Information Security Manager

Most job postings are the same (and can be pretty boring, right?!). That's why we want to start out by telling you what's in it for you:

• We have an amazing platform that maximizes revenue for thousands of healthcare organizations across the country!
• We embrace diversity in a serious way! We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.
• We are fully remote & enjoy flexible work schedules.
• We celebrate and promote career growth and advancement.
• We have an awesome on-demand learning program.
• We do fun stuff like remote Virtual Cooking Classes, Yoga Sessions & Mixology Classes because we like to have fun!
• We have an awesome benefits package with Medical, Dental & Vision Coverage & 401K (with company match).
• We have an unlimited vacation policy - that's right, take vacation when you want and come back to work refreshed!
• We have cool Peer Nominated Awards & Recognition because we like to celebrate our employees!

MDaudit Enterprise, our flagship revenue integrity software platform, enables organizations to reduce compliance risk, risk monitoring, and built-in analytics and benchmarking capabilities while maximizing revenue – all in a single, integrated cloud-based platform. We are currently seeking a Information Security Manager to join our team.  We are a completely remote company!  

The Information Security Manager’s primary responsibility is to design, create, and implement systems to solve complex business problems regarding Cloud Security around our healthcare SaaS platform which includes security certifications namely HITRUST, Texas Ramp, and HITECH. The job includes developing and implementing security policies, procedures, operations, managing risk assessments, and incident management.  

This individual works both independently as an engineer and as a project leader overseeing other development team members to define strategies and solutions that align with security, leverage common solutions and services to mitigate security risks, and meet financial and strategic objectives. They will also provide technical and security engineering support during pre and post-sales phases. The Information Security Manager will be the technical liaison for customers for security-related topics and will work closely with cross-functional teams (IT, Sales, Marketing, Legal, and Technology) to assist with security tasks. 

ESSENTIAL DUTIES AND RESPONSIBILITIES 

• Manage external vendors for HITRUST and Texas-Ramp certifications in a SaaS environment.  
• Ensure all the controls related to the certifications are managed and recorded along with the proper documentation and project plan 
• Work with the infrastructure team to solidify AWS security processes, blueprints, and documentation.  
• Leverage security risk assessment framework and threat modeling to mitigate risks and vulnerabilities 
• Coordinate and complete projects working with 3rd party vendors on penetration testing of the SaaS platform and AWS infrastructure  
• Develop robust security policies, guidelines, and procedures pertaining to the protection of platform ecosystem and data including disaster recovery (managing RTO/RPO) and ensuring HIPAA compliance 
• Manage Risk assessment by performing security audits and assessments to detect vulnerabilities that include platform, third-party applications, infrastructure, access control, and security violations 
• Participate in security committee meetings and proactively advise of any potential security threats or risks to the platform along with any changes in healthcare regulations 
• Report actual or suspected breaches & vulnerabilities in the confidentiality, integrity, or availability of systems and data. Perform dry runs to test various cybersecurity scenarios at least twice a year 
• Oversee and own security questionnaires from customers and drive security-related discussions and documentation around the MDaudit Enterprise platform 
• Lead proof-of-concept initiatives to evaluate new technologies leveraging the TPRM framework from a security perspective working closely with the cross-functional teams 
• Provide periodic feedback on the performance of security group members 
• Keep abreast of current trends in cloud security architectures and development environments 
• Look for possible new revenue streams, applying existing and future system architectures to observed healthcare trends and problems 
• Manage data security posture management by leveraging the data governance framework that includes PHI, PII, and IP by Adhering to security policies, guidelines, and procedures to manage data retention offboarding, and onboarding of clients  
• Report actual or suspected vulnerabilities and breaches in the confidentiality, integrity, or availability of systems and data. 

REQUIRED SKILLS  

• Excellent verbal and written skills  
• Project management and Agile skills 

EDUCATION AND/OR EXPERIENCE  

• 8+ years of security, infrastructure, and architecture experience with cloud services, AWS preferred 
• 8+ years of experience in healthcare regulations, security certifications and laws 
• 8+ years of demonstrated ability to design, create, and drive the implementation of systems to solve complex business problems 
• Training and certification in AWS solution architecture 
• Healthcare industry certifications related to data and application security 

APPLICATION/SPECIALIZED KNOWLEDGE  

• Demonstrated ability to integrate business and operational processes with technical solutions  
• Experience with healthcare data (EDI Claims, Payments, and Clinical data) preferred 
• Ability to apply specialized knowledge to current MDaudit business needs  
• Experience with reporting tools required. BI and AI reports experience a plus  
• A solid understanding of healthcare information systems  
• Detailed knowledge of data modeling  
• Solid verbal and written communication skills