About Us:
Cityblock Health is the first tech-driven provider for communities with complex needs-bringing better care to where it's needed most, block by block. Founded in 2017 on the premise that "health is local" and based in Brooklyn, we are backed by Alphabet's Sidewalk Labs along with some of the top healthcare investors in the country.
Our mission is to improve the health of underserved communities. Importantly, our solutions are designed specifically for Medicaid and lower-income Medicare beneficiaries, and we meet our members where they are, bringing care into the home and neighborhoods through our community-based care teams and Virtual Care offerings.
In close collaboration with community-based organizations, local providers, and leading health plans, we are reorganizing the health system to focus on what matters to our members. Equipped with world-class, custom care delivery technology, we deliver personalized primary care, behavioral health, and social services to deliver a radically better experience of care for every member and community we serve.
Over the next year, we'll grow quickly to bring better care to many more members and their communities. To do this, we need people who, like us, believe that everyone should have good care for what matters to them, in their community.
Our work is grounded in a belief in the power of a diverse community. To close gaps in care and advance equity in the communities we serve, we have to start with making our own team diverse and inclusive. Our ways of working are characterized by creativity, collaboration, and mutual learning that comes from bringing together a community from diverse backgrounds and perspectives. We strive to ensure that every person on the Cityblock team, and every Cityblock member, feels supported and included as a part of our community.
Our Values:

• Aim for Understanding
• Be All In
• Bring Your Whole Self
• Lean Into Discomfort
• Put Members First

About the Role:
Cityblock is hiring for a passionate Director of Information Security, someone who loves the world of cybersecurity, how their skills can help build a team to protect our Members' data.
The Information Security Director will be responsible for designing and delivering security solutions in Cloud infrastructure, based on Cloud security standards, governance, and control practices. Conducts technical research when necessary to contribute to setting cloud security direction and strategy. Expert Knowledge in, Platform as a Service (PaaS), and Software as a Service (SaaS).
Define, communicate and implement security architecture and administration processes for GCP environments. Apply advanced consulting skills, extensive technical expertise, and full industry knowledge. Develop innovative solutions to complex problems. Provide expertise in the analysis, assessment, development and deployment of security solutions and architectures. Act as targeted subject matter expert (SME) for all things GCP security related. You will own the Incident Response program and make it more impactful by finding thoughtful ways to improve its management, analysis and reporting of incidents, and participation.
You have led information security efforts in a healthcare organization. You must love security analysis and be constantly finding ways to expand your network and certification. You have a strong understanding of industry best practices, like HIPAA and HITECH, and how to effectively weave compliance standards into security protocols. And you really enjoy teaching people what you know about how to keep our Members' data safe.
Your role is critical in helping us support patients in communities hardest hit by COVID-19 through helping our care teams of community health partners, medical staff and social workers to problem-solve for our patients using opinionated information and driving action at a panel-level.
If you're inspired by such a challenge and are an amazing teammate and security leader, we'd love to hear from you!
Requirements for the Role:

• 10+ years of hands-on systems experience, including architecting, IT Ops, deploying security cloud-based environments
• 5+ years of management experience
• Experience in a healthcare organization
• Expertise in industry best practices for the following:
• HITRUST Common Security Framework
• National Institute for Standards and Technology ("NIST")
• SOC 2
• ISO/ IEC 27001
• HIPAA/HiTech
• Center for Internet Security - http://www.cisecurity.org
• One or more cybersecurity certifications or are on track to acquiring one soon
• Active and growing professional network in cybersecurity
• Passion for doing mission-oriented work

How We Define Success:

• Direct and manage existing/add new tools identify and mitigate advanced Threat Protection/Email Protection including: Email Fraud Defense, Threat Response Auto-Pull, Targeted Attack Protection, Threat Response, Emerging Threats Intelligence, Data Loss Prevention (DLP) and Encryption
• Direct the team to implement new process to configure for best-practices to manage inbound and outbound security rules for email (filtering, whitelists, spam, etc)
• Lead team to configure threat intelligence data feeds to provide identification of additional phishing/malware instances
• Lead team to perform security event triage and initial incident response to detected threats
• Regularly review and recommend changes to policies or controls as needed to enhance security based on industry changes
• Work with the team to identify potential gaps and offers solutions to include internal team needs, product/tool set improvements and client security posture
• Communicate and enforce Information Security policies
• Coordinates with other team members and management to investigate, document, and report incidents
• Regularly create and maintain high quality documentation for changes and procedures
• Produce technical threat advisory broadcasts about new and emerging threats Qualifications

Nice to Have, But Not Required:

• Experience with CISSP, CISM, Certified Cloud Security Professional (CCSP) or CCSK/CCAK
• Ability to identify areas for improvement and recommend innovation solutions leveraging the latest technologies
• Building and improving risk registers, incident response, and audit programs
• Organization strengths as other people look to you for inspiration

What We'd Like From You:

• A resume and/or LinkedIn profile
• A short cover letter, please!

Cityblock values diversity as a core tenet of the work we do and the populations we serve. We are an equal opportunity employer, indiscriminate of race, religion, ethnicity, national origin, citizenship, gender, gender identity, sexual orientation, age, veteran status, disability, genetic information, or any other protected characteristic.
-
We do not accept unsolicited resumes from outside recruiters/placement agencies. Cityblock will not pay fees associated with resumes presented through unsolicited means.