Remote Director, Information Security

Who We Are

We are Imagine Pediatrics, a devoted and compassionate, multi-disciplinary pediatrician-led medical group that is creating a world where every child with complex medical conditions gets the care and support they deserve. Energized by our mission to reimagine pediatric health care, we are pioneering virtual-first care services that include care coordination and around-the-clock access to complex-care clinicians from home. We don’t replace a child’s existing care team. Instead, we collaborate to deliver continuous support to kids, so they can spend less time in the hospital and more time thriving at home and in their communities.

Every day we boldly challenge old approaches and seek out new and better ways to improve the health and lives of children with medical complexity. In partnership with caregivers, providers, and health plans, we break down the barriers that stand between families and quality care for their children. We know we can’t solve every challenge in the lives of these kids, but we can work tirelessly to give them, their families, and other caregivers the help and relief they need, right when they need it.  We know a better approach to pediatric health care is within reach, and we are committed to seizing it today.

What We Live By

We’re guided by our five core values:

• Children first.We put the best interests of children above all. We are uncompromising in our commitment to improving the lives of children and families by bringing the best care to them.
• Earn trust.We cherish the trusting relationships we build with the children and families we serve, our partners, and each other. We seek first to understand and speak honestly.
• Innovate today. We refuse to accept the way things have always been done. Children and families are waiting for our help and their bravery demands that we relentlessly challenge assumptions to develop new approaches.
• Embrace humanity. We lead with empathy and authenticity, presuming competence and good intentions. When we stumble, we use the opportunity to learn and grow stronger.
• One team, diverse perspectives. We work alongside families as one team towards a shared purpose. We champion diversity and acknowledge the contributions of others.

What You’ll Do

The Director, Information Security will be responsible for defining and implementing the information security strategy at Imagine Pediatrics. You will handle:

End-to-End Corporate Security Strategy and Design

• Develop, implement, and maintain the Imagine Pediatrics Information Security Strategy and long-term vision. The Director will also lead, manage, and maintain the information security operational services, policies, and practices to align with industry best practices and HITRUST compliance requirements.

• Define, implement, maintain, and continually evaluate Imagine Pediatrics security technology architecture to include the evaluation of the current enterprise product suite effectiveness, and cost, while evaluating the changing requirements of the business against industry trends in cyber threat protection.

• Define and implement new and existing playbooks/runbooks, work with multi-functional team members to maintain high-quality work standards

Evaluation and Implementation of Security Partnerships

• Support third-party security assessments and contract negotiations for future and existing business partners.

• Define and implement risk assessment processes for new technology platforms

• Collaborate with internal teams and external vendors to addresses security posture mandates (e.g. HITRUST, SOC2) of our business partners

• Collaborate with internal teams and external vendors to implement new software, policy configurations & settings to mitigate vulnerabilities

• Manage external security partnership to ensure cohesive delivery of services that meet contractual requirements

Cross Functional Collaboration and Communication of Enterprise Security Initiatives

• Works closely with the Imagine Pediatrics Executive team to continually communicate on priority industry trends in threat protection and cyber security. Regularly presents to the Executive team the Imagine Pediatrics current state security posture, priority risk and vulnerabilities, tactical approaches for mitigation, resolution / completion timelines, and dependencies.

• Provide leadership and guidance to IT Infrastructure, Engineering, Data, Risk Management, Business Development and other critical business function services areas on security implementations, purpose, and priority.

• Liaise with Business and IT Groups in the security analysis, design and planning phases of IT and business-related projects

• Work closely with the Chief of Compliance to develop Information Security policies, procedures, and controls to manage platforms containing PII and PHI.

Incident Response and Risk Management

• Establish the corporate risk registry used to identify and prioritize corporate risks. Define and implement the corporate risk process to include risk identification, risk and stratification. Work closely with business owners to develop necessary corrective plans that outline the actions required to remediate, mitigate, transfer, or accept the identified risk based on corporate guidelines and policies.

• Define and implement risk mitigation strategies for threat vectors related to all areas of the business.

• Participate in security incident response processes on a per-occurrence basis

Functional Leadership

• Serves as the principal representative and accountable leader for all corporate information security-related matters
• Develop, mentor, and lead the information security team members to continually improve and expand the information security programs, manage cybersecurity threats, and assess and manage vulnerabilities.
• Develop and manage the security operations annual budget ensuring Imagine Pediatrics maintains the appropriate level of protection and staffing while managing cost efficiency.

What You Bring & How You Qualify

First and foremost, you’re passionate and committed to reimagining pediatric health care and creating a world where every child with complex medical conditions gets the care and support they deserve. You will need:

• Bachelor of Science degree in Computer Science, Information Security, Business, Management, or related field is required.

• 6+ years’ experience in a leadership role defining the security operations service delivery portfolio, roles, responsibilities, accountabilities, and performance SLAs of the security operations team.

• 4+ years’ experience leading teams responsible for securing public cloud infrastructure including web and mobile applications.

• Brings an advanced knowledge, experience, and expertise of U.S. Federal regulations such as the HITECH Act, HIPAA, and HITRUST.

• CCISO, CISSP, CISM, and/or CISA certifications desired, but not required

• Exceptional leadership skills and ability to lead and inspire the organization through complex and sometimes challenging and disruptive security initiatives.

• Expertise in current Information Security industry trends, strategies, vulnerabilities and threats

We Value Diversity, Equity, Inclusion and Belonging

We believe that creating a world where every child with complex medical conditions gets the care and support they deserve requires a diverse team with diverse perspectives. We’re proud to be an equal opportunity employer. People seeking employment at Imagine Pediatrics are considered without regard to race, color, religion, sex, gender, gender identity, gender expression, sexual orientation, marital or veteran status, age, national origin, ancestry, citizenship, physical or mental disability, medical condition, genetic information, or characteristics (or those of a family member), pregnancy or other status protected by applicable law.