Director, IT Compliance and Security at Capital Rx (Remote)
About Capital Rx
Capital Rx is a next generation pharmacy benefits manager, overseeing prescription benefit plans on behalf of employers, unions, and government entities. Determined to transform an outdated model, Capital Rx’s mission is to change the way prescription benefits are priced and administered in the US, unlocking enduring social change. Through our platform approach, Capital Rx delivers data-driven insights and actionable strategies that reduce costs, while improving patient outcomes. Our commitment to innovation, technology and service is the reason why Capital Rx is among the fastest-growing PBMs in the country.
We are seeking a highly motivated individual with a broad range of technical skills and expertise in IT compliance, technical development, and information security controls. This is a hands-on role that includes evaluation of information security practices, implementation of controls, and risk remediation. Our technical focus is on building a scalable, available, and highly secure platform. Our products provide the core functionality and ancillary services powering pharmacy benefits. Nothing is more important than service, and the goal of software development, product, and IT is to work together to deliver solutions and services that delight our customers.
You will be joining a growing team in a business offering an expansive suite of products and services. As a Director, your operational insights and managerial prowess will be key to achieving challenging, realistic goals both personally and for the business. This role will continue to exercise their own technical skills as configuration and support is considered to be at least 25% of this role.
- Oversee of the day-to-day operations of the IT compliance team for Capital Rx, including team management, coaching, feedback, and future headcount growth
- Drive completion of required IT security training in collaboration with Human Resources for applicable employee populations
- Define and execute a roadmap to mature a robust security, privacy, and risk management program
- Evaluate, identify, and remediate the risks associated with current vendors, new vendor acquisitions, and consumer data exchanges
- Provide oversight of security of AWS and deployed software
- Identify, maintain, and publish the requirements for the IT department to achieve compliance and privacy standards in SOC 2, HITRUST, FedRamp, ISO 27001, URAC, and other standards
- Development of the IT compliance roadmap in concert with the CTO and business stakeholders to ensure alignment on long term goals
- Act as a focal point for communicating related security notifications and IT controls within the organization while collaborating with teams and vendors on changes, remediations, and updates
- Develop, track and report threat intelligence metrics and KPI’s to senior leadership
- Lead incident management and defense coordination against emerging cyber threats and critical vulnerabilities
- Facilitate coordination of annual third-party penetration testing
- Drive use cases to enable threat detection and hunting based on threat intelligence frameworks
- Collaborate with the DevOps department to incorporate automated threat detection and vulnerability remediation in the SDLC
- Establish and drive the standardization of security practices amongst the development team
- Embrace Agile and, particularly, Scrum to drive continuous process improvement
- 8+ years of experience related to duties and responsibilities
- Experience managing IT control auditing and compliance
- Experience managing and mentoring remote and geographically distributed teams (Capital Rx has team members in multiple U.S. time zones)
- Strong knowledge of Software Development Lifecycle models and, in particular, Agile
- Strong knowledge of AWS with a working knowledge of JIRA or an equivalent issue and project tracking system
- Experience with Slack, Okta, Zoom, Teams, Mosyle MDM, Dropbox
- Ability to communicate concepts in an elegant, concise, eloquent form to management and to cross-functional departments or teams verbally, in writing, and through pictures or diagrams when appropriate
- Excellent written, oral, instructional, presentation, and interpersonal skills focused on motivation and positive attitude
- Highly self-motivated with an ability to work independently
- Desire to work at a rapidly growing organization in healthcare
Capital Rx values a diverse workplace and celebrates the diversity that each employee brings to the table. We are proud to provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, medical condition, genetic information, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.