Job details

Director, Information Security and Compliance

Position Summary:

Direct Supply is building the future of healthcare technology with industry-leading products, solutions and platforms to help improve the lives of millions of seniors and those who care for them.

As the Director of Cybersecurity and Compliance, you’ll be responsible for end to end definition and implementation of our information and cyber security strategy. As a member of our Technology Leadership Team, you’ll work closely with our Vice President of Technology Platforms & Engineering and Chief Information Officer to ensure we secure and protect all aspects of information Technology and data security as we continue to develop artificial intelligence, IoT, and SaaS solutions using innovative cloud technologies.

Competencies & Skills Needed:

Builds and Drives Strategy - Creates a clear vision and strategy for Security Team and gains buy-in and support from Executives, stakeholders, and Partners on future direction and initiatives. Sees ahead to anticipate possibilities and accounts for it in plans. Shapes Function’s OKRs to execute strategic priorities.
Demonstrates Influence & Organizational Savvy - Relates well with stakeholders at all levels; Effectively navigates organizational dynamics; Speaks with conviction and demonstrates managerial courage.
Manages Complexity - Leads confidently through highly complex situations and pivots quickly as business dynamics change; Anticipates challenges and makes sense of conflicting information to find solutions; Bridges strategic plans and team-level execution.
Expert knowledge of NIST frameworks and experience with other security management frameworks.
Excellent understanding of current legislation and regulations relevant to our organization such as HIPAA, SOC1, SOC2, PCI, GDPR, and emerging data privacy laws.

What You’ll Do and Impact:

Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program
Recommend emerging products, technologies, and best practices that will improve security for the organization while ensuring support of everyday business.
Complete security operational planning and acquire technology that complies with state, federal, regulatory and data privacy requirements.
Develop, manage, and coach a team of security professionals who analyze IT security threats in real-time and mitigate these threats.
Build and lead security operations capabilities for attack simulation and defense.
Source the necessary hardware and software to implement the IT strategy and negotiate contracts.
Determine the cause of internal and external data breaches and institute appropriate corrective action.
Present reports on risk and security to the Board of Directors.

Experience:

Bachelor's degree in computer security, computer science, engineering, information technology, or a related field. An advanced degree is preferred.
Information security certification (CISSP, CISM, etc.)
10 + years of experience in risk management, information security, or programming.
7+ years of experience in people leadership
Experience managing security, risk, and compliance elements of cloud migrations and hybrid environments
Experience with contract and vendor negotiations and management including managed services
Excellent written and verbal communications for internal and external audiences
Experience with security tools (SIEM (Security Information and Event Management), DLP (Data Loss Prevention), McAfee suite, etc.)
Knowledge of networking security and devices (security system, VPN, VLAN, VPC (Virtual Private Cloud), DLP, etc.)
Experience with security of large-scale distributed cloud solutions
An exceptional understanding of scripting and source code programming languages, such as C#, C++, .NET, and Java.
Excellent project management, Budget development and tracking, and leadership skills.