Information Security Manager

What youll be doing:

• Strategic Leadership: Collaborate closely with the Director of Risk and Compliance to define and oversee the execution of the companys information security strategy, ensuring alignment with business goals and compliance standards;
• Program Management: Coordinate and manage various security initiatives, from risk assessments to security tool implementations, ensuring timely completion and effectiveness;
• Incident Response: Lead the incident response process, ensuring that security breaches or vulnerabilities are addressed promptly and effectively;
• Cloud Security Oversight: Ensure that all cloud-based applications, infrastructure, and data (hosted primarily in GCP with some assets in AWS) are secure and compliant with industry standards;
• Team Leadership and Development: Directly manage and develop a dedicated team of 4-6 Security Engineers, fostering a culture of continuous improvement, skill development, and high performance. Ensure your team is empowered to take initiative, innovate, and effectively contribute to the company’s security posture;
• Collaboration: Work closely with technical teams, especially those in Infrastructure and Data, to ensure security best practices are integrated throughout the organization. Facilitate efficient interactions with other teams as necessary, especially given the companys global presence;
• Continuous Improvement: Stay updated on the latest security threats, trends, and technologies to ensure the companys security measures are up-to-date and effective.

What you need to have:

• Minimum of 8 years of related experience with a Bachelors degree; or 6 years and a Masters degree; or equivalent experience;
• Experience working in companies with security certifications such as ISO 27001 or SOC 2;
• Familiarity with cloud platforms, especially Google Cloud Platform (GCP) or Amazon Web Services (AWS);
• Familiarity with Kubernetes and Infrastructure-as-Code practices;
• Understanding of compliance requirements, especially HIPAA and GDPR;
• Excellent communication and collaboration skills;
• Strong problem-solving and analytical skills;
• Proven ability to work in a fast-paced environment and manage multiple projects simultaneously;
• Strong attention to detail and ability to deliver high-quality work.

What we would love to see:

• Preferred certifications include CISSP, CISM, PMP, and other relevant security or project management certifications;
• Experience working with Security tools such as Snyk, Wiz, SentinelOne, Croudstrike, Expel, Sophos MDR, Qualys, Nessus (including open-source alternatives);
• Experience working in companies with security certifications such as PCI-DSS, HITRUST, or FedRamp.

To ensure you feel good solving a big Human problem, we offer:

• A stimulating, fast-paced environment with lots of room for creativity;
• A bright future at a promising high-tech startup company;
• Career development and growth, with a competitive salary;
• The opportunity to work with a talented team and to add real value to an innovative solution with the potential to change the future of healthcare;
• A stimulating environment with room for creativity;
• A flexible environment where you can control your hours (remotely) with unlimited vacation;
• Access to our health and well-being program (digital therapist sessions);
• Remote or Hybrid work policy.