CISO, Chief Information Security Officer
San Jose, CA
With over 400M connected medical devices worldwide and the value of the healthcare Internet of Things (IoT) market valued at $163 billion, it’s no surprise that venture funding in the Digital Health space has hit record highs year after year. What’s clear is that all of healthcare’s future products – medical devices, combination products, wearables, Software as Medical Device and more – will all be digitally driven.
A leader in the digital health space is BrightInsight, the VC-backed Silicon Valley startup that provides the leading global regulated IoT platform for the world’s top biopharma and medtech companies.
We are a team of experienced professionals who have first-hand experience building and scaling digital health solutions within the regulated healthcare space. We are passionate about what we do and wholeheartedly believe in our vision to transform patient outcomes globally by bringing the power of digital technology to healthcare.
Since launching the BrightInsight Platform in 2018, we have secured a number of top-tier customers, including announcements with 4 of the world’s top 20 biopharma companies. Our award-winning platform was selected as the “Best IoT Healthcare Platform” in the 2019 MedTech Breakthrough Awards, Google Cloud’s Partner of the Year for Healthcare for two consecutive years, was featured as the cover story for CIOReview Magazine’s “20 Most Promising Biotech Solution Providers 2019, and was included in The Journal of mHealth's “2020 Global Digital Health 100”.
If you enjoy working with solution-oriented, driven colleagues in an agile, beaurocratic-free environment, then come join us at BrightInsight.
- Overall responsibility for BrightInsight’s reputation as a best-in-class secure cloud solution that customers, patients, and providers trust with sensitive personal and health data
- Own BrightInsight’s information security organization, consisting of direct reports and indirect reports. This includes hiring, training, staff development, performance management and annual performance reviews
- Deep understanding and application of information security management framework based on the following: International Organization for Standardization (ISO) 2700X, FDA, CE, HIPAA, HITRUST, etc.
- Build information security policies, standards and guidelines; oversee the approval, training, and dissemination of security policies and practices.
- Overall responsibility in achieving and maintaining relevant certifications to continue BrightInsight’s position as leader in Security and Data Privacy
- Liaise with BrightInsight’s IT and Engineering teams to ensure alignment between the security and development practices, ideally understands SSDLC and/or SDLC in a regulated environment.
- Driving security operations cross-functionally, including proactive review and management of vulnerabilities to reactive engagement during an incident, and everything in between. Teams in Product Security, Platform Security, Engineering, and Operations will partner with the information security organization to deliver exceptional security for customers
- Manage risk-based process for vendor security risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
- Provide risk guidance for Product Engineering & Platform Engineering projects, including the evaluation and recommendation of technical controls.
- Represent security expertise of BrightInsight to current and potential customers
- Guide the company through internal and external audits, examinations and reviews related to security and participate in cross-functional teams in connection with regulatory and other audits and examinations.
- Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) is desirable.
- Minimum of 10 years of experience in a combination of risk management, information security, security operations, and Product Engineering roles. At least 4 years in a senior leadership role in security.
- Relevant experience managing security for companies that leverage cloud technologies such as Amazon Web Services (AWS), Google Cloud Platform (GCP), or Azure and / or offer platform as a service (PaaS) with security commitments to customers and partners.
- Relevant experience working in the healthcare/life sciences industry with a deep understanding of regulatory frameworks such as ISO, GDPR, FDA, CE, HIPAA, HITRUST, etc. is highly desired.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Must be able to effectively liaise with internal direct reports and senior management as well as external customers, clients, partners and stakeholders.
- Must be a critical thinker, with strong problem-solving skills.
- Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
Here are a few examples of what you’ll get for the great work you provide:
- Full range of medical benefits, dental, vision, etc.
- Life Insurance
- Matching 401K
- Paid Time Off
BrightInsight is an Equal Opportunity Employer and employment selection decisions are based on merit, qualifications, and abilities. BrightInsight does not discriminate in employment opportunities or practices on the basis of: age, race, religion, color, sex, national origin, marital status, sexual orientation, gender identity, veteran status, disability, pregnancy status or any other status protected by law. BrightInsight provides reasonable accommodation so that qualified applicants with a disability may participate in the selection process. BrightInsight will contact you if it is determined that your background is a match to the required skills required for this position. Thank you for considering a career with BrightInsight.