Sr. Director, Information Security

About Employer Direct Healthcare

Employer Direct Healthcare is focused on giving access to quality & affordable healthcare for our members. We understand and have experienced the challenges of navigating specialized healthcare and we are dedicated to making a change.

We partner with large self-funded employers to create a benefit program for specialized care. We connect with high-quality providers to give our members peace of mind when going into surgery. And we support our members by helping them navigate the tricky aspects of healthcare; whether that be selecting a doctor, scheduling appointments, or following up after a procedure has been completed to make sure our members are feeling better.

About You:

• You have a drive and AMBITION to tackle big problems. Big problems required big ideas and a team that supports new ideas.
• You CARE deeply for your customers. Your customers aren't just the individuals using your product. They are the driving factor in your motivation to make a change.
• You thrive in a TEAM ENVIRONMENT. Collaboration is key in innovation and creating change.
• A DIVERSE environment is incredibly important to you. You understand and desire to be a part of a diverse team with different experiences and perspectives & you cherish the differences in each individual that you interact with.
• You are DETAIL ORIENTED, but more so, focus on the execution of your content while balancing a fast-paced environment.
• You understand that PROGRESS is critical to making change. You take the time to celebrate the small and big wins. Understanding that each improvement to a process helps move towards a greater change.
• INTEGRITY guides you in life. Focusing on the truth versus just giving people the answers they want to hear.

If this sounds like you, we would love to connect to speak further about career opportunities at Employer Direct Healthcare.

Please apply to our role & someone from our HR Team will reach out to help you navigate our interview process.

Director, Information Security

In this role, you will be responsible for managing the information security program and execution of overall security and technology compliance operations in order to ensure EDH information assets and technologies are adequately protected. You with allocated staff members, and where applicable, outsourcing partners will work to identify, develop, implement, and maintain processes and technologies across the company to ensure security risks are adequately monitored, mitigated, and managed. Your ownership will span across various technical security and compliance functions that includes Access management, Incident response, technical audit/risk assessment, vulnerability management, and other security operations for EDH. as expected by the CIO, CEO, and the Executive Management Team (EMT).

Location: Onsite - Dallas, TX

Reporting to CIO, this role -

• Is critical to ensuring the security program is effective at identifying, detecting, responding, and recovering from a cybersecurity event.
• Represents Information Security to the rest of the company; and ensures that the security program evolves to keep pace with the threat environment.
• Is the interface between the CIO's strategic activities and the cybersecurity technology-focused need in the IT organization.
• Will translate the IT-risk requirements and constraints of the business into specifications for implementation and develop metrics for ongoing performance measurement and reporting.
• Will coordinate technical activities to implement and manage security infrastructure, and to provide regular status and service-level reports to the CIO.
• Will lead security team members and prioritize work efforts for optimal balance between operations tasks and startegic security efforts
• Will balance capacity for security needs across multiple IT teams
• Will coordinate portions of Vendor relationship management as required within the scope of Security needs
• Will represent strategic security intent, program progress and operational metrics for EDH Technology leadership at extended leadership panels among other EDH department leaders
• Should be capable of managing technical staff as they work to accomplish development goals.
• Should possess documentation and presentation skills, analytical and critical thinking skills, and the ability to identify needs and take initiative.

Responsibilities and Duties

• Develop a security vision and program along with security projects that address identified risks and business security requirements
• Develop and manage Information Security standards and procedures that are consistent with generally accepted Information Security practices and professional security standards
• Lead and coordinate operational components of threat and cyber-attack management, including detection, response, and reporting
• Drive the technical compliance and audit program that enables EDH to maintain its accreditation in relation to cybersecurity and incident response such as SOC 2 Type 2, HITRUST etc
• Oversee the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, and communicate information about residual risk
• Manage the process of gathering, analyzing, and assessing the current and future threat landscape, including realistic overview of risks and threats in the company environment
• Establish practices to research, evaluate, design, test, recommend, or plan the implementation of new or updated information security hardware or software and its impact
• Provide technical and managerial expertise for the administration of security tools
• Monitor compliance and propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance
• Define metrics and reporting strategies that effectively communicate successes and progress of the security program.
• Manage outsourced vendors that provide information security functions
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are following policies and audit requirements
• Design, coordinate and oversee security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks
• Work with various stakeholders (IT, Legal, Finance, Operations etc.) to identify information asset owners to classify data and systems as part of a control framework implementation
• Assist resource owners and IT staff in understanding and responding to security failures, production issues, incidents, and change management needs
• Facilitate security communication, awareness, and training for company audiences
• Manage the staff of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching
• Work on special projects as requested and performs other duties as assigned

Requirements

• A bachelor's degree in information systems or equivalent work experience.
• 10+ years of IT experience, with 3+ years in an information security role • Relevant certifications such as HCISSP, CISM or GSP/E is highly preferred.
• Healthcare / HIPAA / HITRUST experience is highly preferred.
• Experience with common information security management frameworks, such as ISO-27001, NIST cybersecurity framework, CSA, HITRUST CSF and other leading-edge security frameworks.
• Experience in application technology security testing (white box, black box, and code review).
• Experience in technology security testing (vulnerability scanning and penetration testing).
• Familiarity with the principles of cryptography and cryptanalysis.
• Strong understanding of the business impact of security tools, technologies, and policies.
• Strong leadership abilities to drive information security culture throughout the company.
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT teams, business personnel and executives.
• Excellent understanding of security concepts, protocols, best practices, and strategies.
• Experience working with legal, audit and compliance staff.
• Experience developing and maintaining policies, procedures, standards, and guidelines.
• Proficiency in performing risk, business impact, control, and vulnerability assessments, and in defining treatment strategies.
• Strong analytical skills to analyze requirements and relate them to appropriate security controls

Benefits

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Short & Long Term Disability
• Life Insurance
• 401k with company match
• Paid Time Off
• Paid Parental Leave

This role is onsite in our Dallas, TX office