Overview
Overview:
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The CISO will report into the General Counsel of the company and work closely with the SVP of Delivery Operations and other leads from product development, and other business units to implement practices that meet defined policies and standards for information security.
The ideal candidate will have a strong background in and technical knowledge of information security, is a great communicator and had strong capability to understand complex business and technical processes. While the CISO is the leader of the security program, he or she must also have sufficient hands on knowledge and expertise in complex security technologies to be able to contribute as an individual contributor or senior leader.
About Center of Excellence:
Centers of Excellence (COE) are teams whose primary goal is to provide expertise in a specific field. COEs will usually provide support through training, research, and skilled leaders. In the case of HealthEdge, our Centers of Excellence incorporate the Human Resources, IT, Legal and Financial fields, all of which provide support to our Product divisions and allows the enterprise to move forward and achieve its goals.
What you will do:
Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
Develop, maintain and publish up-to-date information security policies, standards and guidelines.
Oversee the approval, training, and dissemination of security policies and practices.
Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
Provide direction, support and in-house consulting for development and implementation plans and procedures for business continuity and disaster recovery.
Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
Provide strategic risk guidance for IT projects from a security standpoint, including the evaluation and recommendation of technical controls.
Provide regular reporting on the current status of the information security program to enterprise risk teams, senior business and IT leaders, and the Audit Committee of the Board of Directors as part of a strategic enterprise risk management program.
What you bring:
Bachelor’s Degree or equivalent experience
10-15 years of relevant experience in a combination of information security and IT roles, with at least 5 in a leadership role
Experience working for SaaS, software companies is required.
Has excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences, including the Board of Directors and Company clients
Has proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment
Policy, procedure, and/or precedent are often created by this position. A high degree of analytic ability and inductive thinking is required to devise new, non-standard approaches to highly intricate, technically complex problems
Applies, recommends and implements highly advanced technology concepts to improve organization-wide efficiency and effectiveness or has final approval of technology applications to be used throughout the company
Serves as a project manager responsible for oversight of a project team. The project typically has well defined goals and follows a well-established process (this may be recurring work)
Bonus points:
Professional security management certifications, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is preferred
Prior experience as a CISO or high level security function at a company that develops and deploys software in a SaaS environment, including public cloud deployment
Knowledge and understanding of relevant legal and regulatory requirements, such as Health Insurance Portability and Accountability Act (HIPAA)
HealthEdge commits to building an environment and culture that supports the diverse representation of our teams. We aspire to have an inclusive workplace. We aspire to be a place where all employees have the opportunity to belong, make an impact and deliver excellent software and services to our customers.
Geographic Responsibility: While HealthEdge is located in Burlington, MA you may live anywhere in the US
Type of Employment: Full-time, permanent
FLSA Classification (USA Only): Exempt
Budget/Revenue Responsibility:
Work Environment: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job:
The employee is occasionally required to move around the office. Specific vision abilities required by this job include close vision, color vision, peripheral vision, depth perception, and ability to adjust focus.
Work across multiple time zones in a hybrid or remote work environment.
Long periods of time sitting and/or standing in front of a computer using video technology.
May require travel dependent on company needs.
The above statements are intended to describe the general nature and level of the job being performed by the individual(s) assigned to this position. They are not intended to be an exhaustive list of all duties, responsibilities, and skills required. HealthEdge reserves the right to modify, add, or remove duties and to assign other duties as necessary. In addition, reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position in compliance with the Americans with Disabilities Act of 1990. Candidates may be required to go through a pre-employment criminal background check.
HealthEdge is an equal opportunity employer. We are committed to workforce diversity and actively encourage all qualified persons to seek employment with us, including, but not limited to, racial and ethnic minorities, women, veterans and persons with disabilities.
#LI-Remote
Job Locations US-Remote
ID 2023-3884
Category Legal
Position Type Full-Time
HealthEdge provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.