Information Security Architects

Announcement

Details

Open Date
11/13/2025

Requisition Number
PRN43583B

Job Title
Information Security Architects

Working Title
Information Security Architects

Career Progression Track
P00

Track Level
P4 - Advanced, P3 - Career, P2 - Developing

FLSA Code
Computer Employee

Patient Sensitive Job Code?
No

Standard Hours per Week
40

Full Time or Part Time?
Full Time

Shift
Day

Work Schedule Summary

Full-time, 40 hours per week. Monday - Friday.

Mostly remote work option available, with occasional on-campus meetings required at the University of Utah in Salt Lake City.

This position may require occasional travel.

VP Area
U of U Health - Academics

Department
02228 - Data Coordinating Center

Location
Campus

City
Salt Lake City, UT

Type of Recruitment
External Posting

Pay Rate Range
61,599 to 123,274

Close Date
02/13/2026

Priority Review Date (Note - Posting may close at any time)

Job Summary

This position is in the Utah Data Coordinating Center. Join the Utah DCC where we harness the power of collaboration, to advance science, move society, and benefit humanity. We offer opportunities to work with high functioning, cutting-edge teams that study, understand, and improve multi-site research. Autonomy, creativity, and critical thinking skills are strongly encouraged.

This Information Security Architect position is responsible for ensuring the secure operation of assigned information systems by implementing and maintaining a comprehensive risk management framework. This role involves developing security documentation, conducting continuous monitoring, and responding to incidents to protect systems and data from unauthorized access or compromise. It includes safeguarding sensitive information-such as personally identifiable data and blinded and unblinded study data-whose exposure could adversely affect organizational operations or compromise research. This position requires alignment with federal cybersecurity standards and policies, and close collaboration with internal stakeholders to ensure compliance and maintain a strong security posture across moderate-impact systems.

The Utah DCC offers a career ladder for Information Security Architects and provides growth and professional development opportunities.

To learn more about the Utah DCC visit ;/strong>

Work Environment and Level of Frequency typically required

Often: Office environment

Seldom: Outdoor environment, extreme cold, extreme heat, noise (there is sufficient noise to cause you to shout in order to be heard above the noise level), atmospheric conditions (conditions that affect the respiratory system, such as fumes, odors, dusts, mists, gases, or poor ventilation) and close quarters

Physical Requirements and Level of Frequency that may be required

Nearly continuously: Repetitive hand motion (such as typing), hearing, listening, talking, walking

Often: Sitting, bending, twisting

Seldom: Repetitive foot motion, climbing, kneeling, squatting, crawling, balancing, reaching overhead, pulling, pushing

The University of Utah offers a comprehensive benefits package including:

• Excellent health care coverage at affordable rates
• 14.2% retirement contributions that vest immediately
• Generous paid leave time
• 11 paid Holidays
• 50% tuition reduction for employee, spouse, and dependent children
• Flex spending accounts
• Free transit on most UTA services
• Employee discounts on a variety of products and services including cell phones & plans, entertainment, health and fitness, restaurants, retail, and travel
• Professional development opportunities

Learn more about the great benefits of working for University of Utah: benefits.utah.edu

This is posted as open-rank and may be filled at any of the listed job levels.

Responsibilities

Design framework of the information systems security infrastructure, setting the vision for cybersecurity systems. Act as technical expert and assess potential systems and process vulnerabilities to determine security infrastructure requirements. Develop policies and procedures to prevent unauthorized access. Educate and communicate security requirements and procedures to users and new employees. Recommend and implement changes to enhance systems security and prevent unauthorized access. Research security trends, new methods, and techniques used in unauthorized access of data to preemptively eliminate the possibility of system breach. Provide guidance and direction on best practices for the protection of information. Ensure compliance with regulations and privacy laws. May oversee internal or external systems security (e.g., cloud services).

Essential Functions

• System Authorization & Documentation: Guide systems through the Risk Management Framework (RMF) process to achieve and maintain Authorization to Operate (ATO). Develop and maintain security documentation including System Security Plans (SSPs), Contingency Plans (CPs), and Plans of Action and Milestones (POA&Ms).
• Security Control Implementation: Collaborate with technical teams to implement and manage security controls based on applicable standards and frameworks.
• Risk Management & Assessment: Conduct regular risk assessments, evaluate security controls, and recommend mitigation strategies to protect the confidentiality, integrity, and availability of information systems.
• Continuous Monitoring: Execute monitoring plans by reviewing system logs, conducting vulnerability scans, and tracking remediation efforts to maintain system security posture.
• Incident Response: Detect, report, and respond to security incidents. Coordinate with response teams to contain threats and remediate breaches.
• Audit & Compliance Support: Prepare documentation and artifacts to support internal and external audits. Ensure systems comply with relevant security policies, regulations, and standards.
• Policy Development & Training: Assist in developing and updating security policies and procedures. Provide training and guidance to promote security awareness and best practices.
• Stakeholder Coordination: Serve as the primary point of contact for security matters, collaborating with system owners, administrators, auditors, and other stakeholders to address compliance and drive security initiatives.

