Chief Information Security Officer

The Chief Information Security Officer will be the leader of Information Security at Included Health. This position's primary responsibility is safeguarding patient, employee, customer, and third-party vendor data. You will be responsible for leading the team that designs, builds, implements, and maintains a world-class security program end to end. You will also be the representation for information security with our customers, prospects, investors, and board members.
Security is a strategically important pillar of our business, critical for the sustained growth of our company. This position is an exciting opportunity that requires strong technical competency, a proven managerial track record, and transformational leadership to continue the evolution of our enterprise security program for the future. Bring your best self, sense of humor included - we work hard, but we like to play hard too.

Duties and Responsibilities:

• Set the mission, vision, and strategy for the Information Security organization and execute to keep our members’ data safe
• Build trust, whether working cross-functionally with internal stakeholders (like Engineering or Legal) and collaborating externally with our customers, including CISOs and other Security professionals at Fortune 100 companies.
• Collaborate in a consultative manner with clear focus on our company’s objectives delivering on our mission for our members and clients
• Provide thought leadership and guidance while ensuring teams are engaged and focused on short-term priorities while establishing the long-term strategy
• Evangelize information security internally and externally, both with employees and company leadership as well as investors, clients & prospects, as well as board-level committees
• Continuously expand on the information security roadmap with the respective leaders in the Infosec organization
• Execute leadership and oversight for the implementation and automation of security capabilities, systems, and services - drive and evangelize the different functions within Information Security to business units and critical stakeholders across the Enterprise, including but not limited to IDS/IPS, SIEM, Vulnerability Management, Architecture Review, SAST/DAST, WAF, Incident Response, and Third Party Risk Management.
• Manage internal and external security/risk assessments, programs, penetration testing, bug bounty, vulnerability management, etc.
• Set the strategy and provide oversight to maintain existing security certifications (SOC2 Type 2 and HITRUST), and keep an eye on the future (e.g., FedRAMP and PCI ROC).
• Collaborate with audit, compliance, and privacy departments to maintain and enhance shared capabilities within the business, product, and services that Included Health provides.
• Manage capacity, budget, and resource allocation to meet growth initiatives and to ensure alignment with high-value …