Director of Infrastructure and Security

Summary

Join DoseSpot, a PE-backed start-up and leader in electronic prescribing software, as their Director of Infrastructure and Security. You will be a critical part of ensuring the security and integrity of our software, systems, and data, while maintaining compliance. This highly visible role involves close collaboration with leadership and other departments. You will develop and implement cybersecurity strategies, manage risks, and ensure compliance with regulations like HIPAA, SOC2, and HITRUST. Lead and mentor a security team, overseeing daily activities and establishing key performance indicators. This is a strategic senior role requiring hands-on contributions to security goals and tasks.

Requirements

• Hold a Bachelor’s degree in computer science, Information Systems, or a related field
• Have 8+ years of experience in information security or a similar role with at least 5 years of senior leadership experience
• Have a minimum of 3 years of experience working in a cloud infrastructure
• Possess previous healthcare experience with a solid understanding of HIPAA compliance
• Demonstrate in-depth knowledge of cybersecurity principles, best practices, and industry standards
• Show a strong understanding of relevant regulations and compliance requirements
• Possess excellent communication and people skills, with the ability to influence and collaborate at all levels of the organization
• Exhibit exceptional problem-solving and decision-making abilities

Responsibilities

• Develop and implement a comprehensive cybersecurity strategy that aligns with the company's business goals and objectives
• Establish and oversee the company's security governance framework and ensure the integration of security into all aspects of the business
• Identify, assess, and prioritize cybersecurity risks, and develop strategies to mitigate these risks effectively
• Ensure compliance with industry regulations, standards, and legal requirements related to cybersecurity, including HIPAA, SOC2, and HITRUST
• Develop, maintain, and enforce security policies, standards, and procedures to protect company assets and data, including validating and providing suggestions on Application Security and end-to-end Security controls
• Develop and oversee the incident response plan, ensuring that the company is well-prepared to respond to and recover from cybersecurity incidents
• Promote a culture of cybersecurity awareness throughout the organization by providing training and educational programs
• Evaluate and manage third-party vendor security risks and relationships
• Oversee the selection, implementation, and management of security technologies and tools, including firewalls, intrusion detection systems, and encryption
• Establish key performance indicators (KPI’s) and metrics to measure the effectiveness of cybersecurity efforts and report to executive leadership and the board, as needed
• Lead your team by building, developing, and mentoring the growth of the security team and oversee the day-to-day activities

Preferred Qualifications

Hold a certification in CISSP, CISM, or CISA

Benefits

• Remote work environment with a flexible work schedule to encourage work-life balance
• Annual company offsite
• Generous leave package including flexible time off policy that encourages team members to take time off to relax and recharge; plus 13 paid holidays, paid sick leave, and paid parental leave
• Medical, dental, and vision insurance for you and your family, plus a company funded FSA & HSA, dependent on which medical plan you choose
• 401(k) company match
• One-time workspace reimbursement to help you optimize your remote workspace