CISO

Summary

Join Health-E Commerce as their Chief Information Security Officer (CISO) and assume primary responsibility for the company's information security. Define and execute the company's Information Security Strategy, ensuring compliance with HiTrust, HIPAA, and PCI standards. Collaborate with the Technology Leadership team to set and refine company goals. Report directly to the Chief Technology Officer. Manage and mature an enterprise-wide information security strategy, aligning cybersecurity initiatives with business objectives and regulatory requirements. The CISO will also communicate security risks and strategies to executive leadership and the board.

Requirements

• 15+ years of experience with Cyber Security including recent hands-on experience conducting audits and remediations, investigation of security incidents, and other security tasks as needed
• Bachelor’s degree or higher in Computer Science, ideally with Cyber Security specific certifications
• Experience managing a small team of security analysts. Hiring, coaching and mentoring them as needed
• Ability to work closely with Engineering, Operations, Legal, and Compliance teams on security related tasks and initiatives
• Experience with obtaining and maintaining HiTrust certification
• Experience with maintaining HIPAA and PCI Compliance at an Ecommerce (D2C) Company

Responsibilities

• Manage and mature an enterprise-wide information security strategy
• Align cybersecurity initiatives with business objectives and regulatory requirements
• Communicate security risks and strategies to executive leadership and the board
• Conduct risk assessments and manage security risks proactively
• Ensure compliance with industry regulations (e.g., HIPAA, PCI, NIST)
• Oversee audits, security assessments, and incident response planning. Execute them hands-on as needed
• Implement security governance and risk management frameworks
• Oversee the security operations center (SOC) and threat intelligence programs
• Develop and implement incident response plans and lead breach investigations
• Ensure the deployment and management of security tools (firewalls, intrusion detection, endpoint protection)
• Monitor and respond to emerging threats and vulnerabilities
• Implement data protection measures, including encryption and access controls
• Work with legal teams to ensure compliance with data privacy laws
• Conduct cybersecurity awareness training for employees
• Promote a security-conscious culture across the organization
• Work with IT, legal, and compliance to ensure security integration
• Assess and manage security risks in third-party vendors and partners
• Evaluate and implement new security solutions and architectures
• Monitor for bot attacks, credential stuffing, and API security vulnerabilities
• Deploy and manage web application firewalls (WAF), DDoS protection, and endpoint security

Benefits

• Medical, Dental, Vision, and 401K with a company match
• Dependent Care, FSA & HSA accounts
• Paid Parental & Bonding Leave
• Flexible PTO & office closure on all major holidays
• Monthly wellness & internet reimbursements
• Professional development including certification support & leadership coaching
• Mental Health resources
• 100% remote within the United States
• Must be able to work EST hours
• Compensation: $150,000 - 180,000
• Discretionary Annual Bonus Eligibility: Up to 25%