Jobs · Information Technology · North Carolina

Senior Director, Information Security

Well · Chapel Hill, NC · 2 wk ago
Information Technology$190k–$230k/yrFull-time

Key Responsibilities

  • Partner with infrastructure and engineering teams to develop and monitor a strategic, comprehensive enterprise security and IT risk management framework and program
  • Work directly with the business units to facilitate risk assessment and risk management processes
  • Understand and interact with related disciplines (e.g., through committees or working groups) to ensure our policies are tuned correctly to balance strategic and operational realities, and the consistent application of our policies and standards across all technology projects, systems and services
  • Serve as a subject matter expert and point of contact for customers, potential customers, and sales colleagues on security and member data privacy issues as they relate to the use of our platform (e.g., in RFP responses, contracts, implementation, security audits)
  • Lead selection and management of external vendors to conduct third-party audits, assessments and certifications (e.g., HITRUST, SOC2, etc.)
  • Partner with infrastructure and engineering teams to design, maintain, and regularly test business continuity and disaster recovery strategies to ensure platform resilience and data availability, as well as to lead incident response plan (IRP) development and act as quarterback for IRP issues
  • Partner with infrastructure and engineering teams on continuous security monitoring operations, vulnerability management programs, threat intelligence, and the deployment of the corporate endpoint/network security stack
  • Partner with business stakeholders across the company to raise awareness of risk management concerns and ensure compliance with required policy acknowledgments and training
  • Take personal responsibility for keeping all Well systems and data, including sensitive member data, secure and safe, according to Well data and security policies and HIPAA guidelines

Requirements

  • Minimum of 8 years of experience in a combination of compliance, risk management, information security and IT roles in a high-growth organization
  • Knowledge of common information security management frameworks, such as SOC, HIPAA/HITRUST, NIST and ISO
  • Demonstrated ability to develop effective security policies and governance programs in a health-related business context
  • Commercially minded, strong track record of partnership across the business, including successful collaboration with technical teams
  • Deep understanding of software engineering workflows and work products along with the ability to apply this knowledge to optimize strategies that achieve strategic alignment with organizational objectives
  • Experience with Cloud computing across virtualized environments
  • Professional security management certification(s)
  • Experience with contract and vendor negotiations and management, including managed services
  • Familiarity with internal audit methodologies applicable to SaaS companies, IT general controls (ITGC) testing, and control framework evaluation (e.g. COSO, COBIT); experience building or managing an internal audit function
  • Familiarity with AI security best practices and governance frameworks (e.g., NIST AI RMF, OWASP LLM Top 10, ISO/IEC 42001), including experience assessing and mitigating AI-specific risks such as model security, data integrity, and prompt injection in a healthcare or SaaS context

Similar jobs

Senior Director, IT Security

Global Lending Services LLCGreenville-Spartanburg-Anderson, South Carolina Area· 2 wk ago
Business Developmentapply on jobs.lever.co