Chief Information Security Officer

San Francisco, CALIFORNIA | about 2 months

Job Summary

San Francisco

Job Description

The Chief Information Security Officer is responsible for providing leadership over Cleo’s information security strategy, security program oversight, and security architecture development and implementation, in conjunction with managed IT resources.

In this part-time role, you will be tasked with both developing and executing policy, structure, and controls to limit the company’s exposure to information security risks related to product development, technology situations, crisis management, third parties, data privacy, and regulatory compliance.

You will collaborate with the product, development, and operations teams to ensure a cohesive information security strategy is in place. You will also have responsibility for all data/information security policies, standards, procedures, and organizational awareness.

You will work closely with the in-house IT staff to ensure that technological controls and policies meet the organization's data security requirements. You will represent Cleo at numerous levels inside and outside of the company, including with customers. Researching, compiling, and presenting numerous assessments, policies, and procedures to stakeholders is a key responsibility. 

Key Responsibilities:
    • Provide strategic and tactical security guidance for proposed projects, including evaluation and recommendation of technical controls
    • Identify, assess, and prioritize IT risks to data and systems, including internal/external threats, cyber-crimes, and third-party risks. Advise relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk
    • Manage relationships with auditing firms and regulatory agencies to ensure maintained compliance with company critical standards and regulations, including HIPAA, SOC, ISO, GDPR, and CCPA
    • Lead discussions with potential customers from a security stance, working with buyers and procurement to communicate the security of Cleo’s offerings
    • Develop and maintain business continuity, disaster recovery, and incident response plans. Ensure plans are tested at least annually
    • Assist the vendor management team in reviewing information and cyber security related due diligence documentation to ensure appropriate third-party security measures are in place

To be successful in this role you may have:
    • 6-8 years experience in a security management leadership role, preferably in the healthcare industry
    • Knowledge of health as it relates to customer information privacy
    • Programming/technical capabilities
    • Strong project management and strategic planning skills
    • Excellent written and oral communication skills
    • Fluency in regulatory and compliance language and the ability to stay on top of regulation changes to keep the organization adaptable
    • Skill at partnering cross-functionally across organizations including working with product, customer success and other areas
    • CISSP, CISM, or similar certification
    • An eagerness to work in an ever-changing, fast-paced startup environment

Similar Jobs

Similar Jobs