Deputy, Chief Information Security Officer Remote

Overview

Who we are….

At Ciox Health we are on a mission to connect the worlds health data so that every health decision is powered by data; complete data when and how it is needed.

We believe this can fuel one of the biggest advancements in healthcare in the last 50 years; arming patients with the information to move to the center of their care journey, providing providers with the information to practice more personalized medicine, helping pharma companies and innovators to develop new treatments and drugs faster and cheaper, helping payers advance value-based care and dramatically lowering the cost of care. 

What we offer….

At Ciox we offer all employees a place to grow and expand their current skills so that they can not only help build Ciox into the greatest health technology company but create a career that you can be proud of.

We offer you complete training and long-term career goals.

Our environment is what most of our employees are the proudest of and our IT Security Team is comprised of some of the brightest and most talented individuals. Give us just a few moments to explain why we need you and hope you will help us change how the Health Industry manages its’ medical records and strive to Make A Difference in the lives of all patients.

What we need…

The Deputy CISO will manage a team of subject matter security experts to architect, design, build and operate the information security infrastructure for both cloud and on-premises environments.

This information security infrastructure provides first-line controls in a defense-in-depth approach to advanced security technologies, processes, and procedures to protect the firm’s business practices and assets.

The Deputy CISO will be offered the opportunity to grow this role as our company grows in market share.

This will be a 100% remote role with visits to Corporate Office in Alpharetta, GA when needed. 

Responsibilities

Principle Responsibilities

  • Interface with senior stakeholders across the IT leadership team to proactively interpret risks and priorities, including Infrastructure Engineering Leads, Application Development Leads, the CISO and the CDO.
  • Architect and execute on a multi-year information security technical roadmap to enable a modern and sustainable technology platform to support healthcare innovation.
  • Lead day-to-day team operations to monitor, troubleshoot, and ensure optimum performance of information security infrastructure.
  • Lead advanced security analytics efforts for continuous monitoring of the technology environments and support platform modernization efforts in container and microservices architecture.
  • Lead a security red team for code releases and proactive pen testing
  • Manage relationship with external security vendors and support incident response and remediation efforts.
  • Work with Compliance team on security policy, standards and procedures to ensure they align with NIST controls and support the business strategy
  • Recruit, train, motivate, mentor, and lead experienced security team to deliver the team’s strategic initiatives in both an engineering and operations standpoint.
  • Support the diversity and inclusion strategy by implementing actions that ensure opportunities for employees and diverse business partners.
  • Responsible for security budget and monthly financial tracking including project spend as well as operational spend

Security Technology Leadership

  • Operate as a Security Architect and work with CISO to implement a multi-year vision for a target security architecture that includes advanced security technologies, practices, and processes.
  • Effectively communicate best practices and standards for the implementation of security technologies.
  • Be an authoritative voice and articulate convincingly the security risks and rationale for prioritized solutions in a risk-based approach that outlines risk tradeoffs and tolerance.
  • Encourage a culture of security awareness and evangelize security best practices and principles with application development teams.
  • Provide mentoring and empowering to team members through technology leadership.

Security Operations Support

  • Oversee and maintain 24x7x365 coverage and support for security systems
  • Oversee daily operational processes for all information security systems and adhere to change control processes.
  • Other responsibilities include and are not limited to: participating in tier 2 and tier 3 security operations support and in information security incident handling as well as identifying security issues risks and developing mitigation plans.

Qualifications

What you need…

  • Minimum of 10 years of experience in IT and managing complex, highly technical security infrastructure environments 
  • Hands-on experience working with a wide range of security technologies: next-generation firewalls, intrusion detection and prevention systems (IDS/IPS), proxy infrastructure, web application firewalls (WAFs), endpoint security stacks, privileged access management tools, network security, data encryption, vulnerability management tools, DNS security, container security, identity and access management, and etc.
  • Experience with security analytics and SIEM tools for advanced continuous monitoring to review potential non-compliance and risks/threats.
  • Knowledge of Secure Software Development Life Cycle (S-SDLC), application security frameworks, design patterns, and assessment tools.
  • Knowledge in DevOps and CI/CD pipeline management.
  • Experience in developing in-depth security architecture standards, frameworks and design patterns in all aspects of cloud computing including the server, application, network, and data layers.
  • Experience in next generation security architectures including the design, configuration, and operation of network architectures with vendor extranets, public cloud providers, container-based architecture, microservice architecture, and partner networks.
  • Experience working with Authentication and Authorization services.
  • Experience with penetration testing and forensics best practices.
  • Ability to evaluate and recommend new and emerging security products and technologies.
  • Ability to listen and integrate ideas from diverse views, build and maintain respectful relationships, collaborate with others, and resolve conflicts constructively.
  • Demonstrated commitment to diversity and inclusion.
  • Bachelor’s Degree in Information Security or Computer Science or Computer/Electrical Engineering, and/or equivalent field experience
  • Demonstrated ability to work within an inclusive work environment, as well as to manage and develop staff resources.

What makes you stand out…

  • Experience with Healthcare services or related verticals with significant Compliance and Regulatory requirements.
  • Professional Security Certification (e.g., CISSP, GIAC, CISA)
  • Master’s Degree 

Related Post

Office AgentOffice Agent

Job Description: The work of an Office Agent includes but is not limited to counter customer services, computer data entry, international cargo documents handling, retrieve import / deliver export documents