Chief Information Security Officer

• →Strategic Security Leadership:
• →Develop and implement the organization's information security strategy.
• →Provide regular security updates to the CIO, other executives, and the board of directors, including presentations on security matters.
• →Represent the organization in security-related matters with external parties, including vendors and auditors.
• →Work closely with the CIO and operate as a member of the DevOps team to emphasize and implement our security initiatives.
• →Risk Management:
• →Conduct regular risk assessments and vulnerability scans using tools like Rapid7 IVM and internal tracking systems.
• →Oversee the development and implementation of incident response plans and conduct tabletop exercises with DevOps team members..
• →Compliance and Audit:
• →Ensure compliance with relevant regulations and standards, including HITRUST, NIST, DirectTrust, HIPAA, and SOC 2 (Type II), ISO.
• →Manage internal and external security audits, including evidence collection and preparation.
• →Oversee the evidence collection process for audits, working with third-party auditors for response submission.
• →Work closely with business development and legal to assist with security compliance requirements.
• →Assist with identifying and implementation of international security compliance.
• →Policy and Procedure Development:
• →Develop, review, and update information security policies and procedures, such as the Vulnerability and Patch Management Procedure and Data Center Access Procedure.
• →Ensure policies are communicated and enforced throughout the organization, including through security awareness training.
• →Security Operations:
• →Participate in the day-to-day operations of the security team and manage security tools and technologies, including Check Point, SentinelOne, and intrusion detection systems.
• →Monitor security alerts and respond to incidents, including phishing attempts reported through the various tools.
• →Team Management:
• →Lead and mentor the security team, reviewing tasks and responsibilities working closely with the DevOps team members.
• →Vendor Management:
• →Evaluate and manage security vendors, including VDA Labs, KnowBe4, reviewing security agreements and contracts.
• →Perform vendor audits and maintain required documentation.
• →Security Awareness:
• →Develop and deliver security awareness training to employees, including utilizing KnowBe4, TalentLMS and internal training programs.
• →Provide onboarding training for new employees.
• →Budgeting and Planning:
• →Develop and manage the security budget, planning and prioritizing security projects, including funding for tools and conferences.
• →Sales and Business Development:
• →Perform first pass responses to RFI/RFP for new business deals working closely with the sales team

Base salary range: $145,000-$170,000