About the Job

As our Director, Security and Compliance, you will help build and lead a team and function responsible for designing, implementing, and managing Information Security and Compliance measures within our company. You will serve as both a leader and strategist and help inform our overall Technology roadmap, ensuring security is top of mind and built into what we do, not just an afterthought. You will also play a hands-on role in performing security and compliance related activities.

This role is fully remote and reports to the VP of Technology and Security at Redesign Health.

What you'll do

• Responsible for developing, implementing, maintaining, and monitoring a strategic comprehensive enterprise cybersecurity and IT risk management program.
  • Identifying, evaluating, and mitigating risks across the organization.
  • Drive security-related investigations and resolutions.
  • Ensure employees are trained on security related concepts, as well as our internal policies, procedures, and controls.
  • Including but not limited to:
• Provide vision, leadership, strategy, and execution to manage technology-related risks to the organization, ensuring business alignment, governance, systems availability, integrity, and confidentiality.
  • Strategically apply technology-based solutions to key initiatives for the business.
• Oversee, coordinate, and execute on information security and compliance initiatives working with executive leadership, business and functional leaders, and staff including Legal/Compliance, People Operations, Product/Engineering, Technology Operations, etc.
  • Be able to lead and manage a Security team
• Develop, maintain, publish, and update security policies, procedures, standards and guidelines.
  • Implement security and compliance solutions in partnership with Vendor Management, Technology Operations, and Product/Engineering teams with a rigorous, thoughtful, and contextual implementation process.

What you'll need (Background)

• You have 7+ years experience in Security and IT roles, and having implemented cybersecurity programs
• You have 5+ years of direct security related experience and third party risk management experience (software security principles, secure coding practices, etc) and knowing how to implement and manage Snyk, Veracode, Checkmarx, Burp Suite, OWASP ZAP, or related technologies
• You have 3+ years of experience with securing infrastructure in cloud environments such as AWS, DevOps and/or DevSecOps, as well as software engineering related cloud security experience
• You have 3+ years of experience leading a security team and success working collaboratively across departments to achieve security outcomes
• You bring a solid understanding of HIPAA compliance experience, SOC audit experience, and related regulations.
• You can demonstrate third party risk management experience (take what vendor management has built and build a security component to it)

What you will bring to the table (Specialized/Technical skills)

• You have proven technical ability with AWS Security
• You have working knowledge and technical ability with Information Security Identity & Access Management
• You hold at least 1 certification in Security & Compliance (CISSP, CISM, CISA, CISSP, etc)

Who you are (Behavioral Competencies)

• Balances Stakeholders. You understand and anticipate internal and external stakeholder requirements, expectations, and needs. You consider cultural and ethical factors in the decision-making process, and act fairly despite conflicting demands.
• Manages Complexity. You ask the right questions to accurately analyze situations and uncover root causes to difficult issues. Through acquiring data from multiple and diverse sources, you are able to make sense of complex, high-quantity, and sometimes contradictory information to solve problems.
• Communicates Effectively. You are effective in a variety of communication settings: one-on-one, small and large groups, or among diverse styles and position levels.

You will work out of one of the following locations:

In-office: New York, NY

Remote: Alabama, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, District of Columbia, Florida, Georgia, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, Wyoming.

Full-time base salary of $209,000.00 plus a competitive equity & benefits package listed under the "Why work with us?" section.