Director of IT Security
Why our work matters
The healthcare industry is notoriously difficult to navigate. One third of the over $3 trillion spent on healthcare annually results from this complexity, and more than half of Americans don’t get care because of the price tag. Our mission is to simplify the healthcare experience in a way that provides access to better care at a lower cost.
Since 2014, HealthJoy has been committed to revolutionizing the way people access healthcare. Through an easy to use app that brings together healthcare information and on-demand help, we enable people to be more informed and confident when making decisions about their healthcare. It’s no small feat, but our work makes a significant difference in people’s lives.
Our team has compassion and energy for the problems we are solving. We hold ourselves accountable and deliver on ambitious, meaningful goals. Putting egos aside, we commit to doing what it takes to bring positive changes to our users. Everyone plays a role.
Together we are building the future of healthcare. Join us!
Your role in our mission
We are looking for a Director of IT Security to oversee our business’ information security, risk, and compliance activities.The primary responsibility for this position is the ensure every patient, employee, customer, and third party vendor data is protected, safe and secure. As HealthJoy continues to grow, it is imperative to continue to mature our security posture. The ideal candidate has experienced scale and isn’t afraid of getting in the weeds with important initiatives.
What You’ll Do
- Be the security subject matter expert, whether working cross functionally with internal stakeholders or collaborating externally with our customers, including CISOs
- Lead our global ISO 27001 process, while creating security documentation including requirements definitions, risk assessments, high level and detailed design documents and risk and recommendation documentation.
- Design and develop an industry leading Enterprise Information Security Program
- Use data to make decisions about prioritization and impact
- Build processes and frameworks to improve the teams’ execution and outcomes
- Maintain open lines of communication with stakeholders and ensure strategic objectives are considered against tactical changes in plans.
- Support and assist with external audits/assessments, certifications and accreditations to achieve and maintain compliance
- Develop security operations processes and procedures to ensure comprehensive threat visibility, monitoring and alerting
What You’ll Need
- Experience in building and scaling a well rounded security program, including benching to SOC2, ISO27001 / HITRUST / HIPAA / NIST standards
- Excellent communication skills and ability to document and explain technical details clearly and concisely
- Maintain and audit IT Infrastructure security
- 5+ years of experience in application security or infrastructure engineering
- Expertise with public key infrastructure protection mechanisms, HSM technology, and cryptographic protocols
- Undergraduate degree in Engineering or Computer Science (advanced degree a plus)
- Medical benefits with generous employer contribution to monthly medical premiums
- HSA with company contribution
- Stock options
- Parental leave
- Flexible PTO policy
- Laid back work environment
- Monthly company sponsored happy hours
- Weekly instacart orders
- Catered lunches every Friday
HealthJoy is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or any other basis forbidden under federal, state, or local law.