We’re unique.  You should be, too.

We’re changing lives every day.  For both our patients and our team members. Are you innovative and entrepreneurial minded? Is your work ethic and ambition off the charts?  Do you inspire others with your kindness and joy?

We’re different than most primary care providers. We’re rapidly expanding and we need great people to join our team.

The Senior Director Incident Response and Security Engineering is responsible for leading incident response and threat intelligence activities and leading the development and execution of security engineering roadmaps including the implementation of security controls across the enterprise. The Senior Director will lead and grow a team of experienced security professionals, mature processes and playbooks, and use threat intelligence to evolve prevention and detection capabilities.

ESSENTIAL JOB DUTIES/RESPONSIBILITIES:

Incident Response:

• Manages security incidents and events, leading the investigation and containment of incidents, to protect company assets, including intellectual property, regulated data and the company's reputation.
• Partners with IT Leadership in the recovery from incidents, coordinate with law enforcement agencies at the direction of Legal, and develop the post-response strategy including lessons learned
• Oversees, actively test, and refine the incident response plan
• Partners with third party Incident Responders as needed
• Acts as liaison with Legal, Privacy, Compliance, HR, IT, Internal Audit, Business Development, Risk Management, and other internal stakeholders
• Evaluates new security threats and healthcare technology trends and develop related monitoring and alerting to identify new Indicators of Compromise
• Provides oversight, direction, and development opportunities to the Incident Response team to effectively respond to incidents
• Protects intellectual property, trade secrets, and other sensitive information from insider threats
• Conducts investigations at the direction of Legal and HR

Security Engineering:

• Defines and executes the Security Engineering roadmap as part of the Information Security roadmap
• Provides leadership in Security technologies and operations, vulnerability management, information security operations, and managed services delivery
• Provides oversight, direction, and development opportunities to the Security Engineering team to execute and deliver against the roadmap
• Leads operational support of Information Security technologies and infrastructure
• Deploys and leads security program(s) and related security enhancements using new and existing measures/technologies
• Responsible for the process of documenting and monitoring the secure configuration of technology assets that have configuration settings within the security baseline defined
• Oversees continuous monitoring and protection of company information systems, data, data centers, and cloud services

Overall:

• Serves as a security resource to all levels including executive management, department staff, and external bodies, such as state agencies
• Reviews and recommends emerging security technologies and systems
• Identifies opportunities for automation to gain efficiencies and best utilization of team members
• Oversees operations of multiple third-party security vendors, to ensure alignment and compliance with security goals and SLAs
• Educates business leaders on appropriate security risk and mitigation strategies and approaches
• Manages the team members to include hiring, training, staff development, performance management and annual performance review
• Develops and grows team members, identify development needs, and provide skill building and cross-training opportunities for the team

KNOWLEDGE, SKILLS AND ABILITIES:

• Demonstrated understanding and experience with information security vulnerabilities, threats, risks, security operations fundamentals, tasks, and best practices
• High quality and timely delivery of projects and operational initiatives
• Strong leadership, stakeholder management and program management skills
• Effective verbal, written and interpersonal communication skills
• Experience with implementing automation
• Awareness of industry standards and best practices such as NIST CSF and CIS
• Current knowledge of federal and state privacy and security laws and regulations, as well as industry best practices.
• Demonstrate competence in the areas of critical thinking and problem solving, interpersonal relationships, and technical skills
• Track record of collaboration and relationship building
• High level of professionalism, self-motivation, and sense of urgency who thrives in a fast-paced, dynamic environment
• Spoken and written fluency in English
• This job requires use and exercise of independent judgment

EDUCATION AND EXPERIENCE CRITERIA:

• Bachelor's degree in Information Systems, Cybersecurity, Computer Science or related field
• Holds Certified Information System Security Professional (CISSP)
• 10 years’ experience in Information Security
• 5 years’ experience in leadership capacity
• Healthcare industry experience is preferred.

PAY RANGE:

$181,651 - $259,502 Salary

The posted pay range represents the base hourly rate or base annual full-time salary for this position. Final compensation will depend on a variety of factors including but not limited to experience, education, geographic location, and other relevant factors. This position may also be eligible for a bonuses or commissions.

EMPLOYEE BENEFITS

https://chenmed.makeityoursource.com/helpful-documents

#LI-Remote