Job Description – Director, Information Security
Xealth, recently named one of the Best Places to Work in Seattle, is growing!
We’re a highly skilled, passionate team, disciplined in our agile approach, with a track record of success –– and we are proud to be applying our efforts to improve health options for everyone. Our HIPAA compliant solution runs on AWS, integrating 3rd-party digital healthcare solutions, Electronic Health Records, and practice management systems such as Cerner and Epic.
Xealth’s mission is to improve healthcare for everyone by enabling doctors and patients to easily access digital content and services that are relevant, timely, and targeted. We are disrupting healthcare from the inside and are on a mission to change people's lives through technology and there is much more to be done to help our customers meet the needs of their patients.
- Ownership of cybersecurity policies, protocols, and procedures
- Ownership of cloud security framework, architecture and tools for threat monitoring: establish protocols, monitor for threats, intrusions, and attacks
- Ownership of security incident response process and point person to communicate to customer;
- Keep current on cybersecurity threats
- Manage compliance programs and ensure Xealth’s infrastructure, products, services, and processes are compliant with relevant regulatory requirements.
- Provide leadership and project management to improve Information Security on the Xealth Platform.
- Point person and program manage IS/security compliant related third party audits.
- Security and technical reviews for sales and marketing team.
- Provide security review for new platform features and updates
- 15+ years of experience in a security domain
- CISSP accredited
- Detailed working knowledge of AWS, with recent hands-on experience configuring and maintaining cloud-based solutions running on AWS, including attached volume lifecycle, auto-scaling, cloud-configuration, security, instance lifecycle.
- Knowledgeable about cyber security services and tools, such as Lacework and relevant AWS services and tools
- Strong security background, especially in the fields of IT security, application security, or cloud security
- Highly technical with both tactical and strategic capabilities, including Network Security, Platform Security, Data Security, Vulnerability Management, IAM, Detection, and Incident Response
- Data driven decision maker with the ability to operate with freedom and autonomy
- Emphasis on a data-driven, decision-making mindset
- Strong written and verbal communication skills
- Experience working with distributed teams and other cross-functional stakeholders
- Highly collaborative in a high performance team environment
- Have designed and implemented software development automation such as continuous delivery solutions, software deployment, and software quality tests.
- Hands-on experience in cybersecurity, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, monitoring systems, etc. This experience should include cybersecurity product acquisition decisions.
- Hands-on with network systems and security, inclusive of internet and web technologies (applications, services, SOA) down to internet and web protocols, firmware, and hardware.
- Thorough understanding of the latest security principles, techniques, and protocols.
- Have studied and applied current legal compliance regulations, including HIPAA and SOC2.
- Problem-solving skills in a software engineering environment, with proven ability to work under pressure.
Legal right to work:
Candidates who are currently located in the US, and are a US Citizen, or have a Green Card are welcome to apply. We are currently not taking applicants from those currently working in the US on an F-1, F-1 Opt, or F-1 Opt Ext.
The Xealth product is a cloud-based digital health platform, enabling clinicians to easily prescribe digital health tools for their patients, monitor their progress, drive usage, and ultimately attain improved health (with significantly lower long-term health costs).
Xealth was incubated and spun out of Providence St. Joseph Health (PSJH) in 2017. Investors include Advocate Aurora Enterprises, Atrium Health, Banner Health, Cerner, ChristianaCare, Cleveland Clinic, Cone Health, Memorial Hermann, MemorialCare Innovation Fund, McKesson Ventures, Nebraska Medicine, Novant Health, Novartis, Philips, ResMed, Providence Ventures, Stanford Health Care, UPMC and the Froedtert and Medical College of Wisconsin Health Network. Key clients also include Baylor Scott & White Health, Duke Health and Mass General Brigham.
Due to patient success and subsequent clinician demand, Xealth is experiencing rapid growth in the clinical health IT space, most recently raising its Series B funding in September 2021. All investors in this round are leading health systems, demonstrating the value of Xealth in advancing digital connections between clinicians and their patients.
Xealth has been named to the CB Insights Digital Health 150, awarded the “Best Connected Health Platform” by the MedTech Breakthrough Awards, named as a New EHR Advance 2021 finalist in the UCSF Health Awards, and was named to Fast Company’s Annual List of the World’s Most Innovative Companies in 2020.
Compensation & Benefits
Xealth offers a multi-tiered approach when constructing a highly competitive compensation package. The compensation package would include a base salary, equity, and a comprehensive suite of benefits.
Xealth is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. Xealth is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided