Candescent is the leading cloud-based digital banking solutions provider for financial institutions. We are transforming digital banking with intelligent, cloud-powered solutions that connect account opening, digital banking, and branch experiences for financial institutions. Our advanced technology and developer tools enable seamless, differentiated customer journeys that elevate trust, service, and innovation. Success here requires flexibility in a fast-paced environment, a client-first mindset, and a commitment to delivering consistent, reliable results as part of a performance-driven, values-led team. With team members around the world, Candescent is an equal opportunity employer.

Security Architect

The Security Architect provides critical security oversight, risk management and architectural guidance for a new technology platform we are implementing. The large-scale implementation involves the complex migration of multiple in-house, on-premises applications to a third-party Healthcare Information Technology solution hosted in the cloud. The architect will be instrumental in ensuring the confidentiality, integrity and availability of sensitive patient and corporate data throughout the migration and in the resulting cloud environment.

This role requires a deep understanding of cloud security best practices, financial services compliance standards (FFIEC, PCI,…), and a proven ability to translate complex business requirements into robust and scalable security architectures. The Security Architect will report to the leader of Security Architecture and Cloud Security.

Security Architecture and Design

• Validate, and if necessary, update the security architecture for the target cloud-based HIT environment, ensuring alignment with organizational security policies, industry best practices (e.g. NIST) and compliance frameworks.
• Evaluate the security posture of the third-party solutions and the underlying cloud infrastructure, identifying and documenting architectural gaps and control deficiencies.
• Develop security requirements and controls for application integration, data transfer, identity and access management, data encryption (in transit and at rest), network segmentation, and logging/monitoring within the cloud environment.
• Collaborate with project teams, application owners and the third-party vendor to ensure security is “built-in” from the initial planning and design phases.

Risk Management and Compliance

• Collaborate with the Risk Management team to ensure security findings are documented and remediation plans are in place as discovered.
• Provide guidance on FFIEC Security and Privacy Rules, and other relevant regulations (e.g PCI-DSS) to ensure the solution meets all regulatory requirements for protecting sensitive data.
• Define security metrics, reporting mechanisms, and audit trails to demonstrate ongoing compliance and security effectiveness.

Oversight and Consultation

• Serve as the primary security subject matter expert (SME) for the migration project, advising senior leadership and technical teams on security implications.
• Review and approve technical security configurations, including firewall rules, encryption key management, security information and event management (SIEM) integration, and access controls.
• Work with the Risk Management team to incorporate security governance processes for the new environment.

Required:

• Minimum 5 years of progressive experience in IT security with at least 3 years focused on security architecture and design for complex enterprise-level systems.
• Cloud Security: Deep, hands-on experience security solutions in a major public cloud platform (AWS, Azure, and/or GCP).
• Financial Services Compliance: Demonstrated expertise with HIPAA/HITECH and proven ability to design and implement controls required for PHI in a cloud environment.
• Strong knowledge of networking protocols, encryption techniques, zero-trust principles and cloud security guardrails.
• Proficiency in security-as-code and cloud native security tools (e.g. Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP).
• Excellent written and verbal communication skills, with the ability to articulate complex security concepts to both technical and non-technical audiences.

Required:

• B.S. in Information Systems, Computer Science, Business Administration, or a related field or equivalent work experience.
• At least one cloud provider security certification (eg AWS Certified Security Specialty, Azure, Security Engineer, GCP Security)
• Specialized cloud architecture/security bootcamps (cloud, security alliance)
• Training in security-as-code and cloud native security tools (e.g. Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP).
• Hybrid work environment

Preferred:

• Graduate degree in Computer Science or related field
• CISSP (Certified Information Systems Security Professional
• CCSP (Certified Cloud Security Professional)
• Platform-specific certifications (e.g. Azure Security Engineer Associate, AWS Certified Security – Specialty)

Statement to Third Party Agencies
To ALL recruitment agencies: Candescent only accepts resumes from agencies on the preferred supplier list. Please do not forward resumes to our applicant tracking system, Candescent employees, or any Candescent facility. Candescent is not responsible for any fees or charges associated with unsolicited resumes.