Security and Compliance Manager (Contract Role)

ABOUT US

At COTA, our vision is for data-driven cancer care to become the standard across healthcare. We believe that everyone touched by cancer deserves a clear path to care. Together, we can make that vision a reality. 

We’re searching for smart, motivated people who share our passion for bringing clarity to cancer. Connect with us, introduce yourself, and apply to one of our current openings.

PERKS

Working at COTA comes with many perks! At COTA, we are committed to workplace wellness and employee happiness. Some of the benefits for working full time at COTA include:

• Medical / dental / vision benefits
• 401k Match / retirement
• Monthly commuter benefits
• Annual bonus
• Flexible Fridays 
• Quarterly COTA Wellness days  
• Unlimited paid time off
• Paid sick time - 40 hrs/year
• 11 paid holidays per year
• Paid Parental leave
• Company team building events
• Educational lunch & learns
• Cause-driven employees
• Fun and productive culture
• Employee-led Diversity & Inclusion committee
• Healthy snacks
• Gourmet coffee and cold brew

LOCATION: Remote or New York, NY

OVERVIEW

We are looking for a Security and Compliance Manager to join our team in a contract-to-permanent capacity. This role offers an exciting opportunity to initially join us on a contract basis, with the potential for full-time, permanent employment based on performance and business needs. As the Security and Compliance Manager, you will assist in overseeing the Information Security and Compliance programs in conjunction with Security and Compliance leadership. This position will:

• lead risk and incident management activities
• provide subject matter expertise in designing and implementing security safeguards
• create, maintain and monitor security policies and procedures
• identify vulnerabilities, quantify risks, report findings and provide mitigation results

This position requires:

• One of the following certifications: CISSP, CISM, CRISC
• Deep experience in:
  • security operations, including advanced threat management, vulnerability management, risk mitigation, and compliance
  • security architecture principles, including zero trust
  • modern security tools in areas such as SIEM, IDS, IPS, IAM and related domain tools
  • response and recovery from information security incidents
• A clear ability to balance security risk with business needs and prioritize what needs to be done within a well-defined strategic plan
• An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders
• An ability to work collaboratively with information technology staff supporting the organization’s IT function
• A well-developed understanding of and appreciation for business needs and a commitment to leading the information security function in delivering high-quality, prompt, and efficient service to the business
• Strong verbal and written communication skill set especially to senior most leadership
• A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner
• A working knowledge of the following areas of technical expertise: information policy formulation, information security management, business risk management, IT risk assessment and management, IT continuity management, IT governance formulation, and organizational change management, IT financial management and IT audits

WHAT WILL YOU GAIN

• Exposure to management
• Knowledge of and experience in information security and compliance program maintenance and support

WHAT TO EXPECT IN YOUR FIRST YEAR AT COTA:

In thirty days, you will:

• Implement security tool governance
• Update policies and procedures

In three months, you will:

• Conduct business impact analyses
• Conduct risk assessments

In six months, you will:

• Lead business continuity and disaster recovery efforts
• Lead security review and assessments for vendors, partners, suppliers, and clients with business partners

In one year, you will:

• Assist in ongoing certification and audit efforts
• Mature organizational security posture

HOW YOU WILL IMPACT COTA

• Assist in overseeing the Information Security and Compliance Programs

WHAT YOU BRING TO THE TABLE

• 7+ years of professional experience in an information security function, including analyzing and applying information security risk, risk management, policy development, and privacy practices
• 7+ years of experience working with national and international regulatory compliance frameworks such as ISO, SOX, GDPR, HIPAA, and PCI DSS
• Specific focus on HITRUST, ISO 27001:2013 to 2022 implementations
• ISO 9000, 30xxx, 41xxx, COBIT 2019, COSO framework implementations
• Cross-functional ITIL/ITSM/ISMS systems and frameworks
• Extensive experience in HIPAA Security Rule compliance, risk analyses, audits and breach investigation for covered entity or business associate organization

NICE TO HAVE

• Experience in strategic planning, budgeting, and allocation
• Additional certifications of value for the role: CGRC, CASP+, CCSP,Cloud+, SSCP, Security+, GSEC, Federal DoD Work Role ID: 722 - Information Systems Security Manager (advanced)

Salary: $100 - $130 per hour

At COTA, we are passionate about creating an inclusive workplace that celebrates and values diversity with the belief that it drives our innovation. Our commitment to diversity and inclusion is a guiding principle on how we build teams and develop leaders. As part of our commitment to building a respectful culture that encourages, develops and celebrates different backgrounds, experiences, abilities and perspectives all qualified applicants will receive consideration for employment without regard to race, color, religion, culture, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status or other applicable legally protected characteristics. All employment decisions, including decisions to hire and promote, will be based on merit, competence, business need and performance. 

We are a proud equal opportunity employer.

All employees who work from or enter COTA's office location or attend company events or meetings in-person must be fully vaccinated unless an exemption applies.

“NOTICE OF COLLECTION OF APPLICANT PERSONAL INFORMATION UNDER THE CALIFORNIA CONSUMER PROTECTION ACT (CCPA)

This Notice applies only to the collection of personal information from California residents on and from January 1, 2020. Cota (“we”) is committed to maintaining the privacy and security of our job applicants’ personal information. In connection with your application for employment, we will collect and process personal information that you provide to us or that we obtain through employment agencies, background check agencies, your professional or educational references or other third parties or service providers. This information includes contact information, such as name, email address, telephone number and other identifiers, professional or employment related information, and education information. We may also collect information concerning your protected characteristics if voluntarily provided by you. We will use your personal information and share it with third parties solely for purposes of considering your application for employment, and should you be hired, in connection with your employment.”

COTA's Privacy Policy