Information Security Manager
Our mission is to deliver high-quality primary care that is accessible, convenient and affordable for all. Every single day you’ll be working on challenging problems with an exceptional team to profoundly transform primary care and improve people’s quality of life.
This role allows you to work from anywhere you choose across the U.S. (excluding U.S. territories), with the flexibility to work from the Seattle HQ office as often as you’d like.
Your role and impact
As Information Security Manager, you will play a pivotal role in defining, implementing and maintaining our core platforms and security programs. You will work cross-functionally to evolve information security at 98point6 by driving the design and delivery of key security initiatives. You will also be responsible for working with business stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility and performance.
Responsibilities
- You will contribute to the development and maintenance of a supportive information security program in accordance with HIPAA and HITECH regulatory requirements, including risk management, disaster recovery and business continuity planning and testing and incident management
- You will serve as a security advocate ensuring the 98point6 Commercial team is supported in pre- and post-sales efforts and that everyone at 98point6 follows security best practices
- Answer client questionnaires, review security provisions within contracts, build and maintain client-facing resources that describe our security program and support business efforts by responding to customer inquiries essential to building trust with partners and clients
- Support SOC 2 audit processes as appropriate, design plans to satisfy regulatory and compliance requirements related to security and privacy, as well as client contractual obligations
- Participate in security consultations and reviews with Engineering, IT, Compliance and Legal partners
- Manage efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the organization’s information and technology systems
- Collaborate with our Compliance team in day-to-day activities and implement process and compliance efficiencies in the areas of third-party risk management
- Manage security and incident evaluation, risk assessment, investigation and resolution and oversee the completion of corrective and preventive actions
- Stay abreast of federal and state data protection laws and accreditation standards, healthcare technology’s threat landscape and the industry’s strategies for mitigating such threats
- Establish, manage and continuously improve security strategies and policies based on new or changed regulations, business priorities and security threats
Qualifications
- 5+ years managing an information security program, developing information security processes and reporting on security capabilities, as well as experience implementing data quality best practices
- Background developing information security presentations for executive level consumption and effectively influencing program owners to drive remediation
- Experience implementing security metrics (KPIs) and compliance dashboards
- Expertise in SOC 2, ISO 27001, HIPAA/ HITRUST or similar standards preferred
- Professional certifications in security (CISSP, CISA, CISM) or equivalent preferred
98point6 provides equal employment opportunities to all without regard to race, color, religion, sex (including sexual orientation or gender identity), national origin, age, disability, genetic information or other protected status.