Head of Security

About Hippocratic AI

Hippocratic AI’s mission is to develop the first safest focused Large Language Model (LLM) for healthcare. The company believes that a safe LLM can dramatically improve healthcare accessibility and health outcomes in the world by bringing deep healthcare expertise to every human. No other technology has the potential to have this level of global impact on health.

The company was co-founded by CEO Munjal Shah, alongside a group of physicians, hospital administrators, healthcare professionals, and artificial intelligence researchers from El Camino Health, Johns Hopkins, Washington University in St. Louis, Stanford, Google, and Nvidia. Hippocratic AI has received a total of $120M in funding and is backed by leading investors, including General Catalyst, Andreessen Horowitz, Premji Invest, and SV Angel.

About the role:

As the Head of Security at Hippocratic AI, you'll lead the charge of ensuring the security of our cloud and AI products as well as corporate data and IP. Your role involves developing and managing comprehensive information security programs, navigating compliance standards, and guiding risk management efforts to uphold our commitment to responsible and ethical AI practices in healthcare.

Responsibilities:

1. Develop and Manage Information Security Program:

   - Formulate and enhance a comprehensive information security risk-based program to ensure the integrity, confidentiality, and availability of information assets.

   - Establish an IT security architecture roadmap identifying security controls aligned with the organization's security priorities.

2. Policy Development and Compliance:

   - Develop, maintain, and promote information security policies, standards, and guidelines, ensuring compliance with contractual obligations, corporate policies, and legal/regulatory requirements.

   - Demonstrate knowledge and experience with relevant legal and regulatory requirements, including SOX, PCI DSS, HITRUST, HIPAA Privacy & Security, and other CMS regulations and guidelines updated by the Federal Government.

3. Training and Awareness:

   - Develop and manage information security and risk management awareness training programs for employees, contractors, and approved system users.

4. Risk Assessment and Management:

   - Guide the information security risk assessment process, overseeing treatment efforts in collaboration with the Compliance Director.

   - Identify, assess, and prioritize IT risks, advising stakeholders on appropriate courses of action to mitigate or eliminate risk.

5. Vendor Risk Management:

   - Develop and implement a process to manage vendor risk, including assessment and remediation efforts related to partners, consultants, and service providers.

6. Incident Management:

   - Establish and implement an incident management process, collaborating with the Compliance Director to identify, respond, contain, and communicate security incidents.

7. Strategic Guidance and Reporting:

   - Provide strategic risk guidance for corporate IT projects, including evaluation and recommendation of technical standards and controls.

   - Manage an information security budget, providing regular reporting on the program's status to the senior leadership team and stakeholders.

8. Metrics and Reporting Framework:

   - Facilitate a metrics and reporting framework to measure program efficiency and effectiveness, ensuring appropriate resource allocation and increasing security maturity.

   - Demonstrate knowledge of common information security management frameworks, such as NIST.

9. Build out the Security and Compliance Organization  

- Start out overseeing our managed service team and begin to build out a team as the company and function scales 

Qualifications:

Education:

  - Bachelor's degree in Information Security, Computer Science, Management of Information Systems, or a related field. Master's degree preferred.

Experience:

  - Minimum of 10 years of experience in risk management, information security, and information technology, with at least 4 years in a senior leadership role.

Skills and Abilities:

  - Excellent communication skills with the ability to convey security and risk-related concepts to technical and non-technical audiences.

  - Proven track record in developing information security policies and executing programs in dynamic environments.

  - Familiarity with relevant legal and regulatory requirements in healthcare.

  - Strong analytical and project management skills with the ability to work in a demanding, dynamic environment.

  - Possess a professional security management certification, such as CISSP, CISM, CISA, or other similar credentials.

  - Knowledge of various healthcare-related code sets such as CPT-4, ICD-9/10, LOINC, SNOMED, etc.

Other Attributes:

  - High personal integrity, ability to handle confidential matters, and demonstrate judgment and maturity.

  - Initiative, dependability, and ability to work with minimal supervision.

Hippocratic AI is an Equal Opportunity Employer. Join us in reshaping the future of healthcare through innovative AI solutions.