Director, Information Systems Security – Privacy
Job Description:
- Lead and coordinate multi-disciplinary teams across the company to successfully complete internal and third-party audits and attestations, including for SOC-2 and HITRUST
- Support our quality/regulatory function for components of US and international regulations related to privacy and security
- Maintain compliance with our existing policies and procedures related to compliance with applicable laws, regulations, customer requirements, and best practices, and evolve them to ensure we meet our customers’ and patients’ needs
- Serve as a technical leader for cybersecurity strategy and implementation, with an ability to work as an individual contributor alongside direct reports (player-coach role).
- Execute and improve upon a cybersecurity roadmap for new system deployments and integrations.
- Create and adhere to budgets, driving cost-cutting opportunities and cost-conscious decisions.
- Aggressively drive cybersecurity vulnerability remediations.
- Interface with customer data security and privacy teams during vendor assessments, maintaining timelines to support sales and projecting competence and confidence to the customer on the company’s behalf
- Collaborate with the product development, software, and research teams to incorporate security and privacy best practices into the design, testing, and maintenance of our products, services, operational tools, and cloud infrastructure
- Complete routine compliance activities related to software and computing infrastructure hardening, monitoring, remediation, testing, patching, and documentation.
- Enterprise systems administration, maintenance, and optimization (e.g. NetSuite, MS Office, Salesforce, GSuite)
- IT Support oversight for corporate computing resources including policy implementation and maintaining high SLAs for internal staff.
- Leadership for small GRC/ISS team
- Responding to compliance questionnaires from prospective and existing clients.
Requirements:
- Cybersecurity background
- Bachelor's degree in relevant field
- Experience maintaining organizational compliance using cloud providers including Amazon Web Services and Google Cloud Platform
- Experience managing compliance for a healthcare company is strongly preferred
- Understanding in the following areas: Antivirus/EDR, Patch Management, Serverless Infrastructure (AWS and GCP), Firewall Configuration, CASB, Encryption (in transit and at rest, FIPS), Multifactor Authentication, Single Sign on, Data Loss Prevention (Host and Network DLP), Host Intrusion Detection/Prevention, Network Intrusion Detection/Prevention, Security Operation Center (SOC) Management, SIEM, Disaster Recovery, Business Continuity, Vulnerability Scanning, Penetration Testing, Mobile Device Management, DNS, DHCP, WAF - Web Application Firewall, Tabletop Exercises, Content Filtering, Identity Management (e.g. MS Active Directory)
- Experience with the below technologies is a plus: MS Defender Suite, Intune, Jamf, EntraID
Benefits:
- Pay Range - $200,000+ annual base salary
- Annual Bonus Opportunity
- Equity Options
- Flexible Paid Time Off (Guaranteed four weeks of PTO)
- Paid Sick Leave (up to 40 hrs annually)
- Fully Paid Parental Leave (12 weeks for birthing parents, 8 weeks for non-birthing/adoptive parents)
- Competitive Medical, Dental, and Vision plans – Podimetrics covers 80% of premiums.
- Health Savings Account with employer contribution
- Employee Assistance Program - Free, confidential advice for team members who need help with stress, anxiety, financial planning, and legal issues.
- 401k
- Life Insurance - Podimetrics pays 100% of the cost of Basic Life & Personal Accident
- Disability insurance – Podimetrics pays 100% of the cost of Short-Term and Long-Term Disability Insurance
- Additional life insurance, critical illness, and accident coverage are available
Apply tot his job Apply To this Job