Associate Director, Information Security - Vendor, Client, Audit and Risk Management

Remote (U.S.A. or Canada)

Phreesia logo
Apply now Apply later

Posted 4 weeks ago

Phreesia is looking for an Associate Director of Information Security to join our growing team!

As the Associate Director, you will lead Phreesia’s Audit and Compliance Program. You will manage time-sensitive delivery and maturity of our regulatory compliance and audit initiatives, client assessments, vendor security assessments, periodic internal assessments, and other technical security assessments. In this role, you will report directly to the Vice President of Information Security and manage one person on this team.  

What You’ll Do:

  • Lead our Audit and Compliance Program by performing internal pre-audits and managing active audits for PCI DSS, HITRUST, SOC 2, PCI P2PE, HIPAA, FedRAMP, and others to finish
  • Build, lead, and grow a team of security practitioners that support business objectives
  • Deliver a range of security assessments to identify information threats, internal control weaknesses, and remediation strategies
  • Ensure Phreesia’s vendors follow a structured risk management process and adhere to Phreesia’s rigorous security and compliance standards
  • Assist project teams in integrating vendors securely, and periodically re-evaluate the security and compliance of integrated vendors
  • Mature the enterprise risk assessment and reporting function to meet audit and compliance requirements
  • Provide pre-sales presentations to prospective Clients on Phreesia’s Information Security Program and product security features
  • Assist Sales teams to complete RFIs/RFPs and Client security questionnaires
  • Train and integrate offshore staff to assist with operational aspects of Phreesia’s Information Security Program
  • Train Phreesia partners and employees in secure practices, behaviors, and processes
  • Collect and publish monthly qualitative and quantitative key risk and performance indicators

What You’ll Bring:

  • 10+ years in information security, 3+ years leading information security teams
  • Knowledge of large security projects (>$500k capex, 5k hours labor) involving cross-functional enterprise stakeholders
  • Passion to lead individuals and teams through change initiatives
  • Excellent communication skills and a history of collaborating with executive stakeholders
  • Deep technical experience in information security best practices, access controls, encryption, network and endpoint security tools
  • Well versed in successfully collaborating with and managing external auditors
  • Certifications in CISSP, CISM, PMP, QSA is a plus

Who We Are:  

At Phreesia, we’re committed to helping healthcare organizations succeed in a fast-changing landscape—and we need smart, passionate people to help us do it. Our innovative SaaS platform offers our clients a suite of applications to manage the intake process, giving them the tools to engage patients, improve efficiency, optimize staffing and enhance clinical care. Our solutions are in all 50 states, and we check in 70 million patients a year!  

Basically, what you are doing here matters and hard work does not go unnoticed. Not only does Phreesia care about our clients we also care about our employees. We are proud to say that we have grown 40% each year and consistently continue to do so. If you crave working with driven and engaged colleagues, a structured sales process, consistent recognition, defined career path, and enjoy working in revamped new areas, this may be the right opportunity for you.  

Benefits and Perks: 

  • Variety of health plan options, dental/ vision coverage, and short/long-term and life insurance plans 
  • 401(k) savings plan (USA) or RRSP plan (Canada)
  • Flexible working hours 
  • Unlimited vacation 
  • Mobile phone stipends, monthly subway pass reimbursement and Internet reimbursement 
  • 100% paid maternity leave to our U.S. employees, as well as a generous maternity benefit to our employees in Canada. 
  • Tuition and certification reimbursement, as well as other professional development opportunities 


We strive to provide a diverse and inclusive environment and are an equal opportunity employer.

Job tags: Audits CISM CISSP Encryption FedRAMP Go HITRUST PCI Risk assessment SaaS Security assessments SOC 2
Share this job: