Chief Information Security Officer (CISO)

Based on the evolving situation with Covid–19 we are mostly remote, this includes the hiring process. We are in the process of moving to a hybrid of onsite and remote with some positions remaining 100% remote.
Why This Role Is Important To Arcadia
The CISO reports directly to the CEO and serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with the Arcadia's information security policies. Key elements of the CISO's role include:
- Maintain and enhance the enterprise-wide information security management program to ensure that information assets are adequately protected.- Develop organizationally aligned vision and strategy for information security that enables the organization to reach business objectives and strategic priorities. - Work with executive management to determine and achieve acceptable levels of risk.- Something about being a thought leader.
What Success Looks LikeIn 3 months- Complete onboarding and review of policies and procedures, asset and application inventories, security projects, etc. - Integrate and develop relationships with staff, Arcadia leadership, and department stakeholders.- Identify gaps and areas for improvement within security and compliance programs and develop high level remediation guidance and priorities. 

What You'll Be Doing

• Managing and monitoring enterprise information security, compliance, and IT risk management activities
• Working directly with the business units to facilitate risk assessment and risk management processes
• Recruiting, managing, and mentoring security and compliance staff
• Consulting with lines of business to develop pragmatic solutions that achieve business requirements and maintaining acceptable levels of risk
• Reporting key, risk based, performance metrics that demonstrate effectiveness of our program and a return on investment for our executives and the board of directors
• Actively participate in security architecture with information technology, product management, and Engineering
• Enhancing and maintaining a world-class security infrastructure, controls, and processes
• Evangelizing security best practices across Arcadia, with customers, and the industry
• Collaborating with development teams and product/development leadership to improve security within the in the software development lifecycle
• Responding to customer requests for security audits and security assessment
• Providing vision and guidance for security operations tooling and architecture
• Evangelizing security best practices across Arcadia, with customers, and the industry
• Collaborating with dev teams to apply a shift-left security strategy in the development lifecycle
• Responding to customer requests for security audits and security assessment
• Providing vision and guidance for security operations tooling and architecture
• Driving improvements in incident identification and response capabilities and overseeing incident response table-top and integrated testing
• Ensuring the effectiveness of data backup, recovery, and business continuity capabilities
• Partnering with business stakeholders to raise awareness of security, privacy, and risk management concerns
• Supporting compliance and audit requirements including HITRUST, SOC2, ISO27001, and PCI-DSS
• Assisting with the overall business technology planning, providing a current knowledge and future vision of technology and systems

What You'll Bring

• Minimum 10 years of experience in healthcare supporting HIPAA security and compliance requirements
• Minimum 10 years of experience in a combination on of risk management, information security and security engineering roles with at least 4 years in a senior leadership role
• Current role as CISO/Head of Security role
• Direct experience leading and managing Information Security Management Systems to support HITRUST, SOC 2 and ISO 27001 compliance
• Deep technical understanding of AWS security architecture and controls
• Provide leadership for incident response, including proven experience with SIEM to identify security events, perform triage, establish escalation if warranted, and manage response
• Fantastic communication skills in both spoken and written forms to explain complex ideas to various audiences, such as, internal stakeholders and external customers and auditors
• Masters or doctorate in information security
• Certification in one or more of the following: CISSP, CISM, SSCP, CCSP, CRISC, others

Would Love for You to Have

• Masters or doctorate in information security
• AWS Certified Security – Specialty Certification
• AWS Solution Architect Certification
• Experience building a red team and demonstrated offensive security capabilities
• Membership with CHIME or AEHIS, Infragard, ISSA, ISACA others
• History of public speaking at security conferences and trade shows
• Published articles and white papers
• Knowledge of healthcare analytics, machine learning, and artificial intelligence

What You'll Get

• The opportunity to work for an amazing, fast-growing software company leveraging a highly scalable cloud platform
• You seek a fun culture that encourages you to speak up and fosters creative thinking
• You enjoy working with customers and thrive as a team player
• You want to use your skills to make an impact in healthcare
• Awesome work environment
• Competitive compensation
• Great benefits like flextime time off
• Stocked kitchen with snacks and beverages and more

About ArcadiaArcadia.io helps innovative healthcare systems and health plans around the country transform healthcare to reduce cost while improving patient health.   We do this by aggregating massive amounts of clinical and claims data, applying algorithms to identify opportunities to provide better patient care, and making those opportunities actionable by physicians at the point of care in near-real time.  We are passionate about helping our customers drive meaningful outcomes. We are growing fast and have emerged as the market leader in the highly competitive population health management software and value-based care services markets, and we have been recognized by industry analysts KLAS, IDC, Forrester and Chilmark for our leadership. For a better sense of our brand and products, please explore our website, our online resources, and our interactive Data Gallery.
This position is responsible for following all Security policies and procedures in order to protect all PHI under Arcadia's custodianship as well as Arcadia Intellectual Properties.  For any security-specific roles, the responsibilities would be further defined by the hiring manager.