Director of IT Security
Founded in 2014, HealthJoy is a rapidly growing healthcare technology company on a mission to help employers and employees maximize the value of their benefits. Our platform provides members with a centralized benefits experience by combining a virtual healthcare assistant (JOY) and benefits wallet with telemedicine and concierge services. By integrating these services, members are guided to the right point of care, high quality and low cost physicians and facilities, and prescription savings. Additionally, JOY proactively helps members manage their health and understand the benefits they have elected.
About the Role
We are looking for a Director of IT Security to oversee our business’ information security, risk, and compliance activities.The primary responsibility for this position is the ensure every patient, employee, customer, and third party vendor data is protected, safe and secure. As HealthJoy continues to grow, it is imperative to continue to mature our security posture. The ideal candidate has experienced scale and isn’t afraid of getting in the weeds with important initiatives.
What You’ll Do
- Be the security subject matter expert, whether working cross functionally with internal stakeholders or collaborating externally with our customers, including CISOs
- Lead our global ISO 27001 process, while creating security documentation including requirements definitions, risk assessments, high level and detailed design documents and risk and recommendation documentation.
- Design and develop an industry leading Enterprise Information Security Program
- Use data to make decisions about prioritization and impact
- Build processes and frameworks to improve the teams’ execution and outcomes
- Maintain open lines of communication with stakeholders and ensure strategic objectives are considered against tactical changes in plans.
- Support and assist with external audits/assessments, certifications and accreditations to achieve and maintain compliance
- Develop security operations processes and procedures to ensure comprehensive threat visibility, monitoring and alerting
What You’ll Need
- Experience in building and scaling a well rounded security program, including benching to SOC2, ISO27001 / HITRUST / HIPAA / NIST standards
- Excellent communication skills and ability to document and explain technical details clearly and concisely
- Maintain and audit IT Infrastructure security
- 5+ years of experience in application security or infrastructure engineering
- Expertise with public key infrastructure protection mechanisms, HSM technology, and cryptographic protocols
- Undergraduate degree in Engineering or Computer Science (advanced degree a plus)
- Medical benefits with generous employer contribution to monthly medical premiums
- HSA with company contribution
- Stock options
- Parental leave
- Flexible PTO policy
- Laid back work environment
- Monthly company sponsored happy hours
- Weekly instacart orders
- Catered lunches every Friday
HealthJoy is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or any other basis forbidden under federal, state, or local law.