Chief Information Security Officer (CISO)

Position Overview:

We are seeking an experienced Chief Information Security Officer (CISO) to lead our cybersecurity strategy and operations. This role is critical in ensuring compliance with HITRUST and SOC2 standards, managing threats, enforcing policy adherence, and maintaining a resilient security posture. The CISO will be responsible for developing robust security frameworks and driving continuous improvement in security operations, all while ensuring that security measures enable productivity and collaboration.

Key Responsibilities:

• Design and execute a comprehensive cybersecurity strategy that aligns with the organization’s goals and regulatory requirements, including HITRUST and SOC2, with a particular focus on cloud-native environments and healthcare data.
• Partner with enterprise teams to integrate security into the design and development of platforms, AI/ML models, and client-facing applications, enabling the company to compete effectively in the market.
• Ensure the security and ethical deployment of AI and Generative AI technologies at scale, addressing potential risks and compliance challenges associated with these advanced technologies.
• Implement industry-leading security practices to protect sensitive healthcare data, including compliance with HIPAA and other relevant healthcare regulations.
• Oversee all aspects of threat management, including incident response, adversary simulation, threat intelligence, and data loss prevention, ensuring the organization is well-prepared to detect, respond to, and recover from security incidents.
• Direct the daily operations of the security function, including security monitoring, vulnerability management, and security orchestration, implementing advanced tools and processes to manage and mitigate risks effectively.
• Ensure the organization’s compliance with industry standards and regulations, including HITRUST, SOC2, and HIPAA, by developing and enforcing security policies, procedures, and controls to protect sensitive information and maintain data integrity.
• Identify, assess, and mitigate cybersecurity risks across the organization, developing risk management frameworks that support business objectives while minimizing exposure to potential threats.
• Develop a framework for collaboration between the security, technology, and business teams, ensuring that security is integrated across all areas of the business.
• Mentor and develop a high-performing security team, fostering a culture of security awareness and continuous learning within the organization.
• Serve as the primary security liaison to current and prospective customers, providing transparency and assurance about the company’s security program, controls, and compliance posture, and addressing customer inquiries and concerns in a timely and effective manner.
• Develop and maintain customer-facing security documentation, such as security whitepapers and data sheets, to provide clear and concise information about the company’s security practices and controls.
• Participate in customer security assessments and audits, providing evidence and support to demonstrate compliance with customer security requirements and industry standards.
• Collaborate with sales and marketing teams to develop security-focused sales enablement materials and messaging, and provide security expertise to support customer engagement and sales efforts.
• Build and maintain relationships with key customer security stakeholders, including CISOs and security teams, to foster trust and confidence in the company’s security program and practices.

Qualifications:

• Demonstrate success as a CISO or in a senior security leadership role, preferably in the healthcare or technology sectors, with significant experience in managing large-scale security operations and protecting healthcare data.
• Possess extensive experience with cloud-native environments and the associated security challenges and solutions.
• Have experience with securing AI/ML models and Generative AI deployments at scale, addressing associated risks and ensuring compliance.
• Hold an active Certified Information Systems Security Professional (CISSP) or equivalent certification.
• Bring strong knowledge of cybersecurity technologies, threat management, incident response, and regulatory compliance (e.g., HITRUST, SOC2, HIPAA), with experience in developing and implementing AI security frameworks as a plus.
• Exhibit proven ability to lead cross-functional teams, influence senior leadership, and communicate complex security concepts to non-technical stakeholders.
• Possess a deep understanding of risk management principles, with the ability to balance security needs with business goals, ensuring that security measures enable rather than restrict work and collaboration.
• Master’s degree in Business Administration, Computer Science, Information Security, or a related field is preferred.