Head of Information Security

Head of Information Security (US - Remote)

Waymark is a team of healthcare providers, technologists, and builders whose mission is to bring the best healthcare to people with Medicaid benefits.  Guided by the communities we serve, we bring support and technology-enabled care to help primary care providers keep Medicaid patients healthy.  We are building the tools and designing an approach to enable care to reach the patients who can benefit most.  

Our core values embody the essence of what makes Waymark a unique team today, and what we look for, nurture, and sustain as a team. We are bold builders, believing that the greatest challenges in care delivery can be solved when we harness the power of community and technology. We are humble learners, seeking feedback and perspectives different from our own, and welcome challenges to our conclusions. We experiment to improve, actively seeking data to inform decisions and to assess our own performance. We act with focused urgency, our commitment to our mission drives us to tirelessly pursue results.

If this vision resonates with you, we hope you consider bringing your creativity, your energy, your curiosity to Waymark. 

About the Role

As the first Head of Information Security for Waymark, you will be responsible for advancing our core mission through the development of robust programs encompassing information security.  As an organization working with patients and providers to improve health outcomes, it is critical to build and maintain appropriate systems and safeguards designed to protect the integrity and confidentiality of information. 

You are technical, a strong operator, and strategic thinker, looking to build, improve, and scale reliable security processes whenever possible.  Your leadership of the information security program at Waymark will include all facets of cybersecurity, and the associated user experience of our remote teams, and community-based care workers.  In this role, you will chart a security roadmap that enables Waymark to partner with Medicaid Managed Care Organizations, and healthcare providers to improve health care outcomes for patients with Medicaid benefits.  You will analyze and correlate information collected from a variety of sources to identify, investigate, and report vulnerabilities in our environment, develop and implement mitigation countermeasures for identified and potential threats, and lead the resolution of identified security incidents.

Reporting to the Head of Legal and People, you will partner with and collaborate to design policies, technical controls, and audit pipelines to ensure that the information security systems meet or exceed all applicable regulatory requirements, including those related to the handling of health information.  You will interact with the broader executive leadership team to communicate evolving needs, matching the security strategy to the size and stage of growth of the company and the information we safeguard.  

This is a remote friendly position that can be located anywhere in the United States.    

Responsibilities

• Develop, implement, and oversee a cybersecurity program, road map and strategy, which includes procedures and policies designed to protect Waymark communications, systems, and assets from internal and external threats and that safeguards health information.

• Build and inspire a highly skilled and diverse team, fostering a culture of cross functional partnership, service, and continuous improvement.

• Partner with Product, Engineering, Legal, and Compliance leadership to determine risks and deploy risk management processes, supporting Waymark’s secure software development lifecycle.

• Serve as Waymark’s HIPAA Security Officer, ensuring compliance with the HIPAA Security Rule, working closely with the legal team to document, review, maintain, and implement standards, policies, and procedures within security disciplines.

• Conduct research, analysis, and correlation across a wide variety of source data to identify and prevent compromise of our networks, host systems, and data. 

• Track and report on IT network security to the Waymark executive leadership team

Minimum Qualifications

• 10+ years of experience in information technology and risk management, with a strong record of successfully managing information security, including experience working in a healthcare environment, with a strong understanding of HIPAA

• Knowledge of information security management frameworks, such as NIST cybersecurity framework

• Experience implementing cloud security technologies, including encryption, network security, intrusion detection, and could monitoring

• Excellent verbal and written communication skills with the ability to simplify complex topics for understanding and decision making by technical and non- technical audiences

• Strong people leader, demonstrated experience as an effective mentor and coach

Preferred Qualifications

• Key industry certifications in information security, such as CISSP, CISM and CISA

• Strong knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth)

• Interest in learning key healthcare data engineering approaches, architectures, and standards such as HL7 and FHIR

Salary Range: $250,000 - $300,000. Compensation will depend on multiple factors, including job location, training, education, and experience.

Benefits and Other Compensation: Medical, vision, dental, basic life insurance, and stock options available for the hired applicant.  Employees also receive twenty (20) vacation days, accrued over the year and thirteen (13) paid holidays throughout the calendar year. Sixteen (16) weeks of parental leave for birthing parents will also be available for use after successful completion of 6 months of employment, eight (8) weeks of bonding leave for non-birthing parents.  Employees are able to enroll in our 401(k) plan and commuter benefits plan.

COVID Vaccination: Waymark has adopted a policy on mandatory full vaccination to safeguard our employees, our partners, and the patients we serve from the hazard of COVID-19.  As a healthcare company, we believe it is important for our employees and actions to reflect the best available science and the interests of public health.  You will be asked to attest to your COVID vaccination status before an offer of employment is made.