Director, Security & Privacy

About The Position

Requirements

• Bachelor’s degree in related field required
• 5-7 years of related experience in change management and steering third party compliance audits and network/wireless/web app penetration tests, and acting upon remediation recommendations
• Comprehensive understanding of National Institute of Standards and Technology (NIST) 800-53, ISO27001/27701, SOC2 Type 2 and similar regulations
• Deep knowledge of Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH Act), and the Sarbanes-Oxley Act (SOX)
• Excellent written and verbal communication skills, with the ability to present and clearly disseminate information to all audiences, internal and external
• Overall knowledge and usage of cybersecurity tools, such as SIEM, EDR, and XDR
• Proven track record implementing strong identity and access management policies to enforce the principle of least privilege across all infrastructure and SaaS applications
• Robust experience analyzing cloud infrastructure misconfigurations and prioritizing risk-based mitigations
• Strong familiarity automating application security testing (SAST/DAST/SCA) and executing remediations
• Demonstrated interest identifying emerging technology risks (e.g. software supply chain and AI)

Responsibilities

• Perform information systems security and assurance audits of networks, systems, applications, platforms, databases, and operating procedures in accordance with established auditing standards
• Participate in vulnerability and risk assessment reviews and evaluations of the EHE’s IT infrastructure to determine adequacy of the controls to detect and prevent unauthorized activities, provide an acceptable level of risk to the organization, and establish controls to mitigate loss
• Conduct third party risk assessments and oversee adherence to EHE requirements
• Communicate with and educate process owners on the importance of controls and an effective control environment
• Analyze security event data from customer computing platforms, network elements, and security devices
• Perform health checks on relevant operational systems
• Generate routine metrics and operational reports
• Perform threat research on emerging cyber-attacks that could impact our clients and patient
• Develop actionable, repeatable, measurable, and reportable security strategies
• Promote awareness of security policies and related security topics
• Lead EHE's response to all client and prospect security and privacy inquiries

Benefits

• Competitive salary
• Medical, dental, vision, life and disability insurance
• Employer-matched 401(k) plan
• Professional development reimbursement
• Employee access to our wellness clinics
• Gym reimbursement/Fitness bonus