Information Security Manager
Hi, we’re findhelp. Nice to meet you.
We’re changing the way people connect to social care programs.
Findhelp launched 10 years ago in Austin, TX and has helped over 7 million people. We make it easy to find food, health, housing and employment programs in seconds at findhelp.org.
We’re powered by tech, driven to do good, and looking for passionate people. Our mission is to connect all people in need and the programs that serve them (with dignity and ease).
If our mission strikes a chord we’d love for you to keep reading.
The Work
In this work, privacy and security are a top priority and foundational to all that we do. For example, we work with health insurers, hospital systems, schools and universities, city and state governments, and more, to reach people in need. Therefore, it is of the utmost importance that we protect our customer’s and our user’s data by delivering against the Security, Privacy, and Compliance commitments we make to our diverse constituent groups. To ensure we do this, we seek to hire an Information Security Manager who will serve as the Deputy CISO responsible for executing our Information Security Program.
Our Information Security program attained HITRUST status in 2019. This role is a critical part of our strategy to maintain our compliance status while incrementally improving our security program and modernizing our platform architecture. Strong process skills and an ability to pull alongside the product engineering teams to evaluate the security impact of changes are a must for any successful candidate.
The Ideal Candidate
The ideal candidate is a hands-on security evangelist, who excels at making tangible abstract notions such as logical access control or separation of duties when working across the business. They are confident in their ability to establish processes by putting “pen to paper” to document the current state, with an eye towards continuous improvement in the future. This candidate is excited to learn the ins and outs of executive communication and corporate governance while bringing their deep expertise as a subject matter expert and an individual contributor to the executive leadership committee. Findhelp takes its customer commitments seriously and is expecting this hire to be the first line of defense to ensure our senior leadership is informed and effective when it comes to managing our security, privacy, and compliance risks.
This skillset and experience level can expect to command 150-195 base salary, with higher pay bands associated with more excellent experience serving in a CISO or vCISO capacity. Ideal candidates will be excited to have access to senior management and gain experience coaching executives on managing cybersecurity risk. Additionally, they understand this role to be one that will require them to serve as a shining example of what being an independent contributor looks like on the security team.
Candidate Strengths:
Ideal
· Has deep technical expertise both in cloud technology and information security within an agile, DevOps engineering culture
· Has strong business acumen and experience communicating with C-Suite
· Has managed policy and procedures before in a formal manner
Acceptable
· Has deep technical expertise in cloud security, but not NIST or healthcare compliance
· Has not managed policy and procedure formally, but has expert process management skills
· Lacks experience communicating with C-Suite
Risky
Has not managed individual contributors
Is not confident in process skill set – Documentation, Design, Execution, and Improvement
Does not have any cloud experience
Thinks manual asset inventories are good enough
What You'll Do:
- Facilitate Executive Risk Committee meetings and continuously improve the effectiveness of risk management processes
- Review, Update, and Maintain Information Security policies and procedures as well as the company risk register
- Respond to customer requests for information regarding our cybersecurity and compliance posture (Cybersecurity Questionnaire’s)
- Support Annual HITRUST and HIPAA audits
- Develop findhelp’s information security program using the NIST 800-171 framework
- Manage the security operations team comprising of security analysts and an embedded security engineer
- Work with the Engineering department to develop a secure software development lifecycle (S-SDLC)
- Translate security and compliance requirements into technical controls that can be developed by the engineering department and embedded into the platform
- Review new technologies and evaluate their impact on current and future compliance requirements
- Mature security operations through needs analysis, selection, configuration and monitoring of security tools such as:
o Security Information and Event Management (SIEM) systems
o Web Application Firewalls – WAF
o Endpoint Protection Systems – EDR
o Intrusion Detection and Protection – IDS/IPS
o Cloud Security Posture Management - CSPM
Key Experience/Requirements:
- CISSP or CISM certification
- 3+ Years working as an Information Security Manager or Process Lead for a HIPAA or HITRUST organization
- Deep understanding of Risk Management processes and principles
- Technology selection and vendor management experience
- Experience managing individual contributors and providing critical feedback
Nice-to-Have
- A Cloud Security Certification on GCP/Azure/AWS
- Lean/SixSigma experience or greenbelt certification
Perks at findhelp:
- 401k & stock options
- Free food and onsite gym
- Paid maternity/paternity leave
- Competitive PTO & 10 paid holidays
- Health, dental, and vision insurance
- Pet friendly office with attached dog park
- 24/7 access to telemedicine and counseling
We value being together
We believe being together enables stronger relationships, collaboration, and culture.
You can expect to be in-office if you’re applying in cities we currently have offices (Austin, TX and Denver, CO).
We’re building a diverse, inclusive team
You’re welcome here. We want to help connect everyone to the help they need. So we want to build a company that represents your community.
But talk is cheap. We like action. Here are a few things that show we mean business.
-Unconscious bias training for every team member
-Justice Equity Diversity and Inclusion (JEDI) committee
Findhelp is proud to be an Equal Opportunity Employer. We are building a company whose employees understand our users, through their own lived experiences. This means we strive to hire employees that are diverse by race, gender, gender identity, gender expression, age, religion, sexual orientation, physical abilities, veteran status and socio-economic upbringing.