM, and secrets and certificate management.
Defines and executes cloud security strategy across Azure and AWS with secure landing zones and zero-trust guardrails; implements CSPM, CWPP, and CIEM capabilities to continuously reduce cloud risk and misconfiguration exposure.
Leads network and Zero Trust architecture modernization, including micro-segmentation, NAC, next generation firewalls, secure remote access, and policy enforcement; delivers measurable isolation of critical systems and reduction of lateral movement risk.

Vail Health

About Vail Health

Vail Health, formerly Vail Valley Medical Center, is a nonprofit community health care system serving patients and guests from around the world. Locally operated and governed by a volunteer board of directors, Vail Health includes a 56-bed hospital, accredited by the Joint Commission. Our 24/7 emergency department in Vail is a Level III Trauma Center with a nearby helipad for necessary medical transports. Vail Health provides a wide array of services and access points including Beaver Creek Medical Center, urgent care clinics in Vail, Avon and Eagle, our Edwards medical campus, Eagle Healthcare Center and a multispecialty health center in Dillon. Howard Head Sports Medicine offers physical therapy services at 10 locations and works closely with our internationally renowned orthopaedic partners at The Steadman Clinic and Vail-Summit Orthopaedics. In addition, Vail Health's Shaw Cancer Center and Sonnenalp Breast Center are the region’s only fully accredited cancer treatment center and comprehensive breast center.

Company type: Large

Founded: 2018

Company size: 1001 - 5000

Website LinkedIn See all jobs →

Job description

Vail Health has become the world’s most advanced mountain healthcare system. Vail Health consists of an updated 520,000-square-foot, 56-bed hospital. This state-of-the-art facility provides exceptional care to all of our patients, with the most beautiful views in the area, located centrally in Vail. Learn more about Vail Health here.

Some roles may be based outside of our Colorado office (remote-only positions). Roles based outside of our primary office can sit in any of the following states: AZ, CO, CT, FL, GA, ID, IL, KS, MA, MD, MI, NC, NJ, OH, OR, PA, SC, TN, TX, UT, VA, WA, and WI. Please only apply if you are able to live and work primarily in one of the states listed above. State locations and specifics are subject to change as our hiring requirements shift.

About the opportunity:

The Information Security Architect serves as the deputy leader for the Information Security program and is responsible for designing, implementing, and maintaining the organization’s enterprise security architecture to ensure the confidentiality, integrity, and availability of systems and data. This role owns security architecture and provides hands‑on guidance across Identity & Access Management (IAM/IGA/PAM), Security Operations (SIEM/XDR), Governance, Risk & Compliance (GRC), Cloud and Network Security, Security Automation, Incident Response, and Data Security & Access Governance. The Security Architect leads efforts to identify, assess, and mitigate security risks across infrastructure, applications, and enterprise systems; defines reference architectures and security guardrails; and drives zero‑trust adoption. Working closely with IT, compliance, and business stakeholders, this role integrates secure‑by‑design practices and enables proactive defense strategies aligned with organizational objectives and regulatory requirements, including those applicable to regulated healthcare environments (HIPAA, HITECH, HITRUST).

What you will do:

Owns the enterprise security architecture and multi year roadmap, defining target state designs, security standards, and investment priorities; acts as a trusted advisor to executive leadership and drives cross functional delivery across IT, cloud, and product teams.
Establishes and governs enterprise identity, access, and data protection strategy, including SSO/MFA, federation (SAML, OIDC, OAuth), RBAC/ABAC, IGA lifecycle automation, privileged access management (PAM), and secrets and certificate management—enforcing least privilege and zero standing access at scale.
Defines and executes cloud security strategy across Azure and AWS by designing secure landing zones and zero trust guardrails; implements and operationalizes CSPM, CWPP, and CIEM capabilities to continuously reduce cloud risk and misconfiguration exposure.
Leads network and Zero Trust architecture modernization, including micro segmentation, NAC, next generation firewalls, secure remote access, and policy enforcement; delivers measurable isolation of critical systems and reduction of lateral movement risk.
Elevates security operations architecture and detection strategy, shaping SIEM and XDR correlation across endpoint, identity, email, cloud, and network telemetry; optimizes signal to noise, detection fidelity, and mean time to detect and respond (MTTD/MTTR).
Owns incident response architecture and organizational readiness, developing playbooks for containment, eradication, and recovery; ensures forensic readiness; leads post incident executive reviews and drives durable control improvements aligned to root cause analysis.
Scales security automation and orchestration through SOAR and API driven integrations, automating high impact detections, incident response workflows, access reviews, and vulnerability and patch pipelines; maintains policy as code and audit ready evidence collection.
Hardens enterprise email and social engineering defenses, enforcing DMARC, DKIM, and SPF, advanced BEC protections, and SEG/SASE integrations; analyzing attack trends to inform preventative controls and security awareness initiatives.
Owns enterprise vulnerability and patch governance, implementing risk based prioritization, remediation SLAs, executive dashboards, and validation of fixes; partners with Infrastructure and Cloud teams to continuously improve hardening baselines and exposure metrics.
Embed governance, risk, and compliance requirements into security architecture, aligning designs to HIPAA, HITECH, HITRUST, NIST CSF and 800 series controls, CIS Controls, and ISO 27001; delivering defensible metrics and board level reporting.
Applies healthcare specific security patterns for PHI, EMR/EHR platforms, and connected clinical devices, ensuring secure data flows, strong segmentation, and protection of patient care networks where applicable.
Leads security platform and vendor strategy, including evaluation and proof of value, selection, enterprise rollout, and optimization of EDR/XDR, SIEM, IAM/IGA/PAM, and cloud security platforms; demonstrate measurable risk reduction and return on security investment.

This description is not intended and should not be construed to be an exhaustive list of all responsibilities, skills and efforts or work conditions associated with the job. It is intended to be an accurate reflection of the general nature and level of the job.

What you will need:

Experience:

Five years of experience in Information Technology required (multiple areas preferred). 
Three years of experience in healthcare information security preferred.  
Demonstrated knowledge of Network Hardware Configuration, Network Protocols, Information Security requirements for healthcare, and policy creation required.  
Demonstrated knowledge of EMR products preferred.

License(s) & Certification(s):

Certified Information Systems Security Professional (CISSP) required
Other IT Security Certifications Desired: CISM, CISA, Microsoft, Cisco

Education:

Bachelor’s degree in computer science or information systems preferred.

Benefits at Vail Health (Full Time) Include:

Competitive Wages & Family Benefits:
- Competitive wages
- Parental leave (4 weeks paid)
- Housing programs
- Childcare reimbursement
Comprehensive Health Benefits:
- Medical
- Dental
- Vision
Educational Programs:
- Tuition Assistance
- Existing Student Loan Repayment
- Specialty Certification Reimbursement
- Annual Supplemental Educational Funds
Paid Time Off:
- Up to five weeks in your first year of employment and continues to grow each year.
Retirement & Supplemental Insurance:
- 403(b) Retirement plan with immediate matching
- Life insurance
- Short and long-term disability
Recreation Benefits, Wellness & More:
- Up to $1,000 annual wellbeing reimbursement
- Recreation discounts
- Pet insurance

The posted salary range for this position is the anticipated hiring range in Colorado and will be adjusted based on geographic location. Vail Health considers a variety of factors in making compensation decisions which influence the offer a candidate receives.

Yearly pay:

$104,208—$143,852.80 USD

Ready to apply?

APPLY

Share ·