Blink Health is fixing how broken, opaque, and unfair healthcare is. We're a well-funded healthcare technology company on a mission. We’re changing healthcare through technology and transparency. With our proprietary technology, everyone now has access to the lowest prices on over 15,000 medications. But there is more work to do.
We are a continuously learning, curious, collaborative team dedicated to inventing new ways of working in an industry that historically has resisted innovation. We're assembling an experienced and talented team to get this done.
We are looking for a passionate and collaborative Head of Information Security with expertise in healthcare information security, and secure coding standards across web and mobile. To be successful, you must be a hands-on leader, both paying attention to details and looking ahead to address what happens next. The ability to collaborate and respond quickly to changing circumstances are key to success in this role. You must have experience performing manual and automated evaluations for vulnerabilities, and experience in developing mitigation strategies for them. This role is for a highly visible and hands-on leader responsible for defining, building, and measuring mechanisms for our security practice. You will be engaged across the organization to frame, drive, identify, and address our core security needs. You will work closely with other key stakeholders, including IT, the Privacy Office, and Legal.
In this position, you will be responsible for the evolution of our risk management, and overall security for our systems. This includes vulnerability and threat assessments, and providing security engineering to internal teams. Core responsibilities include:
- Building, evaluating and maintaining the security of an organization that evolves quickly and has both regulated and non-regulated business segments
- Mitigating and managing risks as necessary
- Manage security controls for PHI, including performing an annual HIPAA Security Risk Assessment
- Building a culture of cyber security
- Reviewing and revising our security protocols and frameworks
- Establish metrics to measure and continuously improve our security posture
- Designing and overseeing recurring security tasks such as monitoring software, vulnerability management, internal and external audits, incident response, and project management of security initiatives
- Identifying, prioritizing, and fixing core vulnerabilities proactively
- Managing and overseeing security support vendors and vendors designated as Business Associates
- Building and managing additional security staff as the business and need grows
- Ensuring organization has audit controls to monitor and respond to activity on electronic systems that contain or use electronic protected health information.
- Bachelor's Degree in Computer Science or equivalent industry experience
- 10+ years in an Information Security role in a healthcare technology startup
- Experience establishing and managing programs to support HIPAA and the like
- Demonstrated experience performing manual and automated evaluation of networks, systems and applications for vulnerabilities
- Demonstrated experiences in leading small teams across GRC, Infosec Operations and related regulatory work environments.
- Knowledge and experience in state and federal information security laws, including but not limited to HIPAA, including NIST, PCI, CCPA and all other applicable regulations.
- Implemented and/or managed security information and event management solutions (SIEM), experience performing security incident response and/or investigation
- Strong verbal/written communication and presentation skills - ability to clearly communicate high level strategy as well as technical details, and communicate through all levels of the organization.
- Master's Degree in Computer Science or equivalent industry experience
- Experience with agile/iterative development and program management methodologies
- Demonstrated passion for making things better and building resourceful solutions
- CISSP or CISM certification. Other relevant security certifications will be considered such as GIAC, GCIH, CEH, CSA+ certifications
- Experience with the following: Palo Alto Firewalls, Carbon Black, AlienVault, Aptible, AWS, kubernetes, Python.