Head of Security
Palo Alto
About Hippocratic AI
Hippocratic AI’s mission is to develop the first safest focused Large Language Model (LLM) for healthcare. The company believes that a safe LLM can dramatically improve healthcare accessibility and health outcomes in the world by bringing deep healthcare expertise to every human. No other technology has the potential to have this level of global impact on health.
The company was co-founded by CEO Munjal Shah, alongside a group of physicians, hospital administrators, healthcare professionals, and artificial intelligence researchers from El Camino Health, Johns Hopkins, Washington University in St. Louis, Stanford, Google, and Nvidia. Hippocratic AI has received a total of $120M in funding and is backed by leading investors, including General Catalyst, Andreessen Horowitz, Premji Invest, and SV Angel.
About the role:
As the Head of Security at Hippocratic AI, you'll lead the charge of ensuring the security of our cloud and AI products as well as corporate data and IP. Your role involves developing and managing comprehensive information security programs, navigating compliance standards, and guiding risk management efforts to uphold our commitment to responsible and ethical AI practices in healthcare.
Responsibilities:
1. Develop and Manage Information Security Program:
- Formulate and enhance a comprehensive information security risk-based program to ensure the integrity, confidentiality, and availability of information assets.
- Establish an IT security architecture roadmap identifying security controls aligned with the organization's security priorities.
2. Policy Development and Compliance:
- Develop, maintain, and promote information security policies, standards, and guidelines, ensuring compliance with contractual obligations, corporate policies, and legal/regulatory requirements.
- Demonstrate knowledge and experience with relevant legal and regulatory requirements, including SOX, PCI DSS, HITRUST, HIPAA Privacy & Security, and other CMS regulations and guidelines updated by the Federal Government.
3. Training and Awareness:
- Develop and manage information security and risk management awareness training programs for employees, contractors, and approved system users.
4. Risk Assessment and Management:
- Guide the information security risk assessment process, overseeing treatment efforts in collaboration with the Compliance Director.
- Identify, assess, and prioritize IT risks, advising stakeholders on appropriate courses of action to mitigate or eliminate risk.
5. Vendor Risk Management:
- Develop and implement a process to manage vendor risk, including assessment and remediation efforts related to partners, consultants, and service providers.
6. Incident Management:
- Establish and implement an incident management process, collaborating with the Compliance Director to identify, respond, contain, and communicate security incidents.
7. Strategic Guidance and Reporting:
- Provide strategic risk guidance for corporate IT projects, including evaluation and recommendation of technical standards and controls.
- Manage an information security budget, providing regular reporting on the program's status to the senior leadership team and stakeholders.
8. Metrics and Reporting Framework:
- Facilitate a metrics and reporting framework to measure program efficiency and effectiveness, ensuring appropriate resource allocation and increasing security maturity.
- Demonstrate knowledge of common information security management frameworks, such as NIST.
9. Build out the Security and Compliance Organization
- Start out overseeing our managed service team and begin to build out a team as the company and function scales
Qualifications:
Education:
- Bachelor's degree in Information Security, Computer Science, Management of Information Systems, or a related field. Master's degree preferred.
Experience:
- Minimum of 10 years of experience in risk management, information security, and information technology, with at least 4 years in a senior leadership role.
Skills and Abilities:
- Excellent communication skills with the ability to convey security and risk-related concepts to technical and non-technical audiences.
- Proven track record in developing information security policies and executing programs in dynamic environments.
- Familiarity with relevant legal and regulatory requirements in healthcare.
- Strong analytical and project management skills with the ability to work in a demanding, dynamic environment.
- Possess a professional security management certification, such as CISSP, CISM, CISA, or other similar credentials.
- Knowledge of various healthcare-related code sets such as CPT-4, ICD-9/10, LOINC, SNOMED, etc.
Other Attributes:
- High personal integrity, ability to handle confidential matters, and demonstrate judgment and maturity.
- Initiative, dependability, and ability to work with minimal supervision.
Hippocratic AI is an Equal Opportunity Employer. Join us in reshaping the future of healthcare through innovative AI solutions.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Artificial Intelligence CISA CISM CISSP Cloud Compliance Computer Science HIPAA HITRUST LLMs NIST PCI DSS Privacy Risk assessment Risk management SOX
Perks/benefits: Career development Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cyber Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Penetration Tester jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Senior Network Security Engineer jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open SaaS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open DoD-related jobs