Listing Description
COMPANY
Cota is a technology platform that enables providers, payers, and life science companies involved in diagnosing and treating complex diseases to optimize the care of individual patients and lower the overall cost of the patient population served. It is powered by the patented Cota Nodal Address™ (CNA) system, a unique digital classification methodology built by leading physicians and data scientists. The CNA is the first and only system that precisely categorizes patient factors, their diseases and intended therapies, enabling precision medicine at scale.
Cota's technology enriches raw medical records to create research-grade data, and joins it with a suite of analysis, visualization, and management tools. This enables providers, payers, and life sciences companies to analyze, report on, and research outcomes, costs, treatments, and quality at any granularity and stage of the patient journey. The result is a constantly improving system that merges technology and science to help improve the lives of patients everywhere.
POSITION: DIRECTOR OF INFORMATION SECURITY AND COMPLIANCE
OVERVIEW
Cota is looking for a Director of Information Security and Compliance, reporting to the Chief Legal Officer. You’ll be helping us determine our overall information security strategy, collaborating closely with Engineering. This position oversees our overall compliance strategy, as well as helps educate Cota on HIPAA compliance requirements. This includes both offices IT-related compliance, as well as Cloud and Infrastructure compliance.
Our ideal candidate would be capable of talking about our overall compliance to customers, able to work closely with auditors to prove our compliance and work with engineering teams to build security into every layer of our platform. We take security seriously, and this role will help lead that effort at every level of the organization.
LEADERSHIP:
Lead the development, implementation, and enforcement of all security standards, procedures, and policies.
Own our risk assessment program, and work closely with senior management on identifying risks and developing controls to mitigate or close risks.
Lead the efforts to identify, communicate, and resolve any audit findings.
SECURITY:
Lead our IT risk evaluations, audits, and security incident investigation.
Maintain and expand existing IT security. This includes devices, external software vendor relationships, and network configuration.
Lead external penetration and vulnerability testing of the Cota platform.
COMPLIANCE:
Create and run the compliance and security training for all new employees, as well as refresher courses for existing employees.
Work closely with Engineering to develop and automate compliance verification throughout our platform.
Assess policies and procedures on an ongoing basis, and own the implementation of required changes.
Conduct audit testing-review transactions, documents, records, and methods for accuracy and effectiveness; conduct interviews and observations and complete asset verification.
REQUIREMENTS:
Five to eight years experience in an IT Auditing position or related field.
Extensive experience with PCI or HIPAA compliance from a Healthcare or Financial Services background.
Knowledge of and the ability to utilize a variety of administrative skill sets and technical knowledge to manage organizational IT policies, standards, and procedures.
Knowledge of and the ability to manage the processes, tools, techniques, and practices for ensuring adherence to standards associated with accessing, altering and protecting organizational data.
Knowledge of the features, tools, and processes used for maintaining network and Internet security; the ability to develop and implement safeguards for the prevention of intrusion and unauthorized access to an organization's network security system.
Knowledge of and the ability to protect an organization's data to ensure privacy during the process of storage and communication.
Experience with scoping out the objectives, frameworks, and scope of IT audits.Lead the development, implementation, and enforcement of all security standards, procedures, and policies.
Own our risk assessment program, and work closely with senior management on identifying risks and developing controls to mitigate or close risks.
Lead the efforts to identify, communicate, and resolve any audit findings.
Lead our IT risk evaluations, audits, and security incident investigation.
Maintain and expand existing IT security. This includes devices, external software vendor relationships, and network configuration.
Lead external penetration and vulnerability testing of the Cota platform.
Create and run the compliance and security training for all new employees, as well as refresher courses for existing employees.
Work closely with Engineering to develop and automate compliance verification throughout our platform.
Assess policies and procedures on an ongoing basis, and own the implementation of required changes.
Conduct audit testing-review transactions, documents, records, and methods for accuracy and effectiveness; conduct interviews and observations and complete asset verification.
Listing Details
- Salary: $150000 - $170000
- Citizenship: No Requirements
- Incentives: Not Provided
- Education: Bachelors Degree
- Travel: No Travel
- Telework: No Telecommute