Chief Information Security Officer @ Arcadia

Chief Information Security Officer

Ciso

Posted on 12/8/2022

INACTIVE

Locations

Remote • Pittsburgh, PA, USA • Dorchester, Boston, MA, USA

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

AWS

Data Analysis

Management

Public Speaking

Communications

Requirements

Minimum 10 years of experience in healthcare supporting HIPAA security and compliance requirements
Minimum 10 years of experience in a combination on of risk management, information security and security engineering roles with at least 4 years in a senior leadership role
Current role as CISO/Head of Security role
Direct experience leading and managing Information Security Management Systems to support HITRUST, SOC 2 and ISO 27001 compliance
Deep technical understanding of AWS security architecture and controls
Provide leadership for incident response, including proven experience with SIEM to identify security events, perform triage, establish escalation if warranted, and manage response
Fantastic communication skills in both spoken and written forms to explain complex ideas to various audiences, such as, internal stakeholders and external customers and auditors
Masters or doctorate in information security
Certification in one or more of the following: CISSP, CISM, SSCP, CCSP, CRISC, others
Masters or doctorate in information security
AWS Certified Security - Specialty Certification
AWS Solution Architect Certification
Experience building a red team and demonstrated offensive security capabilities
Membership with CHIME or AEHIS, Infragard, ISSA, ISACA others
History of public speaking at security conferences and trade shows
Published articles and white papers
Knowledge of healthcare analytics, machine learning, and artificial intelligence

Responsibilities

Maintain and enhance the enterprise-wide information security management program to ensure that information assets are adequately protected
Develop organizationally aligned vision and strategy for information security that enables the organization to reach business objectives and strategic priorities
Work with executive management to determine and achieve acceptable levels of risk
Managing and monitoring enterprise information security, compliance, and IT risk management activities
Working directly with the business units to facilitate risk assessment and risk management processes
Recruiting, managing, and mentoring security and compliance staff
Consulting with lines of business to develop pragmatic solutions that achieve business requirements and maintaining acceptable levels of risk
Reporting key, risk based, performance metrics that demonstrate effectiveness of our program and a return on investment for our executives and the board of directors
Actively participate in security architecture with information technology, product management, and Engineering
Enhancing and maintaining a world-class security infrastructure, controls, and processes
Evangelizing security best practices across Arcadia, with customers, and the industry
Collaborating with development teams and product/development leadership to improve security within the in the software development lifecycle
Responding to customer requests for security audits and security assessment
Providing vision and guidance for security operations tooling and architecture
Evangelizing security best practices across Arcadia, with customers, and the industry
Collaborating with dev teams to apply a shift-left security strategy in the development lifecycle
Responding to customer requests for security audits and security assessment
Providing vision and guidance for security operations tooling and architecture
Driving improvements in incident identification and response capabilities and overseeing incident response table-top and integrated testing
Ensuring the effectiveness of data backup, recovery, and business continuity capabilities
Partnering with business stakeholders to raise awareness of security, privacy, and risk management concerns
Supporting compliance and audit requirements including HITRUST, SOC2, ISO27001, and PCI-DSS
Assisting with the overall business technology planning, providing a current knowledge and future vision of technology and systems

Based on the evolving situation with Covid–19 we are mostly remote, this includes the hiring process. We are in the process of moving to a hybrid of onsite and remote with some positions remaining 100% remote.

Why This Role Is Important To Arcadia

The CISO reports directly to the CEO and serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with the Arcadia’s information security policies. Key elements of the CISO’s role include:

- Maintain and enhance the enterprise-wide information security management program to ensure that information assets are adequately protected.

- Develop organizationally aligned vision and strategy for information security that enables the organization to reach business objectives and strategic priorities.

- Work with executive management to determine and achieve acceptable levels of risk.

