Director, Infrastructure & Information Security

As Director, Infrastructure & Information Security for Caravel, you’ll own and manage Caravel’s Information Security Risk management program and its cloud technology environment.  To be successful in this role you must be passionate about keeping information safe by knowing how to prioritize and remediate information security risk as part of an overall risk management and governance methodology.

 In this dynamic role you’ll lead cyber risk governance, security operations and cloud infrastructure management across the organization via a blend of internal and external resources and partners.  In addition you’ll roll up your sleeves and solve technical challenges, write policy and procedure documents, perform ongoing risk assessments, deliver awareness training and be the voice of Information Security across a fast paced, growing organization.

 Essential Functions:

1.  Implement and maintain an Information Security Governance and Risk Management Program for the protection of electronic information assets including ePHI, PII and other electronic information assets.
2. Design, deliver and support infrastructure and security services for Caravel including cloud systems such as Azure, Microsoft 365, Meraki, ArcticWolf and others.
3. Supervise and manage internal team members as well as third parties
4. Monitor and evaluate information security controls implemented in the organization.  Work to reduce risks to protected information to acceptable levels and detect, investigate, and respond to information security events.
5. Conduct and document accurate and thorough internal and third party risk assessments on an ongoing basis, leveraging third parties as needed to supplement internal capabilities.
6. Develop and implement measures to address the risks identified through the risk assessment process, including but not limited to policies, procedures, training and technology.
7. Ensure the information security program and IT environment meets pertinent government regulatory, accreditation, and commercial requirements including HIPAA.  
8. Work in tandem with leadership and counsel to support data incident risk assessment and data breach notification activities.
9. Develop, implement, and maintain a Caravel-wide information security education and awareness program for delivery to all levels of the enterprise.
10. Coordinate with other leaders to ensure the necessary policies and procedures are in place to mitigate Information Security Risk to acceptable levels.

 Qualifications:

Education:  

• Bachelor’s Degree in Information Technology, Information Security or a related field
• CHPSE, CISSP and/or CCSFP or the willingness to obtain one of these certifications

 Experience:

• At least 7 years of progressive experience in IT Infrastructure technology and healthcare Privacy and Information Security management or related fields.

 Skills and Competencies:

• Extensive information security knowledge and experience in regulated industries, particularly healthcare.
• Extensive depth and breadth of technical acumen with a willingness to continually be hands on in all facets of infrastructure and technology
• Hands on experience with Microsoft Azure, Microsoft 365, Intune, Kaseya, Arctic Wolf, MaaS365 or similar technologies
• Proficiency with process and project management methodologies, tools and techniques
• Superior written and verbal communication skills as well as leadership acumen are crucial for the role.
• Willingness to roll up your sleeves and be as hands on as necessary to get the job done in a collaborative, high energy environment.