Senior Director, Information Security

Who We Are:

SmithRx is a rapidly growing, venture-backed Health-Tech company.  Our mission is to disrupt the expensive and inefficient Pharmacy Benefit Management (PBM) sector by building a next-generation drug acquisition platform driven by cutting edge technology, innovative cost saving tools, and best-in-class customer service.  With hundreds of thousands of members onboarded since 2016, SmithRx has a solution that is resonating with clients all across the country.

We pride ourselves for our mission-driven and collaborative culture that inspires our employees to do their best work. We believe that the U.S healthcare system is in need of transformation, and we come to work each day dedicated to making that change a reality. At our core, we are guided by our company values:

• Integrity: Always operate with honesty and transparency so we earn the trust of our clients.
• Courage: Demonstrate the courage needed to take on a broken industry and continuously improve what we offer to optimize health outcomes.
• Together: Foster a collaborative and inclusive environment that values teamwork, respect, and open communication, and encourages creativity and diversity of thought.

Job Summary

SmithRx is developing the next-generation modern pharmacy benefits management (PBM) platform that will change how companies administer and manage pharmacy benefits. Our unified technology platform provides real-time actionable insights that drives cost savings, powers clinical services and results in a brilliant customer experience. A unified technology platform exists nowhere in the pharmacy benefit ecosystem to programmatically solve widespread deficiencies. The result is a PBM delivering unmatched service quality and operational efficiency that exceeds all industry standards.

The Senior Director, Information Security position plays an integral role in protecting SmithRx from internal and external threats and works closely with key business stakeholders and technology teams to implement and improve an efficient information security program that embeds security throughout all processes and systems. This role will also ensure that operational, legal, regulatory, and security risks related to IT are assessed and mitigated in a cost-effective manner in accordance with the business requirements.

Responsibilities:

• This is a leadership role that has accountability for identifying, evaluating, reporting, and managing information security risks in ways that meet security, compliance, and regulatory requirements with focus on GRC, IT and Cloud Security.
• Develop a vision and strategy for trust, comprising cybersecurity, compliance, and risk management, that will include measurable goals, objectives, and metrics.
• Design, develop, coordinate, and document the secure operation of information systems and develop best practices for securing enterprise-wide data and information systems
• Ensure cloud security practices align with relevant industry standards, regulations, and compliance frameworks. Lead efforts to maintain and obtain necessary certifications.
• Oversee the implementation of advanced security monitoring and analysis tools to detect and respond to security incidents and vulnerabilities 
• Evaluate the security posture of third-party cloud providers and vendors. Develop and implement strategies to manage and mitigate associated risks.
• Build, mentor, and lead a team of cloud security and IT professionals. Foster a collaborative and innovative work environment that encourages skill development and knowledge sharing.

• Cloud Security :
• Develop and implement comprehensive cloud security strategies, policies, and procedures to safeguard our cloud infrastructure and data assets.
• Collaborate with DevOps and engineering teams to integrate security into the software development lifecycle (SDLC) and cloud deployment processes.
• Implement and manage security controls and tools, including identity and access management (IAM), encryption, network security, and intrusion detection and prevention systems.
• Monitor and analyze cloud security logs and alerts, investigate security incidents, and coordinate incident response efforts.
• Conduct regular cloud vulnerability assessments and penetration testing and oversee the remediation of identified vulnerabilities.
• Ensure compliance with industry standards and regulations (e.g., NIST, GDPR, PCI) by establishing and maintaining appropriate security controls.
•  Stay up to date with the latest security threats, vulnerabilities, and best practices, and recommend enhancements to our security infrastructure and processes.
•  Lead and contribute to security awareness and training initiatives for employees, supporting colleagues to build a security mindset. 
• Governance, Risk and Compliance (GRC):
• Key Tasks - Technology/Security Governance; Risk Assessment and Management; Supplier Chain/Vendor Risk; Security Awareness Training
• Architecting program or project structures, plans to enable fulfillment an articulated business strategy and managing large program budgets
•  Engage and partner with Risk/Compliance teams to meet regulatory commitments while driving down risk to SmithRx.
• IT Infrastructure Management:
• Oversee the design, implementation, and maintenance of robust IT infrastructure to support business operations.
• Ensure scalability, security, and reliability of technology systems.
• Budget and Resource Management:
• Develop and manage budgets ensuring optimal utilization of resources.
• Collaborate with other departments to align technology investments with business priorities.
• Vendor Management:
• Evaluate and manage relationships with external vendors and service providers.
• Negotiate contracts and agreements to optimize services and costs.

Qualifications:

• Bachelor's or Master's degree in Computer Science, Information Technology, or a related field.
• 15+ years experience in Cybersecurity, system security, IT, risk management spanning multiple functions. 
• 8+ years in a leadership or director role with experience building, leading, and maturing security and engineering teams. Experience managing managers.
• Strong knowledge of cloud technologies, infrastructure management, and cybersecurity best practices.
• Demonstrated success in implementing DevOps and CI/CD practices.
• Experience with incident response, risk management, and compliance.
• Excellent communication, collaboration, and interpersonal skills.
• Excellent at multitasking and open to constant learning. 
• Strategic mindset with the ability to align technology initiatives with business goals.

If you are a visionary leader with a successful track record in managing cybersecurity, cloud security and IT teams, and meet the minimum experience requirement, we invite you to apply for this influential position. Join us and contribute to the continuous advancement and resilience of our technology ecosystem.

What SmithRx Offers You: 

• Total Rewards package that includes incentive bonus and stock options
• Highly competitive wellness benefits including Medical, Pharmacy, Dental, Vision, and Life Insurance and AD&D Insurance
• Flexible Spending Benefits 
• 401(k) Retirement Savings Program 
• Short-term and long-term disability
• Discretionary Paid Time Off 
• 12 Paid Holidays
• Wellness Benefits
• Commuter Benefits 
• Paid Parental Leave benefits
• Employee Assistance Program (EAP)
• Well-stocked kitchen in office locations
• Professional development and training opportunities