Who You Are:
We’re looking for an entrepreneurial senior security specialist to drive the security practices here at Clearwave. Reporting directly to the Chief Technology Officer, you will have the opportunity to participate in building and deploying a cutting-edge security practice for a cloud-native product suite in the Healthcare space. This role requires a significant amount of autonomy to drive the roadmap to improve cybersecurity across a variety of functions within the organization. This is a great opportunity to influence the implementation of the latest security practices, enabling us to scale with massive growth across the US.
What You’ll Do:
- Participates in the security governance model, establishing policies, standards and best practices.
- Mentors a variety of non-security professionals in security designs and principals
- Prepares for and facilitates a variety of external assessments of the core products including penetration testing, SOC 2 audits, PCI DSS, and HIPAA reviews.
- Provides leadership in security vulnerability remediation activities.
- Acts as security, privacy and compliance point of first contact and serve as the intake on security related inquiries and coordinating with subject matter experts.
- Conducts risk assessments to identify vulnerabilities internally and within vendor or third-party supplier products.
- Works cross functionally to advocate on behalf of both customers and security professionals needs with internal teams including engineering, product, and IT.
- Advises senior leadership on risk management strategies, including risk mitigation, risk reduction, risk transfer, the risk exception process and residual risk analysis.
- Successfully drives adoption of processes and key metrics that improve performance.
What You’ll Bring:
- Bachelor’s degree in Cybersecurity/Computer Science/Engineering or related field is preferred but not required
- Industry certification (CISSP, CSM or equivalent)
- 7+ plus years of cross functional Information Security experience
- Possesses strong security/risk/legal knowledge.
- Knowledge of the information security subject matter including
- Vulnerability management
- Security design principles
- Incident Management concepts
- Controls assurance design principles and practices
- Familiarity with various compliance regimes [ HIPAA, SOC 2, PCI ]
- General knowledge and application of engineering concepts.
- General knowledge and application of cloud concepts.
- Excellent problem-solving skills.
- Ability to work in a team environment.
- Ability to interface with customers.
- Strong project management skills.