Chief Information Security Officer
Phoenix, AZ, United States
**Chief Information Security Officer**
Phoenix, AZ Fresh off the completion of Series B funding (), Medicom is developing a culture that strives for **transparency**, **compassion** and **progress**.We are growing our team by seeking individuals with a growth mindset who share a high-level of passion, drive, and commitment to serve the variety of Medicom stakeholders. ***MEDICOM***
Medicom Technologies, is a high-growth, healthcare technology company dedicated to creating innovative solutions for patients, health systems, and life sciences companies. We have a focused passion to improve patient outcomes by eliminating health data silos and facilitating data curation.
With over 3,500 connections and 1,000 participating organizations, the Medicom Network connects disparate silos of health information so health records can be easily and securely searched and shared amongst healthcare providers.
The Medicom deepMed Marketplace serves healthcare data consumers at life science, pharmaceutical, and AI companies by facilitating curation of individual or longitudinal data sets.
Every member of our team embodies our core values to ensure every network participant from patient to physician can collaborate in our mission.
To learn more about Medicom visit our website .
Position: Chief Information Security OfficerThe Chief Information Security Officer (CISO) is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital environment in which we operate. A key element of the CISOs role is working with the executive management team to determine acceptable levels of risk for the organization.
Responsibilities
* Develop and scale a governance, risk management, and compliance team responsible for implementing information security controls, conducting internal audits, and working with customers through complex information security evaluations.
* Provide risk guidance to engineering teams including the evaluation of technical controls, business continuity, and disaster recovery planning.
* Oversee the vulnerability management program which includes vendor risk management and internal monitoring.
* Report status of controls, incidents, and incident response to the companys executive team, board, and customers ensuring awareness of current and emerging threats.
* Work with sales, implementation, legal, and engineering departments to develop and implement practices and subject-matter expertise.
* Strengthen Medicoms security-first culture through the development of internal training and education programs.
* Build strong industry knowledge of emerging trends and stay up to date with federal and state privacy laws and HIPAA regulations to ensure organization-wide complianceProvide guidance to the GRC team to complete and communicate healthcare provider administered 3rd party risk assessments.
* Partner with legal, public policy, and other teams to identify HIPAA-related regulatory needs for Medicom.
* Lead Medicoms SOC-2, FedRAMP, and HITRUST Certifications.
Qualifications
* 8+ years in a Senior Information Security role.
* Proven track record and experience building information security policies and procedures as well as leading programs that met HITRUST and SOC-2 requirements.
* Deep working knowledge of cybersecurity frameworks such as ISO 27001 and NIST.
* In-depth understanding of modern software development frameworks and best practices, such as serverless design, microservices, and continuous integration and deployment (CI/CD) pipelines.
* A Masters Degree in Computer Science, Information Security, or related field is preferred.
* Certified Information Systems Security Professional (CISSP) or similar preferred.
**JOB CODE: 1000019**
#J-18808-Ljbffr