Lightship is the premier provider of enterprise level, technology enabled direct-to-patient clinical research. In this capacity, Lightship functions as a telemedicine-enabled site within a research study, which makes research participation more accessible for everyone.
Lightship is seeking an experienced IT professional with strong experience and background in identifying, evaluating, and remediating security vulnerabilities and implementing security solutions. The ideal candidate for this highly visible role will work closely work with IT and compliance professionals to establish and maintain the necessary policies, procedures, and tools to secure Lightship’s technology landscape.
This position is remote, and a successful candidate will possess a willingness and desire to work independently without significant oversight.
We would like to offer you:
- An opportunity to help re-envision how clinical research is executed with inclusivity, increased diversity and accessible at the core
- The chance to work with a patient-centered, clinically-oriented, collaborative team to support in the delivery of enterprise grade direct-to-patient clinical research solutions at scale
- An unmatched opportunity to grow as part of an early stage startup with industry veterans, high-caliber investors, and a massive market opportunity
- Competitive compensation
Generous benefits package, including:
- Top notch healthcare (medical, dental, and vision) for you and your family, effective on day one of employment.
- Unlimited Paid Time Off (PTO), plus paid holidays and bereavement to help support work life balance.
- A 100% 401(k) company match for up to 4% of eligible contributions with an immediate vesting.
- Generous paid parental leave
- Short & long-term disability
- Life insurance and More!
In this role you will be responsible for:
- Continuously improving, strengthening, and scaleing the company’s security and compliance program in coordination with internal and external teams and partners, prioritizing strategies that focus on improving quality and mitigating risks.
- Evaluating and working closely with technical IT personnel to implement technical security solutions and evaluate changes to risk and effect of risk mitigation strategies.
- Supporting security compliance product and program initiatives, audits and benchmarking of security policies against best practices and standards.
- Performing and/or overseeing information security risk assessments, static and dynamic vulnerability scans, penetration tests, and manage gap analyses.
- Tracking and managing security incidents, responses, and security investigations through resolution.
- Manage compliance with standards and regulations including HIPAA/HITECH, ISO 27001, NIST, SOC, and more using HITRUST and other frameworks.
- Conducting annual IT Risk Assessments and work closely with our third-party assessor on certification audits to obtain and/or maintain certifications.
- Assisting with analysis and documentation of audit remediation actions related to security.
- Taking part in discussions with customer security teams and auditors regarding security and related interests.
- Reviewing vendor and customer security contract terms against current policies, procedures, and product capabilities.
- Clearly communicating information security principles and practices to technical and non-technical audiences both in writing and verbally.
- Supporting the development and maintenance of information security policies, standards, and guidelines in alignment with applicable laws, common security frameworks and leading practices.
- Participating in development of training curriculum, conducting security awareness campaigns, and evaluating their effectiveness.
- Facilitating the execution and continuous improvement of third-party risk management processes.
- Advising the product and engineering teams on internal and external compliance product requirements and be the organization's subject matter expert on security and compliance across both product and operations.
We are interested in candidates with the following knowledge, skills, and abilities:
- Experience conducting risk assessment audits with common control frameworks such as ISO 27000 series, HITRUST, CSA and with regulations and standards such as HIPAA/HITECH, NIST etc..
- Strong leadership, consultative and advisory skills for security compliance programs.
- Thorough understanding of Software Development Life Cycles, Cyber Security, Social Engineering, IT Compliance and Privacy best practices.
- Experience or certification in cloud security, including experience with cloud security tools and products.
- Ability to work closely with Developers, Quality and vendors to evaluate, suggest and document controls and procedures to strengthen the cyber security posture
- Excellent communication skills both written and oral and equally comfortable speaking with internal business users at all levels as well as business partners and vendors.
- Experience working in the Security and Compliance function for other Life Sciences or Health Care Organizations
Education and experience
- Bachelor’s degree in Computer Science or similar discipline, Masters preferred
- At least 5 years of experience in information security
- Certifications such as CISSP/CISM are desired.
Our commitment to diversity & inclusion:
Lightship is an equal opportunity employer and promotes a diverse and inclusive workplace. Lightship considers all applicants without regard to race, color, religion, creed, national origin, age, sex, marital status, ancestry, disability, veteran status, gender identity, genetic information, sexual orientation, or any other status protected by applicable law. EEO is the Law
#jobs #careers #IT #ITjobs #security #informationsecurity #technology #nowhiring #hiringnow