HT IconHealthy Together

Director of Cyber Security & Compliance

About Healthy Together

Healthy Together's mission is to improve collective health and make government more efficient. The Healthy Together SaaS platform enables the future of health and human services by bringing together the objectives of government programs and the needs of residents into a single platform. Our cloud-based technology increases the reach and efficacy of health and human service initiatives, reduces costs, and eliminates manual processes through automation -  all while focusing on expanding health equity. Healthy Together has achieved #1 on the App Store in the Health & Fitness category and currently has 200k+ reviews with a 4.9/5 star rating.

Role Overview

As the Director of Cyber Security and Compliance at Healthy Together, you will play a critical role in ensuring that the company’s software and processes are secure and in compliance with all relevant laws, regulations and contractual obligations. This is a remote position.

What You’ll Do

  • Ensure annual audits are being conducted (HIPAA, SOC-2, etc.)
  • Implement and keep security and compliance controls of SOC-2 & HIPAA especially as it pertains to protecting PII and PHI. For example:
  • Ensure appropriate levels of background checks are done for relevant employees
  • Implement employee access management protocols
  • Deploy and manage mobile device management (MDM) software on all company devices.
  • Deploy and manage antivirus software for all company machines
  • Conduct annual security trainings as required
  • Manage annual third party penetration tests and security scans
  • Manage onboarding and offboarding plans and ticketing process for employees to ensure appropriate permissions are given and revoked.
  • Build and maintain a bug bounty program
  • Help reply to the security and compliance sections of sales proposals
  • Hellp the company achieve StateRAMP compliance
  • Build compliance plans and controls per customer contract
  • Work with the product team to identify and mitigate any potential risks in the product experience
  • Help identify tracking event needed for audit logs
  • Manage, evaluate, and resolve any physical or digital security incidents or breaches
  • Help negotiate and review business associate agreements (BAAs) as needed
  • Coordinate compliance and security needs/requirements between Product, Legal, Engineering and HR
  • Review product plans and designs to ensure compliance and security prior to development
  • Manage process to obtain needed partner certifications and architecture reviews (e.g. AWS certification)
  • Ensure Privacy Policy and TOS commitments match actual processes
  • Manage compliance with Google Play store and Apple App Stores
  • Obtain and manage third-party attestation of product accessibility compliance and complete Voluntary Product Accessibility Templates (VPATs) as needed
  • Manage budgets for all things security and compliance (pick vendors, negotiate price, etc.)
  • Stay up to date on the latest best practices, changes and trends in cybersecurity and government regulations
  • Conduct employee vulnerability campaigns (e.g. Email/SMS phishing)

Qualifications

  • 5+ years of experience in a compliance, security, or IT audit role
  • Bachelor’s degree in Information Security/Information Technology, Computer/Electronic Engineering, Communications Engineering, or related field
  • Experience working in regulated fields such as government or healthcare
  • The ability to work through challenges of a fast-paced startup environment
  • Experience managing the audit process and working with external auditors
  • Strong written and verbal communication skills
  • Experience developing and implementing policies and procedures
  • Strong attention to detail and problem-solving skills
  • Comfortable working with highly technical and legal documents
  • Nice to haves:
  • (ISC)² Certification
  • Systems Security Certified Practitioner (SSCP)

Benefits

We are a well treated group, with awesome benefits! If there’s something important to you that’s not on this list, consider talking to us! :)

  • Remote-first
  • Competitive salary and equity in a fast-growing health tech start-up
  • Peace of mind with comprehensive health and dental insurance for you and your dependents
  • Open vacation policy and flexible holidays so you can take time off when you need it
  • Paid maternity leave, as well as 6 weeks paternity leave for parents, to let you spend valuable time with your loved ones
  • Monthly health & fitness allowance
  • MacBooks are our standard, but we’re happy to get you whatever equipment helps you get your job done

Equal Employment Opportunities at Healthy Together

We are a consumer-first company and we want to attract and retain a diverse range of people into our organization. We’re committed to an inclusive and diverse team at Healthy Together. We do not discriminate based on gender, ethnicity, sexual orientation, religion, civil or family status, age, disability, or race.

To apply for an open position, send your resume in an email to jobs@healthytogether.io with your desired position as the subject line.

Apply For This Position