Remote Security and Compliance Manager

Summary

Join Our Mission to Revolutionize Healthcare. We are seeking an experienced Security and Compliance Manager to lead our information security initiatives and ensure compliance with industry regulations.

Requirements

• Education: Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field
• Experience: 10 years of work experience, with 5+ years in security compliance or audit-related roles within the tech industry. Experience managing security compliance audits of cloud environments and experience with HIPAA, HITECH, and HITRUST is a plus
• Certifications: Preferred certifications include CISSP, CISM, CRISC, CISA, and CSA Cloud platforms (AWS, Azure, or GCP)
• Technical Expertise: Strong understanding of cloud environments, on-prem systems, and managing access in an IT environment
• Compliance Tools: Experience with compliance platforms such as Thoropass, Vanta, etc., is a plus

Responsibilities

• Maintain Security and Compliance Posture
• SOC 2 Audit Leadership: Lead and orchestrate SOC 2 audit processes, ensuring thorough planning, execution, and reporting
• Policy Development: Architect, implement, and maintain information security policies, procedures, and controls to strengthen organizational defenses
• Risk Assessments: Execute risk assessments and vulnerability analyses to identify and mitigate potential security threats
• Incident Response: Monitor and respond to security incidents and breaches, ensuring swift resolution and thorough documentation
• Regulatory Compliance: Collaborate with internal and external stakeholders to ensure compliance with regulatory requirements and industry best practices
• Employee Training: Design and deliver training programs to educate employees on information security policies and procedures
• Trend Analysis: Analyze emerging security trends, threats, and technologies, and recommend enhancements to the security program
• Reporting: Create and present data-driven reports on the information security program status to senior management
• Sales Security Advisory
• Sales Support: Support the Sales team by conducting security and IT reviews with customers, addressing their concerns, and showcasing our robust security measures
• Alignment with Standards: Align sales materials and presentations with industry security standards and customer compliance requirements
• Strategic Collaboration: Collaborate with sales teams to ensure security is a key factor in customer acquisition and retention strategies
• Cybersecurity Strategy and Risk Management Advisory
• Strategy Development: Lead the development and execution of comprehensive cybersecurity strategies aligned with industry standards and regulatory requirements
• Risk Management: Advise leadership on risk management and security governance to protect Thoughtful AI’s assets and data
• Policy Enforcement: Ensure compliance with security policies, regulations, and best practices across the organization
• Incident Oversight: Oversee incident response planning and execution, minimizing the impact of security breaches

Benefits

• Competitive Compensation
• Equity Participation: Employee Stock Options to share in the company's success
• Health Benefits: Comprehensive medical, dental, and vision insurance to keep you and your family healthy
• Time Off: Generous leave policies and paid company holidays to ensure work-life balance