Vice President, Information Security

Summary

Join SmithRx, a rapidly growing Health-Tech company, as the VP of Information Security. You will play a critical role in securing SmithRx’s data, systems, and infrastructure, ensuring compliance with industry regulations. Collaborate with stakeholders and technology teams to implement and improve a robust information security program. This leadership role assesses and mitigates operational, legal, regulatory, and security risks across IT and technology. The position requires a strong background in cybersecurity, cloud security, and IT risk management within the healthcare vertical. SmithRx offers competitive benefits, including wellness benefits, retirement savings, paid time off, and professional development opportunities.

Requirements

• Bachelor’s or Master’s degree in Computer Science, Information Technology, or related field
• 15+ years of experience in cybersecurity, IT security, and risk management across multiple functions. Experience within the healthcare vertical is required
• 8+ years in a leadership role with experience managing and scaling security and engineering teams, including prior experience as Head of Information Security, or an equivalent leadership role
• Strong knowledge of cloud technologies, infrastructure security, threat-informed defense, and cybersecurity best practices
• Proven experience with DevOps, CI/CD, and integrating security into the software development and product management lifecycle
• Expertise in incident response, compliance frameworks, risk management, cloud security, and application security practices
• Strong communication, collaboration, and interpersonal skills with a demonstrated ability to influence and lead across the organization
• Strategic mindset with a focus on aligning security initiatives with business goals

Responsibilities

• Lead and drive SmithRx's overall cybersecurity strategy, integrating robust security practices that support and enhance business operations while safeguarding sensitive data, systems, and infrastructure
• Identify, evaluate, and manage information security risks while ensuring compliance with industry standards, regulations, and governance frameworks
• Develop and execute a comprehensive risk management framework focused on auditable governance, compliance, IT security, application and product security, and cloud security
• Establish measurable goals and objectives to build a culture of trust, compliance, and security
• Develop, document, and enforce security practices and controls to secure enterprise-wide data and systems
• Lead cloud and product security efforts, ensuring that our cloud platforms and services align with relevant industry standards, regulations, and compliance requirements
• Oversee the implementation and management of advanced security monitoring, incident detection, and response tools
• Evaluate and manage third-party risk by assessing the security posture of cloud providers, vendors, and other third-parties
• Build, mentor, and lead high-performing teams of cybersecurity professionals, ensuring a collaborative and innovative work environment
• Spearhead security training and awareness programs to ensure all employees understand the importance of maintaining a secure environment
• Lead incident response efforts, conducting post-event analysis and continuously improving security processes and capabilities
• Define and implement cloud security policies, standards, and best practices to safeguard infrastructure and data
• Collaborate with DevOps and engineering teams to integrate security and auditability into the software development lifecycle (SDLC), cloud infrastructure, and cloud operations
• Manage and optimize cloud security tools, including ICAM, encryption and key management, cloud and data security posture management, and intrusion detection and prevention systems
• Conduct regular vulnerability assessments and penetration testing of cloud systems and ensure timely remediation of issues
• Ensure continuous compliance with frameworks like NIST, HIPAA, and others while continuously enhancing security measures
• Lead efforts to ensure compliance with regulatory frameworks and manage ongoing risk assessment and risk management processes
• Engage with legal, compliance, and regulatory teams to meet SmithRx’s security obligations and reduce risks
• Oversee security-related governance, risk assessments, vendor risk management, and security awareness initiatives
• Lead the architecture, engineering, and management of strategic security programs that align with the company's business goals
• Ensure the security, scalability, and reliability of the company’s IT infrastructure, including network security, endpoint protection, data protection, business continuity, and disaster recovery
• Oversee the design and execution of security measures for internal systems and ensure alignment with business objectives
• Manage the security budget, ensuring optimal allocation of resources for security initiatives
• Collaborate with cross-functional departments to ensure technology investments align with overall business priorities
• Evaluate and manage relationships with third-party vendors, ensuring the selection of secure and compliant services
• Negotiate contracts and manage security performance and costs with external partners and service providers

Benefits

• Highly competitive wellness benefits including Medical, Pharmacy, Dental, Vision, and Life Insurance and AD&D Insurance
• Flexible Spending Benefits
• 401(k) Retirement Savings Program
• Short-term and long-term disability
• Discretionary Paid Time Off
• 12 Paid Holidays
• Wellness Benefits
• Commuter Benefits
• Paid Parental Leave benefits
• Employee Assistance Program (EAP)
• Well-stocked kitchen in office locations
• Professional development and training opportunities