Director of Information Security

Propelus, a workforce compliance management technology leader, is modernizing how dedicated professionals, their employers, regulators, and partners work better together.  For over 20 years, Propelus solutions — CE Broker, EverCheck, and Immuware — have propelled the careers of millions through its Dynamic Professional Management platform, which provides workforce and talent management software.

Our innovative technology ensures a safer workforce, streamlines operations, and helps connect the complex workforce ecosystem, powering access to vital data, services, and support with unparalleled strategic partnerships to power our nation's critical compliance programs and safeguard our communities.Learn why Propelus is trusted by over 5 million professionals: https://propelus.com/.

Description |  The Director of Information Security (IS) is responsible for the provision of the Information Security function of the company, including offices,  data centers, AWS, Azure and covering a range of tactical, operational and strategic activities. In addition to having strong leadership skills in order to coordinate and manage required projects, analytical and critical thinking skills; and the ability to take the initiative when required to ensure compliance with Information Security standards and best practices.   

Experience in Healthcare SaaS/IT is desirable along with achieving certifications in HIPPA, NCQA, StateRamp and SOC2.

Responsibilities | Duties of this position include but are not limited to:

• Spearhead an ongoing risk analysis methodology to analyze the efficacy of information security protocols in both the software products and operational processes of the company.

• Constantly assess changing security risks and ensure that proportionate measures are in place to protect critical IT systems and software development operational practices, proactively communicate with internal stakeholders on any recommendations, and execute their successful implementation.

• Perform ongoing in-depth analysis of company operations, products and development practices to maintain a detailed organizational/operational view that allows for the definition, development, implementation and enforcement of a tailored information security program.

• Confidently, effectively and, as applicable, persuasively communicate with external and internal stakeholders on IS topics ranging from audit results, responding to IS questionnaires, IS policies and procedures, and adherence to industry best practices and recommendations as a result of risk analysis.

• Thought-lead and independently drive the company’s entire security strategy, to include development or revision and execution of applicable policies, procedures and employee training programs to support that strategy according to industry best practices.

• Lead a response group for security incidents to affirmatively address the problems related to information security within the company.

• Review emergency response and business continuity plans and ensure that they are current, proportionate and relevant.

• Directly manage all external audits focused on information security, including security assessments and SOC, etc., to evaluate the maturity of security practices within the company and timely execute remediation of any vulnerabilities.

• Passionately drive an information security culture running throughout the company.

• Own all compliance monitoring processes across all security policies companywide.

• Implement and maintain technical and physical safeguards and best practices for critical IT systems.

Qualifications & Desired Skills | 

• Bachelor's degree in information technology, information security, computer science or a related field.

• Security-related certifications such as CISSP, CISA, CISM, GIAC, HCISPP, CHC, CHPC or CHSP.

• Minimum 7+ years IT or Information Security progressive leadership experience.

• Expertise and experience in a variety of domains such as application development, application security, security operations, cybersecurity monitoring, vulnerability management, incident management & response, identity and access management, and cloud infrastructure (AWS).

• Experience in IT security solutions and deployments, such as vulnerability scanning, penetration testing and application security testing.

• Established knowledge with respect to data privacy compliance (such as CCPA), governance, and compliance frameworks such as HIPAA, HITRUST, NIST CSF, ISO2700X, PCI-DSS, and SOC, and with driving a compliance program in accordance with such frameworks (specifically to include SOC).

• Full understanding of security best practices, able to develop, implement, manage and administer security policies, procedures and guidelines.

• Passion to remain current on information security industry trends, standards, tools, techniques and procedures and affirmatively implement relevant changes to internal IS protocols.

• Live by a sense of personal responsibility and accountability, taking ownership and initiative over all issues within the IS scope with minimal supervision or direction.

• Experience building and leading an exceptional team, with the capability to develop and guide junior information security and IT team members.

• Adept at relationship building and partnering with technical and business leaders across the company.

• Comfort working with executive management to integrate controls into the scope of existing business practices and, as applicable, recommended new practices.

• Excellent verbal and written communication skills, comfortable drafting policies, creating reports, and presenting issues to all levels of internal and internal stakeholders from executive leadership, to customers, to outside auditors.

• Knowledge of the security vendor marketplace and the ability to efficiently manage third party security providers and navigate third-party information security attestations, audits and standards.

• Experience working within a software development company and/or the healthcare industry.

• An ability and willingness to travel on occasion (approximately quarterly) both within the US and internationally, as needed 

• Awarded one of BuiltIn's 2023 Best Place to Work and 7 years running by Outside Magazine!

• Professional development allowance to help you grow in the ways that mean the most to you.

• Flexibility for balancing work with the rest of life and ample PTO, including paid time off for volunteering and for becoming a new parent.

• 401K with company matching, as well as financial planning education and resources.

• Employees choose from HSA, FSA and traditional insurance options for medical, dental, and vision coverage for themselves and dependents.

• Wellness benefits - we’ll help you pay for fitness endeavors and organic produce delivery services.

• Check us out for yourself at our careers page or our Propelus culture Instagram accounts.

We are an equal opportunity employer and value diversity at Propelus. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Candidates from all backgrounds are encouraged to apply.

Full time positions are scheduled to work 40 hours per week, M-F unless required otherwise by projects. Part time positions are scheduled to work a maximum of 30 hours per week (all part time positions will be specified in the job title.) This job is open to candidates authorized to work in the US and located within US borders.