The Director of Cyber Security will be the senior Security operator in our enterprise. You will oversee a complete security systems architecture, including cloud, managed services, and classified systems.
Overview: This is an opportunity to join an innovative and rapidly growing software company with offices in Farmington, CT and Wellesley, MA as a Director, Cyber Security. Our team and strategic investors are passionate about transforming healthcare. As a rapidly growing organization serving the healthcare market, we are looking for the right people who align with our vision, mission and culture and are excited about joining a fast-paced, entrepreneurial environment.
The Director of Cyber Security will be the senior Security operator in our enterprise. You will oversee a complete security systems architecture, including cloud, managed services, and classified systems. You will implement enterprise application of security technologies and program development to ensure secure operations in compliance with internal and external regulatory guidelines.
Your actions will ensure the secure operation of the hosted environments, computer systems, servers, network connections and endpoints in accordance with the long term, scalable information security strategy that you create, as well as HIPAA and HITRUST compliance requirements. You will partner closely with our Director of Privacy & Compliance to implement this vision and ensure a secure and compliant enterprise.
- Direct and provide a strategic risk management vision to effectively secure the business without slowing company innovation and execution.
- Stay abreast of the security industry threat landscape, specifically within the healthcare data and technology space.
- Formally develop security team standards, policies, procedures, and processes.
- Integrate robust physical and cyber security within the organization’s HITRUST and HIPAA compliance frameworks.
- Oversee the evaluation, selection and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.
- Partner with enterprise architects, infrastructure, and applications teams to ensure that technologies are developed and maintained according to security policies and guidelines.
- Advise developers and others on the security capabilities and constraints of production computing environments. Approve all architectures.
- Frequently interact with business functions to understand their plans and how to securely enable them to execute their vision and business obligations.
- Define key performance indicators (KPIs) and metrics that align with business initiatives and delivers them to non-technical individuals in an effective, comprehensible manner.
- Provide periodic training to company employees on security topics.
- Communicate with clients and prospects regarding the company’s internal safeguards of its healthcare information systems both directly and through the RFP process.
- Approve the selection and implementation of software across all systems/platforms.
- Manage regular intrusion detection and vulnerability reporting, internal and external IT audit group reviews, and the coordination and approval of all required fixes. Conduct regularly scheduled audits on systems as required in order to maintain certifications and compliance certificates.
- Influence the planning and execution of incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
- Ensure business continuity, disaster recovery, and cyber incident response.
Required Knowledge and Skills:
- Demonstrated knowledge of secure hardware, software, and network design techniques.
- Hands-on interpretation of intrusion reporting such as NIST/CISA as well as investigation of IOCs and threat mitigation.
- Experience with cloud computing environments.
- Experience with security monitoring and risk management and response, including SIEM and other scanning tools.
- Ability to coordinate efforts with business and operational representatives to incorporate security considerations as integral components of effective solutions.
- Demonstrated knowledge of HITRUST and HIPAA compliance
- In-depth technical knowledge in securing API-based SaaS systems hosted in public and private clouds.
- Excellent analytical and problem-solving skills.
- Strong relationship building and communication skills.
- 7+ years of experience working in a complex IT organization with at least 5 years of experience in cyber security
- Advance knowledge of IT infrastructures and systems.
- Experience with cloud computing environments, including Software/Platform/Infrastructure as a Service technology.
- Experience applying security principles and NIST controls in regulatory compliance regimes such as HITRUST, HIPAA and FedRamp.
- Bachelor’s degree in Computer Science or related discipline or equivalent experience.
- One or more of the following certifications preferred: CISSP, CISM, GSEC, CEH.
Work Conditions: Willingness and ability to travel in a post-COVID world (up to 25%).
Apply with resume to: Careers@DiameterHealth.com