Director of Information Security

Life at aptihealth

Backed by $70M in funding from world-class investors including Takeda Digital Ventures, Pivotal Life Sciences and Vista, the aptihealth team is comprised of health care, data science and technology experts passionate about transforming behavioral healthcare. aptihealth is a digital technology platform with an affiliated medical group that makes it easier for people to access speedy high quality mental health care at the right place and right time. The technology and provider group reach people who need care, connect, follow and demonstrate improved outcomes. Everything we do at aptihealth is centered on our mission to revolutionize care and to ensure that the millions of people who need and deserve it have access to it. As a curious and collaborative teammate, someone excited about tackling the hard problems in healthcare and technology, you will play a key role in making that mission a reality. Together, we’ll create and innovate transformative behavioral healthcare – for millions of people.

What we offer

• The opportunity to make life better for millions of people
• An environment of positive and super smart colleagues
• Competitive pay, benefits
• Turning innovative ideas into real-world results
• Investment in our employees
• Balancing extraordinary work with your personal life
• Encouraging curiosity and collaboration
• Priding ourselves in being diverse and inclusive
• Flexible working hours and lots of freedom in your work habits

Your Role

Reporting to the Chief Legal Officer, as the Director of Information Security, you will help identify, manage and own all internal as well as external information security demands as well as compliance needs. As AptiHealth continues to grow and scale, this Director will identify the next level of hires as needed to bolster our infosec needs. You will introduce, socialize and champion frameworks for managing risks, audits, compliances, change management, incident response/remediation in addition to other information security duties. You will partner closely with AptiHealth legal team to understand any changes in the compliance needs and translate them into execution workstreams while partnering closely with other technology leaders in engineering. The Director of Information Security (DIS) is responsible for leadership, policies, compliance, education, risk management and incident response involving all information security at aptihealth. In this critical role, you will be responsible for ensuring the confidentiality, integrity, and availability of all aptihealth software and informational assets and compliance with applicable federal, state, and health tech laws (e.g., HIPAA). You will work closely under the Leadership Team to ensure the appropriate mitigation of risk across the organization

Responsibilities

• Own information security across all AptiHealth physical and remote locations
• Partner with legal, data, engineering and IT teams to drive various governance and compliance needs
• Inspire and enforce sound infosec hygiene across all vulnerable touch points
• Educate, coach our internal associates on best practices around information security, data privacy, data security etc.
• Oversee information security processes and implementation of policies
• Responsible for security metrics to ensure proper service levels are maintained
• Responsible for the development of information security policies and procedures, disaster recovery plans, incident response plans and continuity of business plan.
• As a core part of the tech leadership team, partner with other tech and engineering functions while maintaining high accountability and a keen eye towards reusability, efficiency and scale
• Prioritize the organization’s vulnerabilities and define the ideal security posture to protect all assets, clients, and employees
• Responsible successful third-party independent audits of our information security

Requirements

• BA or BS in Computer Science, IT or related technical field
• 10+ years of experience in Information Security and Compliance, HIPAA and health tech space
• Possession of security certification(s) highly preferred: CISSP, CISM, SSCP, Security+, GSEC etc.
• Deep Cloud Security (AWS, GCP or Azure) experience
• Current security knowledge across industry standards and frameworks (e.g., ISO, SOC2, CISSP, OSCP, CBEST, NIST)
• Requires advance to expert level knowledge and understanding of information security architecture, information security technologies, systems design, integration of systems, and networking
• Experience must include tools for maintaining security, assessing and evaluating security, and performing security incident forensic work.
• Leadership experience in managing geographically dispersed technical staff and influencing senior-level management and key stakeholders
• Excellent grasp of modern cloud friendly technologies and progressive hands-on experience
• Prior hands-on experience with AWS, GCP, Azure or comparable public cloud
• Deep understanding of architectural tradeoffs optimized for scale and throughput especially with security lens
• Strong strategic thinking skills, including ability to think critically, bridging strategy and goals to actionable opportunities. Ability to think creatively to address ambiguous situations and find solutions to complex/atypical problems
• Administered and maintained a security and compliance program
• Basic software engineering experience
• Ability to thrive in a fast paced, constantly changing environment
• Passionate about being a trusted partner to transform behavioral healthcare
• Results driven -- documented success in exceeding goals and objectives
• Demonstrated commitment to the core values of aptihealth

Travel Anticipated

This position requires overnight travel approximately 10%.

About aptihealth

AptiHealth, Inc. is a behavioral health engagement company that seamlessly integrates physical and behavioral healthcare. Our platform connects medical providers, behavioral health specialists and patients with our proprietary assessment and treatment management protocols to get and keep patients healthier faster. aptihealth’s structured therapy programs are centered on its proprietary 15 Life Domain Clinical Framework© that efficiently provides collaborative care teams with the most thorough understanding of a patient’s behavioral health needs. The aptihealth platform connects patients and their care teams with licensed behavioral health specialists who provide 90-day and extended care therapy by phone or video supported by an easy-to-use consumer friendly digital experience. The aptihealth program is evidenced to get individuals into therapy faster and clinically proven to improve both behavioral and medical outcomes while lowering overall cost.

At aptihealth, we don’t just accept difference—we celebrate it, we support it, and we thrive on it for the benefit of our employees, products and community. aptihealth is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please let us know by contacting us.

To all recruitment agencies: aptihealth does not accept agency resumes. Please do not forward resumes to us, our employees or any other organization location. aptihealth is not responsible for any fees related to unsolicited resumes.

For more information, please contact us at:

AptiHealth, Inc.
250 Summer Street, 2nd Floor
Boston, MA 02210
(888) 454-3827