The department may choose to hire at any of the below job levels and associated pay rates based on their business need and budget.

Information Security Architect, II

Requires moderate skill set and proficiency in discipline. Conduct work assignments of increasing complexity, under moderate supervision with some latitude for independent judgment.

This is a Developing-level position in the General Professional track.

Information Security Architect, III

Considered highly skilled and proficient in discipline. Conduct complex, important work under minimal supervision and with wide latitude for independent judgment.

This is a Career-Level position in the General Professional track.

Information Security Architect, IV

Recognized as subject matter expert and advanced individual contributor professional. Requires specialized skill set. Conduct highly complex work, unsupervised and with extensive latitude for independent judgment.

This is an Expert-Level position in the General Professional track.

Minimum Qualifications

EQUIVALENCY STATEMENT: 1 year of higher education can be substituted for 1 year of directly related work experience (Example: bachelor's degree = 4 years of directly related work experience).

Department may hire employee at one of the following job levels:

Information Security Architect, II: Requires a bachelor's (or equivalency) + 4 years or a master's (or equivalency) + 2 years of directly related work experience.

Information Security Architect, III: Requires a bachelor's (or equivalency) + 6 years or a master's (or equivalency) + 4 years of directly related work experience.

Information Security Architect, IV: Requires a bachelor's (or equivalency) + 8 years or a master's (or equivalency) + 6 years of directly related work experience.

Preferences

• Demonstrated experience applying the NIST Risk Management Framework (RMF) and implementing NIST SP 800-53 security controls.
• Holds one or more relevant security certifications such as CISSP, CISM, Security+, or equivalent.
• Proven ability to develop and maintain security documentation including System Security Plans (SSPs), POA&Ms, and ATO packages.
• Skilled in conducting vulnerability assessments and using tools like Nessus or Qualys to identify and remediate risks.
• Hands-on experience detecting, reporting, and responding to cybersecurity incidents.
• Familiarity with preparing audit documentation and supporting compliance with federal cybersecurity standards.
• Knowledge of securing cloud environments such as AWS, Azure, or Google Cloud Platform.
• Strong written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders.
• Experience collaborating with cross-functional teams including system owners, administrators, and auditors.
• Ability to develop security policies and deliver training to promote cybersecurity awareness and best practices.

Applicants will be screened according to preferences.

Type
Benefited Staff

Special Instructions Summary

Additional Information

The University of Utah values candidates who have experience working in settings with students from diverse backgrounds and possess a strong commitment to improving access to higher education for historically underrepresented students.

Individuals from historically underrepresented groups, such as minorities, women, qualified persons with disabilities and protected veterans are encouraged to apply. Veterans' preference is extended to qualified applicants, upon request and consistent with University policy and Utah state law. Upon request, reasonable accommodations in the application process will be provided to individuals with disabilities.

The University of Utah is an Affirmative Action/Equal Opportunity employer and does not discriminate based upon race, ethnicity, color, religion, national origin, age, disability, sex, sexual orientation, gender, gender identity, gender expression, pregnancy, pregnancy-related conditions, genetic information, or protected veteran's status. The University does not discriminate on the basis of sex in the education program or activity that it operates, as required by Title IX and 34 CFR part 106. The requirement not to discriminate in education programs or activities extends to admission and employment. Inquiries about the application of Title IX and its regulations may be referred to the Title IX Coordinator, to the Department of Education, Office for Civil Rights, or both.

To request a reasonable accommodation for a disability or if you or someone you know has experienced discrimination or sexual misconduct including sexual harassment, you may contact the Director/Title IX Coordinator in the Office of Equal Opportunity and Affirmative Action:

Director/ Title IX Coordinator

Office of Equal Opportunity and Affirmative Action (OEO/AA)

383 University Street, Level 1 OEO Suite

Salt Lake City, UT 84112





Online reports may be submitted at oeo.utah.edu

For more information: ;/strong>
To inquire about this posting, email: or call .

The University is a participating employer with Utah Retirement Systems ("URS"). Eligible new hires with prior URS service, may elect to enroll in URS if they make the election before they become eligible for retirement (usually the first day of work). Contact Human Resources at for information. Individuals who previously retired and are receiving monthly retirement benefits from URS are subject to URS' post-retirement rules and restrictions. Please contact Utah Retirement Systems at or or University Human Resource Management at if you have questions regarding the post-retirement rules.

This position may require the successful completion of a criminal background check and/or drug screen.

This report includes statistics about criminal offenses, hate crimes, arrests and referrals for disciplinary action, and Violence Against Women Act offenses. They also provide information about safety and security-related services offered by the University of Utah. A paper copy can be obtained by request at the Department of Public Safety located at 1658 East 500 South.