Director of IT Security at Vytalize Health

Your Opportunity

The Director of Information Security Architecture and Cyber Risk is responsible for the high-level cyber security design and blueprint.  Leads in the strategic development and provides governance for the execution of a multi-year enterprise cyber security strategy using current, emerging, and next gen technologies. Works closely with the cyber security architect and IT teams to transition from design or pilot to deployment and ensure all appropriate documentation and processes are developed in accordance with the information security policies.  Developing information security dashboards, metrics, and monitoring effectiveness.

What you will do

Enterprise Architecture

• Leadership role in planning, recommending, tools, techniques and technologies to protect and secure Vytalize infrastructure, systems, and data.
• Development of orchestration, automation, and response and integration and streamline the different security tools to reduce mean time to detect (MTTD) and mean time to respond (MTTR), improving overall security posture.
• Evaluates financial and resources and recommends new information security products
• Provides information security expertise in the development of complex solutions and new information security projects. Serves as the technical information security subject matter.
• Maintains knowledge of emerging technologies for future information security tools and products. Develop and socialize the information security technologies vision and roadmap.
• Development of orchestration, automation, and response and integration and streamline the different security tools to reduce mean time to detect (MTTD) and mean time to respond (MTTR), improving overall security posture.

Response Plans

• Develop, maintenance, and test of the business continuity plans to effectively sustain business process during and after a disruption.
• Develop, maintenance, and test of the crisis communication plan to effectively communicate with internal and external stakeholders during and after a disruption.

• Collaborate with data analytics to reduce data silos, ensure compliance and information security, non-production environments data is de-identified, and data access in accordance with minimum necessary.
• Develop and maintain a Governance Risk and Compliance Committee charter that defines the purpose, goals and objectives, organizational structure, membership and responsibilities and meeting cadence that aligns the regulatory, policy and organizational requirements.
• Prepare and distribute Governance Risk and Compliance Committee cyber security reports to summarize risk assessments, compliance status, and recommendations for improvement.
• Foster a culture of compliance and risk management throughout the organization

Compliance Oversight

• Monitor and track regulatory changes, ensuring that the organization remains compliant with all relevant cyber security laws, standards, and industry regulations.
• Maintain the information security policies and procedures to align with best practices and compliance requirements.
• Collaborate with internal and external audit teams, providing documentation and evidence as needed to demonstrate compliance and adherence to the information security policies.
• Develop and maintain a cyber security framework continuous assessment process to provide assurances that the controls in place are operating effectively.

Exposure Management

• Serve as a subject matter expert in threat modeling, secure code reviews, red and blue teams, vulnerability scans and penetration testing to identify and address security weaknesses in software systems which includes secure coding practices, encryption mechanisms, and access controls to protect against common security threats such as SQL injection, cross-site scripting (XSS), and buffer overflows.
• Maintain and enhance the vulnerability dashboard to remediation the vulnerability assessment findings, including penetration test, application security test, and internal and external vulnerability scans.

Collaboration and Communication

• Collaborate with cross-functional teams to socialize the information security tool roadmap to incorporate all requirements into the solution.
• Communicate security risks, issues, and recommendations to CISO and stakeholders with the recommendations and residual risk.

• Develop, maintenance, and test of the disaster recovery plan communication to effectively restore the operability of a system, application, or infrastructure.
• Integration the incident response plan into the disaster recovery and business continuity, serve as an incident response lead, and assist with testing of the incident response plan.

Training and Awareness

• Develop and maintain the training programs to educate employees on regulatory and cyber security and privacy best practices fostering a culture of awareness and accountability.
• Conduct regular simulated phishing exercises to educate and detect malicious emails and other malicious events.
• Develop metrics to demonstrate the effectiveness of the training program and improve phishing detection and response.

Risk Management

• Develop a cyber security risk management program to quantify and qualify cyber security threats, vulnerabilities, and risks and apply risk mitigation strategies.
• Conduct comprehensive risk assessments to identify potential threats and vulnerabilities within the organization's operations.
• Identify, assess, and prioritize risks related to the organization’s operations, processes, and systems.
• Develop and maintain a cyber security risk register with the risks, risk ratings, risk mitigation strategies and action plans.
• Monitor risk exposure and risk action plans and report to the Chief Information Security Officer and the Compliance Committee.
• Collaborate with compliance team the cyber security risks and the action plans.
• Prepare and distribute regular reports to management and stakeholders summarizing risk assessments, compliance status, risk treatments plans, and recommendations for improvement.

Supplier Risk

• Conduct vendor risk assessments to identify and document potential supplier cyber security risks, threats, and vulnerabilities for management approval.
• Develop a process for third-party compliance requests monitoring and tracking and ensure timely completion.
• Collaborate with legal and procurement teams to manage vendor relationships and ensure timely execution of vendor risk assessments.

Governance

• Identify data where data is processed, transmitted, and stored to ensure that data is secure and accessible in accordance with business and regulatory requirements and retention.

What you will need

• 15+ years of experience in cybersecurity and secure configuration of systems within the healthcare industry.
• Certifications such as CEH, CISSP, etc. and bachelor’s degree or equivalent in Computer Science, Computer Engineering, Business Administration
• Strong knowledge of incident response, orchestration, automation, and threat hunting processes.
• Expertise in evaluation and recommending of enterprise cyber security architecture tools and solutions.
• Extensive experience with threat modeling and vulnerability exploitation techniques.
• Knowledge of Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH), and Payment Card Industry Data Security Standards (PCI DSS).
• Expertise with recommending and designing enterprise information security tools and solutions.
• Expertise with information security risk and risk management processes.
• Mentor team members, fostering an environment of continuous learning and professional development in advanced security technologies.
• Collaborate closely with cybersecurity team to develop comprehensive security strategies and resolve complex cyber security issues.
• Leadership role in defining AI, tools, techniques, and technologies used to connect and secure the Vytalize ecosystem.
• Experience with development of compliance monitoring programs to identify control deficiencies and recommend process improvements.
• Sound business discernment and flexibility to identify compensating or mitigating controls to reduce risk.
• Excellent written and verbal communication skills.
• Bachelor's degree or equivalent in Computer Science, Computer Engineering, Business Administration

 

Perks/Benefits 

• Competitive base compensation
• Annual bonus potential 
• Stock options 
• Health benefits effective on start date; 100% coverage for base plan, up to 90% coverage on all other plans for individuals and families  
• Health & Wellness Program; up to $300 per quarter for your overall wellbeing  
• 401K plan effective on start date; 100% of up to 4% of your annual salary 
• Company paid STD/LTD 
• Technology setup  
• Ability to help build a market leader in value-based healthcare at a rapidly growing organization  

Please note at no time during our screening, interview, or selection process do we ask for additional personal information (beyond your resume) or account/financial information. We will also never ask for you to purchase anything; nor will we ever interview you via text message. Any communication received from a Vytalize Health recruiter during your screening, interviewing, or selection process will come from an email ending in @vytalizehealth.com.