Cityblock Health is the first tech-driven provider for communities with complex needs-bringing better care to where it's needed most, block by block. Founded in 2017 on the premise that "health is local" and based in Brooklyn, we are backed by Alphabet's Sidewalk Labs along with some of the top healthcare investors in the country.
Our mission is to improve the health of underserved communities. Importantly, our solutions are designed specifically for Medicaid and lower-income Medicare beneficiaries, and we meet our members where they are, bringing care into the home and neighborhoods through our community-based care teams and Virtual Care offerings.
In close collaboration with community-based organizations, local providers, and leading health plans, we are reorganizing the health system to focus on what matters to our members. Equipped with world-class, custom care delivery technology, we deliver personalized primary care, behavioral health, and social services to deliver a radically better experience of care for every member and community we serve.
Over the next year, we'll grow quickly to bring better care to many more members and their communities. To do this, we need people who, like us, believe that everyone should have good care for what matters to them, in their community.
Our work is grounded in a belief in the power of a diverse community. To close gaps in care and advance equity in the communities we serve, we have to start with making our own team diverse and inclusive. Our ways of working are characterized by creativity, collaboration, and mutual learning that comes from bringing together a community from diverse backgrounds and perspectives. We strive to ensure that every person on the Cityblock team, and every Cityblock member, feels supported and included as a part of our community.
- Aim for Understanding
- Be All In
- Bring Your Whole Self
- Lean Into Discomfort
- Put Members First
About the Role:
Cityblock is hiring for a passionate Security Analyst, someone who loves the world of cybersecurity and how their skills can help protect our Members' data.
We are looking for an experienced Security Analyst to be part of our incredible Platform & Security team. This exciting role will partner with our product manager to collaborate on expanding our existing security processes and programs to create a truly excellent security program. You will work closely with our Legal team to review cybersecurity-related contracts and agreements. You will manage and improve upon our inbound vendor risk assessment and find sustainable ways to improve our audit process. You will own the Incident Response program and make it more impactful by finding thoughtful ways to improve its management, analysis and reporting of incidents, and participation.
You must love security analysis and be constantly finding ways to expand your network and certification. You have a strong understanding of industry best practices, like HIPAA and HITECH, and how to effectively weave compliance standards into security protocols. And you really enjoy teaching people what you know about how to keep our Members' data safe. You are excited to work with our Learning and Development team to create and maintain robust learning opportunities.
Your role is critical in helping us support patients in communities hardest hit by COVID-19 through helping our care teams of community health partners, medical staff and social workers to problem-solve for our patients using opinionated information and driving action at a panel-level.
If you're inspired by such a challenge and are an amazing teammate and security analyst, we'd love to hear from you!
Requirements for the Role:
- You have a passion for doing mission-oriented work.
- You enjoy working with a diverse group of people with different expertise.
- You enjoy building and improving risk registers, incident response, and audit programs.
- You are really organized. Other people look to you for inspiration.
- You hold one or more cybersecurity certifications or are on track to acquiring one soon.
- You have working knowledge of HITECH and how to effectively implement security measures for HIPAA
- You have an active and growing professional network in cybersecurity.
How We Define Success:
- Build and maintain strong relationships with your collaborators, including Compliance, Engineering, IT, and Product teams
- Create and manage to success processes for cybersecurity-related legal agreements, including contract reviews, conformance operations, and conformance reporting
- Create and manage to success processes for inbound vendor risk assessments, including effective project management (internal/external communication, prioritization, organization) and responses
- Use JIRA and other tools to effectively identify, track, and communicate priorities amongst partner teams.
- Improve existing incident response by producing excellent analysis and executing fantastic project management
- Meaningfully plan for the scalability of vendor risk assessment and training compliance programs by creating a solid vision, strategy, and roadmap.
Nice to Have, But Not Required:
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP / CISSP-ISSMP)
- Expertise in industry best practices for the following
- HITRUST Common Security Framework
- National Institute for Standards and Technology ("NIST")
- NIST Special Publication 800-34 Revision 1 - "Contingency Planning Guide for Federal Information Systems."
- NIST Special Publications 800.53 Rev.4 and 800.171 Rev. 1, or as currently revised
- ISO/ IEC 27001
- Federal Information Security Management Act ("FISMA")
- Center for Internet Security - http://www.cisecurity.org
- Payment Card Industry/Data Security Standards ("PCI/DSS") - http://www.pcisecuritystandards.org/
- Federal Risk and Authorization Management Program ("FedRamp")
Cityblock values diversity as a core tenet of the work we do and the populations we serve. We are an equal opportunity employer, indiscriminate of race, religion, ethnicity, national origin, citizenship, gender, gender identity, sexual orientation, age, veteran status, disability, genetic information, or any other protected characteristic.
We do not accept unsolicited resumes from outside recruiters/placement agencies. Cityblock will not pay fees associated with resumes presented through unsolicited means.