Listing Description
The Chief Information Security Officer will be the leader of Information Security at Included Health. This position's primary responsibility is safeguarding patient, employee, customer, and third-party vendor data. You will be responsible for leading the team that designs, builds, implements, and maintains a world-class security program end to end. You will also be the executive representation for information security with our customers, prospects, investors, and board members.
Security is a strategically important pillar of our business, critical for the sustained growth of our company. This position is an exciting opportunity that requires strong technical competency, a proven managerial track record, and transformational leadership to continue the evolution of our enterprise security program for the future. Bring your best self, sense of humor included - we work hard, but we like to play hard too.
Responsibilities:Set the mission, vision, and strategy for the Information Security organization.Build trust, whether working cross-functionally with internal stakeholders or collaborating externally with our customers, including CISOs and other Security professionals at Fortune 100 companies.Provide thought leadership and guidance while ensuring teams are engaged and focused on short-term priorities while establishing the long-term strategy.Evangelize information security internally and externally, both with employees and company leadership as well as investors, clients & prospects, as well as board-level committees.Continuously expand on the information security roadmap with the respective leaders in the Infosec organization.Execute leadership and oversight for the implementation and automation of security capabilities, systems, and services - drive and evangelize the different functions within Information Security to business units and critical stakeholders across the Enterprise, including but not limited to IDS/IPS, SIEM, Vulnerability Management, Architecture Review, SAST/DAST, WAF, Incident Response, and Third Party Risk Management.Manage internal and external security/risk assessments, programs, penetration testing, bug bounty, vulnerability management, etc.Set the strategy to maintain existing security certifications (SOC2 Type 2 and HITRUST), and keep an eye on the future (e.g., FedRAMP and PCI ROC).Collaborate with audit, compliance, and privacy departments to maintain and enhance shared capabilities within the business, product, and services that Included Health provides.Manage capacity, budget, and resource allocation to meet growth initiatives and to ensure alignment with high-value projects to revenue generation, cost reduction, and business objectives.Engage with Executive Leadership and Board to create visibility into relevant Security topics, provide updates on the threat landscape, and discuss mitigation strategies.Set the direction for creating and/or maintaining documentation of relevant standard operating policies and procedures and incorporating OKRs and KPIs to drive and measure the success of the Information Security program.
Qualifications:Previous security executive leadership experience, ideally as a Head of Security or Chief Information Security Officer.Excellent communication skills at an executive level and the ability to dive deeper and document and explain technical details clearly and concisely.Previous experience leading Product Security, Governance Risk & Compliance, and Security Engineering.Operating expertise in cloud-based service offerings such as AWS, GCP, and Azure.Experience in building and scaling a well-rounded security program, including benching to SOC2 / HITRUST / HIPAA standards using NIST controls.Thorough understanding of the current threat and attack landscape, latest security trends, and principles.Security certifications such as CISSP, OSCP, or CISM are preferred.Ability to work cross-functionally across the Enterprise required.B.S. / B.A. degree or relevant work experience.Ability to Travel once a month to the San Francisco office.About Included Health
Included Health is a new kind of healthcare company, delivering integrated virtual care and navigation. We’re on a mission to raise the standard of healthcare for everyone. We break down barriers to provide high-quality care for every person in every community — no matter where they are in their health journey or what type of care they need, from acute to chronic, behavioral to physical. We offer our members care guidance, advocacy, and access to personalized virtual and in-person care for everyday and urgent care, primary care, behavioral health, and specialty care. It’s all included. Learn more at
includedhealth.com.
-----
Included Health is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Included Health considers all qualified applicants in accordance with the San Francisco Fair Chance Ordinance.
Listing Details
-
Citizenship:
Not Provided
-
Incentives:
Not Provided
-
Education:
Not Provided
-
Travel:
Not Provided
-
Telework:
Not Provided