Key skills
Enterprise Security ArchitectureSecurity EngineeringApplication SecurityProduct SecurityAI Security EnablementSecurity AutomationThreat ModelingSASTDASTSCAInfrastructure SecurityCloud SecurityZero Trust Network AccessMicrosegmentationPhishing-resistant MFAPrivileged Access ControlsSecrets ManagementVulnerability RemediationSecurity Metrics ReportingHIPAA ComplianceTeam CoachingAIAgenticIAMSaaSLeadershipCommunicationZero Trust
About this role
Claritev is a dynamic team of innovative professionals striving to bend the cost curve in healthcare. They are seeking a Director of Security Architecture & Engineering to lead the strategy, design, and delivery of enterprise security architecture and engineering, focusing on modernizing the security program and enabling secure technology outcomes across various environments.
Responsibilities:
- Define and lead the vision, strategy, roadmap, and operating model for security architecture, security engineering, application/product security, AI security enablement, and security automation, aligned to business priorities, regulatory expectations, and enterprise risk
- Build a cohesive operating model across architecture, engineering, application security, and automation, including intake, prioritization, delivery management, role clarity, stakeholder communication, and measurable outcomes
- Establish and mature enterprise security architecture standards, reference patterns, secure-by-default design principles, and design review processes that improve consistency, reduce risk, and reduce friction for technology teams
- Lead security engineering to deliver scalable preventative and detective controls, hardening, automation, and reusable security patterns across identity, cloud, endpoints/servers, enterprise platforms, SaaS, data, and other core technology environments
- Drive application and product security maturity across the software development lifecycle, including secure design, threat modeling, code and pipeline security, SAST/DAST/SCA/IaC coverage, vulnerability remediation practices, developer enablement, and tooling effectiveness
- Provide security architecture and engineering leadership for AI and data use cases, including secure design patterns, data protection, access control, AI-generated code risk, agentic AI considerations, guardrails, and alignment with enterprise AI governance expectations
- Partner with IAM, AI, and platform teams to mature non-human identity controls, including ownership, inventory, least privilege, secrets lifecycle, scoped permissions, automated revocation, and monitoring for service accounts, workloads, APIs, integrations, and AI agents
- Lead practical security automation efforts that improve engineering throughput, application security coverage, vulnerability triage and remediation support, control validation, evidence collection, reporting, and repeatable security workflows
- Partner with the SOC Director and Security Operations team to ensure architecture, controls, telemetry, automation, and platform integrations support faster detection, response, containment, and recovery
- Modernize security controls and architecture patterns to reduce exposure and potential impact, including support for zero trust network access, microsegmentation, egress controls, phishing-resistant MFA, privileged access controls, endpoint/server hardening, secrets management, cloud security, SaaS security, and compensating controls for legacy assets
- Hire, lead, coach, and develop a team that includes, or will include, security architecture, security automation & engineering, product / application security engineering, identity security engineering, and AI security architecture / engineering / governance capabilities, along with contractors and external partners
- Partner with Engineering, Infrastructure, Enterprise Architecture, Data, AI, Product, GRC, IAM, SOC, Legal, Procurement, and other business leaders to embed security requirements into major initiatives such as cloud architecture, platform changes, application modernization, third-party integrations, and emerging AI/data use cases
- Balance strategic architecture work with pragmatic delivery by focusing the team on the highest-risk, highest-leverage work, improving throughput, removing blockers, and ensuring commitments are met
- Assess current tools, vendors, processes, and control effectiveness; simplify, standardize, automate, integrate, or replace where needed to improve scalability, reduce security friction, and support sustainable execution
- Provide security architecture and engineering leadership for major technology initiatives, ensuring risks are understood early and practical mitigations are built into plans
- Align with peer leaders across the security program, including GRC, Security Operations, IAM, to ensure consistent priorities, messaging, and execution
- Define and report on metrics that demonstrate progress, such as control adoption, application security coverage, remediation throughput, automation impact, secure pattern adoption, NHI risk reduction, developer friction, and safe AI adoption
- Identify capability gaps and build a practical growth plan for the function as priorities, risks, threats, capabilities, budget, and staffing needs evolve
- Select, develop, and evaluate staff to ensure efficient team operations
- Ensure compliance with HIPAA regulations and requirements
- Demonstrate Company's competencies and core values held within
- The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary
Requirements:
- Experience in leading security architecture and engineering teams
- Proven ability to define and lead the vision, strategy, roadmap, and operating model for security architecture
- Strong knowledge of enterprise security architecture standards and secure-by-default design principles
- Experience in application and product security across the software development lifecycle
- Ability to drive security automation efforts that improve engineering throughput and application security coverage
- Experience in modernizing security controls and architecture patterns
- Strong leadership skills to hire, coach, and develop a diverse team
- Ability to partner with various teams to embed security requirements into major initiatives
- Experience in assessing tools, vendors, processes, and control effectiveness
- Ability to define and report on metrics that demonstrate progress in security initiatives
- Knowledge of compliance with HIPAA regulations and requirements