Job Details

Security Lead/ Cyber Security Architect

The Security Lead / Cyber Security Architect is responsible for developing and overseeing the implementation of DataHouse's security architecture and strategy, ensuring the organization's systems, data, and networks are protected against cyber threats.

This position requires the candidate to be based in Hawaii and able to work on-site in Honolulu as needed.

Primary Responsibilities And Duties

• Lead Security Architecture Design: Develop and oversee the design and implementation of the company's security architecture, ensuring it is aligned with organizational goals and industry standards.
• Risk Management: Identify, assess, and mitigate security risks to protect company assets, data, and systems from external and internal threats.
• Security Strategy Development: Develop and implement comprehensive security strategies and roadmaps that include key policies, procedures, and practices to safeguard the company's information technology infrastructure.
• Security Compliance: Ensure that security architecture meets regulatory requirements and compliance standards, such as GDPR, HIPAA, or industry-specific regulations.
• Client Security Services: Lead the expansion and delivery of security services to DataHouse's clients, serving as a trusted advisor to executives in healthcare, public sector, and regulated industries.
• Security Awareness & Training: Promote a culture of security awareness throughout the organization, working with human resources to provide training and guidance to staff on security best practices.
• Governance & Compliance Leadership: Own the development, implementation, and certification of DataHouse's Information Security Management System (ISMS), including maintaining ISO 27001 certification and supporting compliance with HIPAA, NIST, and other regulatory frameworks.
• Collaborate with Leadership: Work closely with senior leadership, including the CTO, and other department heads, to ensure security strategies align with business priorities and technology initiatives.
• Incident Response & Recovery: Lead the development and implementation of incident response protocols, ensuring that the company is prepared to quickly detect, respond to, and recover from security breaches or incidents.
• Continuous Improvement: Continuously evaluate and improve the company's security infrastructure to stay ahead of evolving threats and technological changes.
• Mentorship & Leadership: Lead and mentor security teams, fostering a culture of collaboration, innovation, and ongoing professional development in security best practices.
• Vendor Management: Work with external vendors to evaluate and select security tools, technologies, and services to enhance the company's security posture.

Specific Responsibilities and Duties

• Develop and implement frameworks for the secure design and deployment of cloud services, network infrastructure, and enterprise applications.
• Lead the evaluation and integration of new security technologies and methodologies to enhance the company's security infrastructure.
• Collaborate with the IT department to ensure security controls are integrated into all software development and systems engineering processes.
• Define and enforce standards and best practices for secure software development, network security, data protection, and vulnerability management.
• Design, implement, and continually improve the organization's Information Security Management System (ISMS) to maintain ongoing ISO 27001 certification.
• Advise client leadership teams on IT governance, budget planning, security roadmaps, and risk management programs.
• Ensure security practices address requirements specific to healthcare, government, and other regulated industries.

Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 10+ years of experience in information security, with at least 5 years in a senior security architecture role or similar management position.
• Proven experience in designing and implementing security architectures for large, complex systems across multiple platforms (cloud, on-premise, hybrid).
• Expert knowledge of security frameworks, such as NIST, CIS, ISO 27001, comparable ISMS frameworks, and experience with industry compliance standards.
• Strong understanding of network security, encryption technologies, access controls, threat modeling, and risk management.
• Experience with public sector and healthcare IT security requirements preferred.
• Experience with cloud security, including public cloud platforms such as AWS, Azure, or Google Cloud.
• Leadership and team management experience, with the ability to mentor and inspire a security team.
• Excellent problem-solving and analytical skills, with the ability to design secure systems and mitigate risks proactively.
• Proven track record delivering security services to external clients, including executive advisory and program governance.
• Strong ability to communicate risk and security strategy to executives, boards, and non-technical stakeholders.
• Certified Information Systems Security Professional (CISSP) or other relevant certifications (e.g., Certified Cloud Security Professional (CCSP), Certified Information Security Manager (CISM)) is preferred.
• AWS/Azure/GCP security certifications preferred.

DataHouse is an equal opportunities employer and welcomes applications from diverse candidates.