The Association of American Medical Colleges is a not-for-profit association dedicated to transforming health care by supporting the entire spectrum of medical education, medical research, and patient care conducted by our member institutions. We are dedicated to the communities we serve and steadfast in our goal to improve the health of all.
At the AAMC, we are committed to supporting our employees with a comprehensive benefits package designed to promote well-being, professional growth, and work-life balance. Highlights include:
Remote Work – Fully remote work available for most positions
Retirement Savings – Generous 403(b) employer contributions and financial wellness resources, including professional financial advising.
Health & Wellness Perks – Fitness and bicycle subsidies, on-site and virtual wellness programs (live yoga, meditation, mental health webinars, flu shot clinics, and more)
Support & Family Care – Employer paid Employee Assistance Program (EAP) and back-up care options for children, adults, elders, and even pets
Additional information can be found on our website.
The Security Architect leads the design and oversight of enterprise security architecture to protect organizational data, infrastructure, and member information. This role ensures security principles, best practices, controls, and frameworks are embedded into business systems, cloud services, and infrastructure in alignment with regulatory, compliance, and organizational requirements. It provides strategic leadership over data security architecture, including data classification, data protection controls, secure data flows, encryption, tokenization, masking, and access governance across the enterprise.
This is a hands-on role that performs direct engineering activities across cloud and security platforms, including the implementation of cloud-native security controls, secure configuration of AWS and SaaS services, hardening of identity and access models (including role-based access controls (RBAC) and least privilege), and deployment of automated guardrails and security tooling. The position also conducts hands-on testing, validation, and tuning of cloud security services such as Cloud Security Posture Management, Cloud Infrastructure Entitlement Management, Cloud Workload Protection Platform, logging pipelines, and security detections.
The role also converts best practices into formal security policies and standards. The Security Architect acts as a strategic partner and trusted advisor to IT leadership, providing guidance that balances security, compliance, and operational priorities by understanding problems or opportunities and delivering value-add solutions. This includes advising on the secure design of data repositories, analytics platforms, and integrations to ensure confidentiality, integrity, availability, lifecycle protection, and appropriate handling of sensitive information across both on-premises and cloud environments.
Design and oversee enterprise security architecture:
Lead the development and enforcement of security principles, best practices, and frameworks across business systems, cloud services, and infrastructure.
Ensure alignment with regulatory, compliance, and organizational requirements.
Data security leadership and implementation:
Lead initiatives for data classification, encryption, tokenization, and access governance.
Advise on secure design and handling of sensitive information across enterprise, including analytics platforms and integrations.
Ability to map security requirements to the data lifecycle
Hands-on cloud security engineering:
Implement cloud-native security controls and harden configurations in AWS, Azure, and third-party SaaS platforms.
Deploy automated guardrails, security tooling, infrastructure as code, and logging/monitoring pipelines.
Conduct hands-on testing, validation, and tuning of cloud security services (CSPM, CIEM, CWPP, etc.).
Threat modeling, risk assessment, and control validation:
Conduct threat modeling to identify potential risks across systems and cloud environments.
Assess risks, vulnerabilities, and controls; recommend remediation strategies for enterprise and cloud environments.
Policy, standard, and framework development:
Convert best practices into formal security policies, standards, and guidance documents.
Ensure policies support both operational needs and compliance requirements.
Cross-functional collaboration with Data Governance & Privacy
In support of data and records retention policies, knowledge of retention schedules and defensible deletion practices.
Understanding of secure archival and approved destruction methods.
Risk Register:
Maintain and oversee the security risk register, ensuring risks are continuously reviewed for priority, accurately documented, assessed, and updated.
Strategic advisory and collaboration:
Act as a trusted advisor to IT leadership, providing guidance that balances security, compliance, and operational priorities
Understand business problems or opportunities and recommend value-add security solutions.
Understanding of data-sharing agreements and secure data exchange protocols.
Required Qualifications:
Required: Bachelor’s degree in Computer Science, Information Security, or related field; or equivalent work experience.
Preferred: Master's degree in Computer Science, Information Security, or related field; or equivalent work experience.
8-10 years of related work experience
Experience in security architecture, engineering, or related security disciplines.
Ability to help drive security strategy alignment
Ability to innovate and instigate change to manage organizational security architecture through threat assessment, management and standards implementation
Ability to be the senior specialist responsible for a strategic security architecture that focuses on organizational risk management, technical security architecture and data governance.
Ability to report on security risks and assume the role of champion for security architecture strategy
Ability to effectively collaborate across teams and develop a sphere of influence.
Preferred Qualifications:
Strong knowledge of security frameworks (e.g., NIST CSF, AWS FSBP, TOGAF)
Certifications: Professional certifications such as CISSP, CISM, CCSP, or equivalent.
Remote Work Eligibility
This position is eligible for remote work in the contiguous USCompensation Grade Range
$124,950.00-$147,000.00Multiple factors are taken into consideration to arrive at the final hourly rate/annual salary to be offered to the selected candidate. Factors may include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, as well as internal equity, market, and business considerations.
If a bachelor’s degree is required, related work experience may be substituted in some positions. One year of college course work at an accredited institution is equivalent to one year of related work experience.
The Association of American Medical Colleges (AAMC) is an Equal Opportunity/Affirmative Action Employer. The AAMC is committed to the policy of an equal employment opportunity in recruitment, hiring, career advancement, and all other personnel practices. The AAMC will not discriminate on the basis of race, color, sex, national origin, religion, age, marital status, personal appearance, sexual orientation, gender identity or expression, family responsibilities, matriculation, political affiliation, genetic information, disability, past or current military service, or any other legally protected characteristic.
Please attach a resume as part of the application process. It is important that files DO NOT include periods ( . ) within the file name.
BROWSER REQUIREMENTS: Applications must be submitted using Chrome, Mozilla Firefox, Safari, or Microsoft Edge.