What You’ll Be Doing

Managing and monitoring enterprise information security, compliance, and IT risk management activities
Working directly with the business units to facilitate risk assessment and risk management processes
Recruiting, managing, and mentoring security and compliance staff
Consulting with lines of business to develop pragmatic solutions that achieve business requirements and maintaining acceptable levels of risk
Reporting key, risk based, performance metrics that demonstrate effectiveness of our program and a return on investment for our executives and the board of directors
Actively participate in security architecture with information technology, product management, and Engineering
Enhancing and maintaining a world-class security infrastructure, controls, and processes
Evangelizing security best practices across Arcadia, with customers, and the industry
Collaborating with development teams and product/development leadership to improve security within the in the software development lifecycle
Responding to customer requests for security audits and security assessment
Providing vision and guidance for security operations tooling and architecture
Evangelizing security best practices across Arcadia, with customers, and the industry
Collaborating with dev teams to apply a shift-left security strategy in the development lifecycle
Responding to customer requests for security audits and security assessment
Providing vision and guidance for security operations tooling and architecture
Driving improvements in incident identification and response capabilities and overseeing incident response table-top and integrated testing
Ensuring the effectiveness of data backup, recovery, and business continuity capabilities
Partnering with business stakeholders to raise awareness of security, privacy, and risk management concerns
Supporting compliance and audit requirements including HITRUST, SOC2, ISO27001, and PCI-DSS
Assisting with the overall business technology planning, providing a current knowledge and future vision of technology and systems

What You’ll Bring

Minimum 10 years of experience in healthcare supporting HIPAA security and compliance requirements
Minimum 10 years of experience in a combination on of risk management, information security and security engineering roles with at least 4 years in a senior leadership role
Current role as CISO/Head of Security role
Direct experience leading and managing Information Security Management Systems to support HITRUST, SOC 2 and ISO 27001 compliance
Deep technical understanding of AWS security architecture and controls
Provide leadership for incident response, including proven experience with SIEM to identify security events, perform triage, establish escalation if warranted, and manage response
Fantastic communication skills in both spoken and written forms to explain complex ideas to various audiences, such as, internal stakeholders and external customers and auditors
Masters or doctorate in information security
Certification in one or more of the following: CISSP, CISM, SSCP, CCSP, CRISC, others

Would Love for You to Have

Masters or doctorate in information security
AWS Certified Security – Specialty Certification
AWS Solution Architect Certification
Experience building a red team and demonstrated offensive security capabilities
Membership with CHIME or AEHIS, Infragard, ISSA, ISACA others
History of public speaking at security conferences and trade shows
Published articles and white papers
Knowledge of healthcare analytics, machine learning, and artificial intelligence

What You’ll Get

The opportunity to work for an amazing, fast-growing software company leveraging a highly scalable cloud platform
You seek a fun culture that encourages you to speak up and fosters creative thinking
You enjoy working with customers and thrive as a team player
You want to use your skills to make an impact in healthcare
Awesome work environment
Competitive compensation
Great benefits like flextime time off
Stocked kitchen with snacks and beverages and more

About Arcadia

Arcadia.io helps innovative healthcare systems and health plans around the country transform healthcare to reduce cost while improving patient health. We do this by aggregating massive amounts of clinical and claims data, applying algorithms to identify opportunities to provide better patient care, and making those opportunities actionable by physicians at the point of care in near-real time. We are passionate about helping our customers drive meaningful outcomes. We are growing fast and have emerged as the market leader in the highly competitive population health management software and value-based care services markets, and we have been recognized by industry analysts KLAS, IDC, Forrester and Chilmark for our leadership. For a better sense of our brand and products, please explore our website, our online resources, and our interactive Data Gallery.

This position is responsible for following all Security policies and procedures in order to protect all PHI under Arcadia’s custodianship as well as Arcadia Intellectual Properties. For any security-specific roles, the responsibilities would be further defined by the hiring manager.

201-500 employees

Website

Energy tech company

Company Overview

Arcadia's mission is to stop climate change by breaking the fossil fuel monopoly. Their technology is lighting a cleaner path forward for everyone, from everyday consumers and small businesses to the innovators building the next generation of energy products.

Benefits

Competitive compensation and paid time off
Comprehensive medical, dental, vision, and FSA plans
Paid parental leave for everyone
Remote work opportunities
Professional development and ongoing feedback
Company stock options and 401(k)
Snacks, beverages, and regular lunches in the office
On-site gym, new parent, and wellness rooms in DC
Commuter benefits and secure bike storage
100% clean energy match for all employees

Company Core Values

Build for good
Build for all
Build with urgency
Build for simplicity
Build togethere