Director of Information Security

Job Type

Full-time

Description

A recent study shows that men apply for a job or promotion when they meet only 60% of the qualifications, but women and other marginalized groups apply only if they meet 100% of them. So, if you think you'd be a great fit, but don't necessarily meet every single requirement on one of our job openings, please still apply. We'd love to consider your application!

At Wayspring, we are committed to furthering our value of Equity & Inclusion throughout our recruiting practices. We seek diversity of background and opinion, as we think these attributes improve the performance of our company and are the right thing to do for our communities. We recognize and remove barriers to success within our company and communities. We seek to build a recruiting process that is inclusive and fosters diversity.

Why Wayspring?

We are passionate about breaking barriers alongside those facing substance use disorder. Whether you're in the field or in the corporate office - our mission is felt, and your impact is recognized. There is no inner circle, and we all have a seat at the table. Leaders are accessible and silos are avoided. We respect your craft and love to be challenged. We invest not only in our mission, but in each other. Internal promotions and cross departmental trainings are the norm - you grow, we grow. At Wayspring, we don't just see you as an employee, we see you for who you are. a whole-person - with hobbies, pets, families, and lives outside of work. Our flexible schedule and flexible work environment options help you to create and maintain the work-life balance you need most.

Overview of the Director of Information Security

The Director of Information Security will strategically manage, develop, and mature Wayspring's Information Security Program. This position will work as a tactical and strategic leader to continue to build and mature our information security efforts to enable Wayspring's continued commitment to the security and privacy of its clients' and members' information. This is a highly collaborative and communicative role that works closely with leaders and colleagues throughout the company. You will continue to drive Wayspring's existing culture of security awareness. Wayspring is HITRUST CSF Certified.

Responsibilities for the Director of Information Security

• Manage, Develop, and Mature all aspects of Wayspring's Information Security Program.
• Deliver Information Security Subject Matter Expertise in the healthcare industry.
• Collaborate with internal business units on information security to inform, educate, and develop effective security solutions.
• Identify administrative, technical, and physical security opportunities and challenges; research, develop, and deliver solutions.
• Deliver and Communicate company security metrics and reporting.
• Ensure effective security monitoring is in place for company assets.
• Ensure application security control recommendations to company.
• Manage role-based access initiatives and help define role-based access models for use in organization and access review processes.
• Manage and improve Information Security Policies, Procedures, Guidelines, and Plans.
• Perform periodic reviews of company assets (e.g., firewalls, M365, applications) to ensure appropriate security controls are in place.
• Set physical and technological security requirements for office buildouts and remote environments.
• Perform review of Information Security deliverables to ensure accuracy, consistency, and completeness, whether in contract, RFP, or questionnaires.
• Manage the delivery of Wayspring's client information security assessments.
• Coordinate and oversee third-party assessments and penetration testing exercises.

Requirements

• 7+ years of progressive work in IT and Information Security
• A solid understanding of the Information Security vulnerabilities of healthcare organizations and their service providers
• Hands-on technical security capabilities and expertise
• Working knowledge of information security frameworks and regulations (e.g., NIST CSF, ISO/IEC 27001:2022, SOC 2 Type II, HITRUST CSF, HIPAA, etc.)
• Strong knowledge of security strategy and risk management
• Excellent verbal and written communication and ability to conduct presentations to technical, non-technical, and mixed groups
• Ability to research and communicate advanced security issues to appropriate parties
• Detailed knowledge of security technologies and trends

Company and Benefit Summary

Wayspring has reimagined substance use disorder treatment. We provide individualized care, delivered with a peer-centered approach. We focus on making sure patients have their basic needs met, like access to care, economic stability, and connection to relationships and community. Then we help each person find their own way to wellness.

• Medical, Dental, and Vision Insurance Options
• Company funded HSA
• Monthly Gym Allowance
• Paid parental leave - all parents included!
• Company-paid short term disability, long term disability, and life insurance
• Generous 401k match
• Premium Employee Assistance Program, inclusive of counseling sessions
• Company Contributions to Future Minded Savings (think 529, HSA, Student Loan Reimbursement, and Emergency savings fund)
• Generous PTO package (accrual policy based on years of service) and an additional 10 paid company holidays