Director of Information Security – Burlington, MA / Remote – Competitive Salary + Opportunity to undertake rewarding work

This company who provide a service to vulnerable people are currently looking for a Director of Information Security to lead their security efforts.

This is an excellent opportunity for an experienced Information Security Lead to take that next step into a challenging position with where you can have a lot of influence on the business.

About the Company:

Founded a decade ago, they are national leader in the treatments that they provide.

They have helped hundreds of thousands of people with the service that they offer.

With an excellent reputation and a lot of respect for the work that they do, you will be joining a company with a real impact on the people who use them.

With a nationwide presence, this company of roughly 500 people help change people’s lives all across the country for the better.

They embrace innovation in their vision of tech enabled care delivery and are developing a cutting edge care delivery and member experience platform.

About the Director of Information Security Vacancy:

The Director of Information Security will lead all security efforts within the IT organization, ensuring that the company’s systems, data, and operations meet rigorous security and compliance standards.

Being a strategic leader with expertise in healthcare compliance, coupled with a deep understanding of state and federal privacy regulations including, but not limited to, HIPAA, HITECH, and 42 CFR Part 2 would make you a good fit for this position.

You’ll be responsible for shaping and executing security policies, overseeing risk management, and leading initiatives to protect against security threats in a complex, highly regulated environment.

This position will report directly to the VP of Technology.

Responsibilities:

1. Develop and Lead Security Strategy: Define and implement a comprehensive security strategy that aligns with regulatory requirements, including HIPAA, and supports the organization's business goals.
2. Governance and Compliance: Establish and maintain policies, procedures, and protocols to ensure compliance with healthcare regulations (HIPAA, HITECH), data protection laws, and industry best practices. Sit on the Compliance Committee and report on the status of the information security program and key initiatives.
3. Risk Assessment and Management: Lead security risk assessments, vulnerability testing, and remediation efforts across all systems, ensuring early identification and mitigation of potential threats.
4. Incident Response: Design and maintain incident response procedures. Act as the primary leader in case of a security breach, coordinating containment, investigation, and reporting efforts. Perform regular disaster recovery/business continuity tests to ensure organizational readiness.
5. Security Awareness: Develop and implement security training programs for all employees to foster a security-first culture and promote best practices.
6. Collaboration with IT and Product Teams: Work closely with IT, Product, and Development teams to integrate security requirements into system design, development, and deployment processes.
7. Third-Party and Vendor Management: Evaluate and manage security risks associated with third-party vendors, tools, and partnerships. Conduct regular audits of vendor compliance with security requirements.
8. Team Leadership and Development: Build, mentor, and lead a high-performing security team. Foster a collaborative, innovative, and supportive team environment.

Ideal Requirements for the Director of Information Security Vacancy:

1. Education: Bachelor’s degree in Information Security, Computer Science, or a related field. Advanced degrees or relevant certifications (e.g., CISSP, CISM, CHPS, CISA) are a plus.
2. Experience: Several years of experience in IT security, with at least 3 years in a leadership role in a healthcare or highly regulated industry. Experience in a venture-backed environment is advantageous.
3. HIPAA Expertise: In-depth knowledge of HIPAA and HITECH regulations and compliance requirements is mandatory.
4. Technical Proficiency: Familiarity with network security, cloud infrastructure (e.g., Azure, AWS), and security best practices for on-premise, hybrid, and cloud-based systems. Strong understanding of cybersecurity threats, risks, and best practices, including cloud and on-premises security.
5. Regulatory Knowledge: Solid understanding of healthcare regulatory environments and standards, including NIST, HITRUST, SOC 2, and PCI-DSS compliance.
6. Risk Assessments: Experience in conducting risk assessments and audits.
7. Communication and Leadership: Proven ability to communicate complex security topics to technical and non-technical audiences. Strong leadership and interpersonal skills, with experience building and developing high-performing teams.