How you will impact the organization…

The VP, Information Security (VP/IS) will ensure that our products and company are providing best-in-class security and compliance to our customers and employees alike.

Reporting directly to the Chief Technology Officer, the VP/IS will direct Information Security (InfoSec) and Governance, Risk, and Compliance (GRC) activities for Consensus product offerings as well as all internal business systems.

The value you will deliver…

• Develop, manage and set the vision for the company's Information Security Program.
• Manage, recruit, and mentor the Information Security Team.
• Manage the budget for the Information Security department.
• Chair the company's Cybersecurity committee.
• Review, revise, and maintain the Security Incident Response policies and procedures.
• Oversee Security Incident responses.
• Deploy the security awareness training program and communicate best practices and risks to all parts of the business.
• Work with outside partners or consultants as required to meet independent security audit needs; manage outside security partners, stakeholders, vendors, and solution providers working on security implementations.
• Collaborate with departments to ensure proper security language is integrated in contracts.
• Lead compliance efforts consisting of HIPAA, HITRUST, PCI, FedRAMP, and SOC 2 Type 2 reporting, client audit response (For IT and Security items), and other compliance requirements.
• Oversee creation of security architecture artifacts which reflect and support business, operational, technical, and compliance objectives.
• Work with Engineering and Operations to implement and maintain secure coding and deployment practices, secure production environments, patch management, and implement systems to monitor and maintain the security of our products in development and production.
• Manage the program to audit application architectures to ensure security standards are in force and effective.
• Design and operate the data loss prevention program and systems for the company.
• Conduct regular vulnerability scans on systems across the organization and collaborate with departments to ensure systems are remediated and/or security controls set in place.
• Contribute to the annual review and update of the Disaster Recovery and Business Continuity Plan.
• Ensure compliance of the Information Security program with all Regulatory, Contractual, Association, and Client requirements.
• Other responsibilities as assigned by your leaders

What you will bring to the table…

• 10+ years of progressive expertise in leading Corporate Security Programs, at least 5 of which were in a SasS environment
• 8+ years of progressive experience in managing Information Security team staffing, contracting, budgeting, vendors, and security programs and projects
• 4+ years of Information Security management experience in a healthcare-related setting
• CISSP, CISM, or other equivalent security certification
• Experience supporting successful HITRUST CSF certification audits.
• Hands-on technical experience with Physical Security Systems, Telecommunications and Networks, Security Solutions (Firewalls, IDS/IPS, SIEM, Vulnerability Assessment Tools), Employee Security Training, Access Control Systems, Cryptography, and Secure SDLC Methodologies
• Proficient knowledge of common information security management frameworks, such as ICSUAM Section 8000, HITRUST CSF, FedRAMP, ISO/IEC 27001, and NIST.
• Working knowledge of state and federal information security, compliance, and privacy procedures such as GDPR and CCPA securities policies.
• Ability to interpret state and federal laws, company guidelines, and regulatory rules to determine how they apply to the company.
• U.S. Citizenship required, located in the continental U.S., and able to achieve and maintain a security clearance with the U.S. Government.

You will stand out if you also have…

• Bachelor's degree in related field or equivalent combination of experience and education
• CRISC, CISA certifications
• Experience with FedRAMP security compliance
• Experience leading the Information Security function in a publicly-traded company
• Recent experience with Tenable.io, Cloudflare zero-trust environments, Crowdstrike, AlertLogic, or Rapid7
• Active, transferable U.S Government Security clearance

Additional details…

• Location requirements: This role is fully remote within the US
• Travel requirements: Up to 10% travel required
• Physical requirements: Must be able to sit for long periods, as well as handle long periods of screen time
• Technology requirements: Reliable, high speed internet for remote work
• Work authorization: This role is not eligible for sponsorship
• Security clearance: Ability to achieve and maintain a security clearance with the U.S. Government

The base salary range for this role is $180,000 - $200,000. The total compensation package for this position is negotiable and may also include [annual performance bonus, ESPP, enhanced time off packages and benefits.]