Director of Information Security
2 days ago
🏡 Remote – Anywhere in California
Description
• Lead the development and implementation of comprehensive security policies, procedures, and standards to ensure the integrity, confidentiality, and availability of our health information. • Lead the company's ongoing compliance certification initiatives including HITRUST, SOC 2, ISO 27001, and others. • Oversee, enforce, and mature a robust information security and healthcare GRC program. • Manage improvements in our security operations and compliance program and develop new processes and standards as needed. • Responsible for the maintenance of all of our control frameworks, reporting on our current state of compliance, and building a modern culture of information security through the planning and delivery of the necessary policies, standards, and processes to incorporate information security into business practices. • Assist with the design, configuration, and implementation of our security architecture. • Design and conduct security awareness training programs for our employees and stakeholders. • Maintain operational security metrics to measure the effectiveness of our controls and identify any opportunities for improvement. • Create and maintain documentation of our security policies, procedures, incident response plans, and other relevant documentation. • Monitor security systems and networks for suspicious activities or potential breaches and respond promptly to security incidents. • Monitor compliance with our information security policies and procedures across all functions at Remo Health, addressing problems to the appropriate department manager or DRIs. • Collaborate with cross-functional teams to integrate security best practices into IT infrastructure and business processes, all while providing operational IT security support as necessary. • Lead security aspects of all vendor management across the company, including assessments and remediation. • Conduct regular risk assessments, security audits, and penetration testing to identify vulnerabilities and evaluate compliance with regulatory requirements and controls. • Stay informed and proactively research security and compliance changes in regulations or best practices that may affect our security policies. • Keep an accurate and timely log of all compliance gaps, publishes periodic compliance reports, assists
Requirements
• 10+ years of progressive experience in information security, with at least 5 years in a leadership role, preferably in healthcare technology. • Deep expertise in healthcare privacy laws (HIPAA, HITECH) and industry standards (SOC 2, NIST, ISO 27001, HITRUST). • Proven track record of successfully managing healthcare GRC programs and navigating complex compliance landscapes. • Demonstrable experience leading SOC 2 and HITRUST certification processes. • Current and relevant industry certifications such as CISSP, CISM, or equivalent. • Strong technical background with the ability to understand and evaluate complex IT infrastructures and emerging technologies. • Exceptional leadership skills with the ability to build, mentor, and inspire high-performing teams. • Outstanding communication skills, adept at translating complex security concepts for diverse audiences, from technical teams to C-suite executives. • Ability to build and lead a high-performing security team, fostering a strong security, compliance, and engineering culture. • Strategic thinker with a proactive approach to identifying and mitigating security risks. • Experience in a fast-paced startup environment is a plus.
Apply Now
