Information Security Officer
Our mission is to deliver high-quality primary care that is accessible, convenient and affordable for all. Every single day you’ll be working on challenging problems with an exceptional team to profoundly transform primary care and improve people’s quality of life.
Your role and impact
As the leader of the Information Security team, you will play a pivotal role in defining, implementing and maintaining our core platforms and security programs. You will work cross-functionally to evolve information security at 98point6 by driving the design and delivery of key security initiatives. This role reports directly to the General Counsel and currently includes management of the Information Security Manager.
Responsibilities
- Serve as the HIPAA Security Officer, leading the continuous management of information security policies, processes, procedures, training and technical systems in order to maintain the confidentiality, integrity and availability of organizational information systems
- Manage a small and growing team of security professionals, including support and career development at the individual level
- Establish, manage and continuously improve security strategies and policies based on new or changed regulations, business priorities and security threats
- Lead information security and business continuity risk assessment processes through risk treatment planning and implementation to maintain an acceptable security risk profile
- Oversee security audits, both internal and third-party, including leading and serving as the main point of contact for the SOC 2 audit and report
- Partner with engineering, information technology, compliance and legal teams to refine the process for responding to external security questionnaires that are an essential part of building trust with partners and clients
- Own security incident and breach evaluation, risk assessment, investigation and resolution, and oversee the completion of corrective and preventive actions
- Ensure compliance with security practices and consistent application of sanctions for failure to comply with security policies for all individuals in the practice’s workforce and for all business associates (BAs)
- Coordinate with management and operations to establish a mechanism to track PHI access within the practice, as required by state and federal regulations, and allow qualified individuals to review or receive a report on access activity
- Maintain current knowledge of federal and state privacy laws and accreditation standards, healthcare technology industry’s threat landscape and the security industry’s strategies for mitigating such threats
- Evaluate budget and expenses associated with security initiatives and programs
- Provide periodic reports on performance of security programs to executive management
Qualifications
- 7–12+ years within information security; experience working for covered entities under HIPAA preferred
- 3+ years managing and building teams
- Strong problem-solving skills and creativity to add value and diversity of thought to our team
- Skilled at defining, documenting, implementing and maintaining information security management systems
- Familiarity or experience working with SOC 2, ISO 27001, HITRUST, NIST or similar standards preferred
Professional certifications in security (CISSP or CISM from ISACA), privacy (CIPP), auditing (CPMA) or equivalent preferred
98point6 provides equal employment opportunities to all without regard to race, color, religion, sex (including sexual orientation or gender identity), national origin, age, disability, genetic information or other protected status.