Chief Information Security Officer

Compliance/Security

Remote, United States

Now is the time to join us! 

Who are you?

As Chief Information Security Officer, you will be responsible for creating and managing a global, enterprise-wide security program to ensure that our information assets are adequately protected. Reporting directly to our Chief Information Officer, you will create strategy, policies and frameworks as they relate to application security, infrastructure security, compliance and security operations.

Our customers need to trust us with privileged access to their most sensitive data, and we need to earn and maintain that trust every day.   You will lead our seasoned and talented security team -- foster our security vision, develop the roadmap to achieve it, and mentor the team to deliver on the strategy. 

The ideal candidate will fill a visible, strategic, and high-impact leadership role within the organization. You will have excellent domain knowledge, and skills that leverage the capabilities of peers, business partners, associates and clients.  You will instill the duty to protect our systems and the data of customers, employees, investors and partners. As such, this leader must engender control, trust, accountability, transparency and urgency in the execution of his/her responsibilities.

At a high level, this executive will have a mastery of Corporate Security (vulnerability, data loss prevention, zero trust networks, etc), Operational Security (high availability cloud platform at significant scale), Product Security, and Regulatory Frameworks (certifications, global end markets, etc.). Additionally, this individual will have a passion for hiring, mentoring and building the next generation of security talent and forging valuable relationships across the organization.

In this role you will wear many hats, but your knowledge will be essential in the following:  

• Define and execute both vision and strategy for the entire company’s security risk management program to include organizational security, information technology, application security, and compliance, leveraging a combination of leadership and influencing skills to foster support for security business initiatives.
• Drives action through strong advocacy of the value of security.
• Serve as cybersecurity risk and subject matter expert and advisor for senior management on emerging threats, attacks, vulnerabilities and security concerns.
• Be aware of the developing security threats, and help the business understand the potential security implications related to ongoing projects.
• Manage all teams, and vendors involved in IT security, including hiring and developing a pipeline of talent, providing training and mentoring to security team members.
• Ensure global engineering and development teams are empowered with both the education and tools needed to incorporate security into development practices and automated build & deployment processes.
• Partner with Sales and Client Success teams to enable customer acquisition & retention, by acting as an executive sponsor to certain customers and participating in the sales cycle (e.g. meeting with customers, negotiating security/privacy language in deals, educating sales teams on security practices & capabilities, etc.
• Communicate security policies and procedures to all personnel and monitor compliance.
• Ability to adapt communication style depending on audience.
• Mature security processes to ensure our systems are monitored for security alerts, anomalies are tracked, and procedures followed when alerts triggered.
• Consult with the business to ensure systems and processes are designed & implemented with security and privacy in mind.
• Drive collaboration on information security across the enterprise, including the legal, information technology, research and engineering, services, sales, product management and finance.
• Oversee the coordination of internal and external audits or assessments of platform or internal business practices.
• Ensure compliance with global data privacy, use and sharing legislation.
• Champion secure multi-tenant SaaS architecture practices.
• Develop threat models and engage in ongoing development discussions on secure architecture
• Manage and coordinate incident response processes and teams to ensure business continuity is restored quickly as a result of a security incident.

You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

What you bring to the Personify Health team:

In order to represent the best of what we have to offer you come to us with a multitude of positive attributes including:

• 12+ years of experience leading security teams focused on all aspects of cybersecurity, including identity management, security engineering, software security, GRC, and security operations.
• 3+ years in senior leadership role at a global business.
• 5+ years of experience in securing systems running on public cloud infrastructures.
• Professional certifications such as CISSP, CISM, etc are preferred.
• Experience in taking a risk-based approach to prioritize security efforts.
• Ability to lead and motivate cross-functional teams while thriving in a fast-paced growing company.
• Demonstrated ability to build strong relationships with information security counterparts in customer and partner organizations.
• Record of successfully and directly managing budgets for information security teams.
• Excellent communication, interpersonal and leadership skills, able to communicate security concepts to both technical and nontechnical audience.
• Technical background through application or infrastructure.

Security Competencies: 

Work to maintain system and data security at a high standard, ensuring the confidentiality, integrity and availability of all Personify Health offerings is not compromised. Work with development teams to ensure adherence to industry best practice coding standards and that all code developed at Personify Health is free from bugs and security vulnerabilities such as those defined and published by OWASP. 

No candidate will meet every single desired qualification. If your experience looks a little different from what we’ve identified and you think you can bring value to the role, we’d love to learn more about you!

Personify Health is an equal opportunity organization and is committed to diversity, inclusion, equity, and social justice.

In compliance with all states and cities that require transparency of pay, the base compensation for this position ranges from 180,000-270,000. Note that salary may vary based on location, skills, and experience. This position is eligible for a target bonus as well as health, dental, vision, mental health and other benefits.

#LI-REMOTE