Cybersecurity Architect - Acadia Healthcare

Acadia Healthcare is seeking a Cybersecurity Architect to join our team in Franklin, TN!

The first 90 days in this role will be fully in-person to ensure comprehensive onboarding and training. After the initial period, the position will transition to a hybrid model, with 3 days in the office and 2 days remote each week. 

PURPOSE STATEMENT: 

The Cybersecurity Architect will play a pivotal role in establishing and maintaining a secure and resilient cyber architecture that safeguards Acadia’s information assets, systems, and data. This role is responsible for designing, implementing, and enhancing security frameworks and technologies, with a focus on advanced threat detection, secure network design, and resilience in multi-cloud and hybrid environments. The Cybersecurity Architect will partner closely with cross-functional teams to embed security within the company’s systems and infrastructure and drive the adoption of best practices to mitigate cyber risks and maintain compliance with industry regulations.  

ESSENTIAL FUNCTIONS: 

• Architectural Strategy:Develop and drive Acadia’s cybersecurity architecture strategy, aligning with organizational goals, industry standards, and regulatory requirements, including those specific to behavioral health. 

• Security Framework Design:Lead the design and implementation of security architectures across on-premises, cloud, and hybrid environments, ensuring robust protection against internal and external threats while incorporating Zero Trust principles. 

• Risk Management:Identify security risks and gaps in IT systems, conduct risk assessments, and develop a risk management plan to mitigate vulnerabilities. 

• Continuous Improvement: Regularly evaluate the security architecture and recommend improvements to address emerging threats, technological advancements, and changing business requirements. 

• Secure Configuration Management: Follow best practices in secure configuration management, ensuring security standards are consistently applied across all systems and environments. 

• Identity and Access Management (IAM): Collaborate with IAM and IT teams to integrate secure identity and access management solutions, including single sign-on (SSO), multi-factor authentication (MFA), and privileged access management (PAM). 

• Documentation and Standards: Document security systems, configurations, and procedures to maintain consistency and support team training, audits, and incident response. 

• Threat Modeling & Detection: Develop threat models and deploy advanced threat detection capabilities to identify potential security gaps. Implement strategies for incident response, security monitoring, and intrusion detection across all layers. 

• Network Security:Assist in the design of secure network infrastructures, including firewalls, intrusion prevention systems, and secure network segmentation to protect against unauthorized access and data breaches. 

• Data Protection:Establish and enforce data protection protocols, including encryption, secure key management, and data loss prevention (DLP) measures to protect sensitive information and ensure data integrity.  Ensure data protection compliance with regulations such as HIPAA, 42 CFR Part 2, GDPR, and CCPA. Develop and enforce comprehensive data privacy protocols. 

• Compliance: Ensure the security architecture meets industry regulations such as HIPAA, SOX, and PCI, and adhere to industry standards like NIST and ISO. Implement security policies, controls, and procedures to support compliance efforts. 

• Emerging Technology & AI Integration: Assess the impact of emerging technologies, such as AI and machine learning, on cybersecurity. Explore AI-driven solutions for threat detection, predictive analysis, and process optimization. 

• Collaboration & Stakeholder Engagement: Work closely with IT, compliance, and business units to align security initiatives with organizational objectives and operational requirements. Work closely with business continuity management (BCM) teams to validate security practices during failover events and ensure resilience.  Provide security-planning advice for application and infrastructure projects. 

• Performance Metrics & Reporting:Establish key performance indicators (KPIs) for cybersecurity activities, report metrics to stakeholders, and provide actionable insights for continuous improvement. 

• Team Leadership & Mentorship:Provide technical guidance to security and IT teams on best practices in secure system design, fostering a culture of security-first development and continuous learning. 

• Healthcare Systems Security: Implement and enhance security measures for Electronic Health Record (EHR) systems, medical devices, and Internet of Things (IoT) infrastructure in alignment with healthcare security standards. 

• Disaster Recovery and Business Continuity:  Develop and maintain robust disaster recovery and business continuity plans, ensuring minimal disruption to critical systems and data in the event of an incident. 

• Performance Metrics & Reporting:  Establish and track key performance indicators (KPIs) for cybersecurity activities, linking these metrics to business outcomes and compliance requirements.  Provide actionable insights to leadership and recommend strategies for continuous improvement. 

OTHER FUNCTIONS:  

• Performs other tasks as assigned. 

STANDARD EXPECTATIONS: 

• Complies with organizational policies, procedures, performance improvement initiatives and maintains organizational and industry policies regarding confidentiality.  

• Development of constructive and cooperative working relationships. 

• Fostering mutual trust, respect, and cooperation among team members. 

EDUCATION/EXPERIENCE/SKILL REQUIREMENTS: 

• Education: Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field, or equivalent work experience. 

• Experience: At least 8 years of experience in cybersecurity, including 3+ years in a senior architecture role. Experience securing EHR systems, medical devices, IoT, and working within regulated environments (behavioral health and general healthcare preferred). 

• Expertise: Deep knowledge of security principles, advanced threat detection, and security frameworks (e.g., NIST, ISO). Experience with security solutions for multi-cloud environments, including AWS, Azure, and Google Cloud. 

• Architecture & Design: Proficient in designing security architectures with hands-on experience in network security, IAM, data protection, and vulnerability management. 

• Communication: Strong ability to communicate complex security concepts to both technical and non-technical audiences. 

• Project Management: Skilled in managing security projects, prioritizing initiatives, and delivering results within scope and budget. 

• Compliance Knowledge:Expertise in healthcare regulations such as 42 CFR Part 2, HIPAA, GDPR, and CCPA. 

• Leadership: Proven ability to lead and mentor teams, fostering collaboration and a commitment to security excellence. 

• Compliance: Deep understanding of relevant legal and regulatory requirements, including SOX, HIPAA, and PCI, with the ability to ensure compliance across all IAM processes. 

• Self-Motivation: Self-motivated with strong organizational skills and exceptional attention to detail. 

• Adherence: Ability to work within established policies, procedures, and practices set by the organization. 

• Continuous Learning and Development: Commitment to continuous learning and professional development in IAM. Stay current with emerging threats, new technologies, and best practices through ongoing education and training. 

• Language Skills: Proficient in English to provide and receive instructions and directions effectively. 

• Soft Skills: Exceptional empathy, discretion, and communication skills to address the sensitivity of behavioral health data. 

LICENSES/DESIGNATIONS/CERTIFICATIONS: 

• Certifications:Desired by not required, any one of these or a combination:  Preferred certifications include CISSP, CISM, Certified Cloud Security Professional (CCSP), Certified Information Security Auditor (CISA), GIAC's Security Expert (GSE), or GIAC Security Architecture (GDSA), Healthcare Information Security and Privacy Practitioner (HCISPP), HITRUST or ISC2 Information Systems Security Architecture Professional (CISSP-ISSAP).