- Strategic Security Leadership:
- Develop and implement the organization's information security strategy.
- Provide regular security updates to the CIO, other executives, and the board of directors, including presentations on security matters.
- Represent the organization in security-related matters with external parties, including vendors and auditors.
- Work closely with the CIO and operate as a member of the DevOps team to emphasize and implement our security initiatives.
- Risk Management:
- Conduct regular risk assessments and vulnerability scans using tools like Rapid7 IVM and internal tracking systems.
- Oversee the development and implementation of incident response plans and conduct tabletop exercises with DevOps team members..
- Compliance and Audit:
- Ensure compliance with relevant regulations and standards, including HITRUST, NIST, DirectTrust, HIPAA, and SOC 2 (Type II), ISO.
- Manage internal and external security audits, including evidence collection and preparation.
- Oversee the evidence collection process for audits, working with third-party auditors for response submission.
- Work closely with business development and legal to assist with security compliance requirements.
- Assist with identifying and implementation of international security compliance.
- Policy and Procedure Development:
- Develop, review, and update information security policies and procedures, such as the Vulnerability and Patch Management Procedure and Data Center Access Procedure.
- Ensure policies are communicated and enforced throughout the organization, including through security awareness training.
- Security Operations:
- Participate in the day-to-day operations of the security team and manage security tools and technologies, including Check Point, SentinelOne, and intrusion detection systems.
- Monitor security alerts and respond to incidents, including phishing attempts reported through the various tools.
- Team Management:
- Lead and mentor the security team, reviewing tasks and responsibilities working closely with the DevOps team members.
- Vendor Management:
- Evaluate and manage security vendors, including VDA Labs, KnowBe4, reviewing security agreements and contracts.
- Perform vendor audits and maintain required documentation.
- Security Awareness:
- Develop and deliver security awareness training to employees, including utilizing KnowBe4, TalentLMS and internal training programs.
- Provide onboarding training for new employees.
- Budgeting and Planning:
- Develop and manage the security budget, planning and prioritizing security projects, including funding for tools and conferences.
- Sales and Business Development:
- Perform first pass responses to RFI/RFP for new business deals working closely with the sales team
Salary Details:
Base salary range: $145,000-$170,000
At MIE and Enterprise Health, we offer more than just a job. We provide an environment where innovative thinking is encouraged, teamwork is valued, and growth is fostered. Our comprehensive benefits package includes:
- Competitive compensation
- Comprehensive benefits package including medical/dental/vision insurance
- 401k with company match
- Unlimited Paid-Time off
- Quarterly bonus program
- Flexible work schedule
- Remote work
Medical Informatics Engineering and Enterprise Health are equal-opportunity employers. We celebrate diversity and are committed to creating an inclusive environment for all employees.