Company Description

Butterfly Network’s mission is to democratize healthcare by enabling universal access to superior medical imaging. We reinvented ultrasound technology by creating the world's first handheld, single-probe whole-body ultrasound system: the Butterfly iQ. This innovative technology reduces the cost of the traditional ultrasound system by miniaturizing it onto a single semiconductor silicon chip.

Butterfly harnesses the advantages of AI and cloud computing to deliver advanced imaging that is easy-to-use and built for the digital era. The Butterfly iQ and next-generation Butterfly iQ+ have received CE Mark and FDA clearance, and are being sold in hospitals and clinics around the globe.

Joining Butterfly Network is the opportunity to redesign the future of healthcare through the power of technology. Embark on a journey with us to maximize global impact, motivated by the idea that our products will change the lives of millions along with the people you love.

Job Description

You will be working in Butterfly’s fast-growing security team to better meet the needs of our customers in the global healthcare sector.  As a Security Compliance Manager, you will have the opportunity to work closely with our DevOps, hardware, software, AI, and cloud engineering teams to secure our product and our cloud security architecture. As we scale our business internationally and into large enterprises, security has never been more important to our company and those patients we help every day.

As part of our team, your core responsibilities will be: 

• Document, organize, communicate, assess and review internal processes that are subject to regulatory compliance, contractual obligations, and external audits
• Create robust, scalable programs to deliver security policy and compliance objectives in product areas and general technical infrastructure.
• Write policies that provide our teams with standards to ensure that day to day operations are conducted in a manner that supports our commitment to information security
• Help align our security strategy with internal teams, industry best practices, and global legislation, including but not limited to SOC 2, HIPAA Security Rule, ISO 27001, NIST 800-53
• Define and improve security controls for internal systems, products, processes, and policies
• Provide robust assurance of the operational effectiveness of our security controls
• Responsible for the development and oversight of required mitigation plans relating to information security risk and policy exceptions
• Create customer-facing assets to proactively support our compliance stance
• Work with legal, sales and IT departments when responding to customer and vendor inquiries, security questionnaires and contractual obligations
• Perform business impact analyses and help prioritize work across departments to ensure security governance, risk and compliance
• Assist in maintaining and testing business continuity plan, disaster recovery plan and incident response plan
• Participate in the development and maintenance of information security awareness training
• Provide advice to engineering and product management departments on security best practices
• Conduct internal assessments and ensure that documentation of information security and privacy practices will comply with all required customer/vendor audits and reviews
• Supports our CISO in additional security projects, as needed
• For other Hardware Department duties as assigned.

Qualifications

Baseline skills/experiences/attributes:

• Bachelor’s degree in Computer Science, Engineering, or a related degree
• 5+ years of relevant experience in information security with security compliance or audit related work for software companies, ideally with SaaS based platforms
• Experience in Information Security policy development and risk management at healthcare and tech companies. 
• Knowledge of pragmatic security controls across all security domains such as access management, encryption methods, vulnerability management, cloud security, etc.
• Certification in one or more of the following: CISSP, CISM, CISA
• Subject matter expert in various security standards/frameworks such as NIST, ISO27001 or ISO20001, SOC, OWASP, COBIT, FedRAMP, HITRUST, etc
• Experience building frameworks around regulatory and industry-specific regulations such as HIPAA, GDPR, or Sarbanes-Oxley (bonus points)
• Technical expertise with cloud technologies such as AWS, Azure, GCP
• First-hand experience in achieving ISO27001 certification and SOC certification
• High ethical standards
• Willingness to work cross-functionally and on projects that are new and/or unfamiliar
• Ability to work on multiple issues simultaneously and set appropriate priorities while delivering results efficiently.
• Perform a broad variety of tasks in support of the role and responsibilities

You Deeply Identify with Core Butterfly Network Values:

• Efficient & Speedy - you get work done in a fraction of the time as industry peers 
• Intellectually Curious - you are thoughtful & inquisitive; people enjoy working with you because they learn from you
• Mission-Driven & Committed - you are passionate about the company's purpose and are immensely productive
• Team Oriented - you celebrate and take joy in the success of others on the team

Additional Information

We offer great perks: 

• Fully covered medical insurance plan, and dental & vision coverage - as a health-tech company, we place great worth on our teams’ well-being
• Pre-tax commuter benefits - we make your commute more reasonable 
• Free onsite meals + kitchen stocked with snacks
• 401k plan - we facilitate your retirement goals
• Flexible Paid Time Off - recharge and come back ready to make an impact
• Work from our beautiful office in Palo Alto, CA.
• Competitive salaried compensation - we value our employees and show it 
• Equity - we want every employee to be a stakeholder
• The opportunity to build a revolutionary healthcare product and save millions of lives! 

For this role, we provide visa assistance for qualified candidates. 

Butterfly network does not accept agency resumes.

Butterfly Network Inc. is an E-Verify Company and is an equal opportunity employer regardless of race, color, ancestry, religion, gender, national origin, sexual orientation, age, citizenship, marital status, disability or Veteran status. All your information will be kept confidential according to EEO guidelines.

Butterfly Network requires, as a condition of employment, proof of vaccination for COVID-19 subject to accommodation for sincerely held religious beliefs and/or disability.