ABOUT THIS JOB

The Director of Information Security reports to the Chief Technology Officer and works closely with all technology and business leadership. The Director of Information Security acts as a risk leader within the organization. The Director of Information Security is responsible for establishing, implementing, monitoring and enforcing information security standards and policies. Responsible for building an information security-conscious culture and system security infrastructure built on best practices and regulatory requirements.

YOUR RESPONSIBILITIES

• Develop, implement and monitor a comprehensive enterprise information security program to ensure that the integrity, confidentiality and availability of information that is owned, controlled or processed by the organization.
• Safeguard all parts of the Bright Health technology landscape from digital threats and data breaches.
• Integrate Information Security risk management into business decisions and operations.
• Advise leadership on necessary security controls and processes to protect the enterprise and the business units commensurate to the assessed level of risk.
• Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training and dissemination of security policies and practices.
• Develop and manage the information security budget.
• Coordinate information security projects with resources from IT and business unit teams.
• Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize risk and audit findings.
• Oversee security of all vendors and partners.
• Manage security incidents and events, ongoing risk assessments, risk remediation efforts and implementation of systems to protect corporate IT assets, including intellectual property, regulated data and the company’s reputation.
• Monitor the external threat environment for emerging threats. Balance the protection of information assets with the needs of the business.
• Manage and develop information security staff.

DESIRED EDUCATION AND EXPERIENCE

• Minimum of 10+ years of progressive experience in information security with a combination of risk management, information security and IT jobs.
• Minimum of 4 + years of experience in a leadership role with increasing levels of responsibility.
• Familiarity with information security management frameworks.
• Hands-on experience with multiple security technologies such as Firewalls, Intrusion Detection/Prevention Systems, Vulnerability Scanning, WAF, Wireless LAN, NAC, DLP, DDoS Mitigation, WAN security, SIEM, Content Filtering, Cloud Security gateways, Secure Proxies, and crypto solutions.
• Experience with information security in a HIPAA compliant environment
• Familiarity with leading laws, regulations, standards and best practices for HITRUST, CSA CCM, NIST, ISO, PCI, Sarbanes Oxley, CCPA, and EU GDPR
• Broad experience with Cloud-based technologies: Amazon Web Services (AWS), Google Cloud, Microsoft Azure, G Suite, Salesforce, or other Cloud-based technologies

LICENSURES AND CERTIFICATIONS

• CISSP required
• CISM, CERT, CISA preferred
• CCSP preferred

ABOUT US

At Bright Health, we brought together the brightest minds from the health care industry and consumer technology and together we created Bright Health: a new, brighter approach to healthcare, built for individuals. Our plans are easy to manage, personalized and more affordable, giving people the quality care they deserve. Through our exclusive care partnerships with leading health systems in local communities we are reshaping how people and physicians achieve better health together.

Bright Health is tripling its footprint in 2019 to offer a variety of health insurance plans to more individuals. Bright Health operates health insurance offerings across Individual and Family Plan segments and the Medicare Advantage space in Alabama, Arizona, Colorado, Ohio, New York and Tennessee.

We’re Making Healthcare Right. Together. 

We've won some fun awards like: Great Places to Work, Modern Healthcare, Forbes, etc. But more than anything, we're a group of people who are really dedicated to our mission in healthcare. Come join our growing team!

As an Equal Opportunity Employer, we welcome and employ a diverse employee group committed to meeting the needs of Bright Health, our consumers, and the communities we serve. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

BRIGHT ON!