Director of IT, Security & Compliance

Form Health is a virtual obesity medicine clinic delivering multi-disciplinary evidence-based obesity treatment through telemedicine. Obesity impacts more than 40% of the US adult population, and although historically only about 1% of patients received medical treatment for their disease, the field of Obesity Medicine is entering a period of rapid growth. Form Health provides high-quality expert care and leverages technology to enhance the patient experience. All Form Health patients work closely with their care team, which includes board certified physicians, advanced practice professionals and Registered Dietitians. Through our proprietary mobile app patients engage in regular video visits, as well as text messaging, photo journaling, digital data transmission, and customized educational materials. We hold ourselves to the highest standards of clinical care, and to treating every individual with empathy and respect. 

Founded in 2019, Form Health is a venture-backed innovative startup with an experienced clinical and leadership team. Our mission is to empower patients and be leaders in Obesity Medicine driving impact at a national scale. We are deeply invested in our core value to put patients first, and also deeply committed to creating a culture where every employee is valued and we learn and improve together. 

About the Role:

We are seeking an experienced Director of IT, Security and Compliance. In this role you will be responsible for managing a comprehensive enterprise-wide information security and IT risk management programs, HIPAA & SOC2 compliance, our Service Desk which supports employees and patients, and assisting our commercial team with responding to security questionnaires as part of our sales process.

This is a full time opportunity reporting to our Chief Operating Officer. Work is remote but must be able and willing to travel occasionally. 

We seek applicants who have: 

• A Bachelor’s in Management Information Systems, Computer Science or equivalent experience
• 7 years IT, security and compliance experience
• CISSP, CISM, CISA, GIAC, or other security certification/accreditation strongly preferred
• Experience with HIPAA, SOC2, HITRUST

In this role, you will: 

• Provide leadership, motivation, coaching, professional development and day-to-day support to foster an engaged work environment with a focus on customer service
• Oversee the selection, development, deployment, monitoring, maintenance, and enhancement of an organization's technology infrastructure
• Plan and implement security standards, practices and procedures to ensure system security and legal compliance. 
• Monitor and perform IT risk assessments, audits, and security incident investigations
• Conduct vulnerability assessments, testing internal and external network perimeters for accessibility. 
• Work with internal and external auditors to ensure compliance with adopted IT policy and procedures, and legislation related to data privacy or security provisions in safeguarding specific information.
• Establish service level agreements and monitor progress toward key service delivery performance indicators (KPI’s) or metrics.
• Manage the development and delivery of IT standards, best practices, architecture and systems to ensure information system security across the enterprise.
• Partner with all departments across the organization to integrate security into operational processes. 
• Manage projects requiring relationship building, creative problem solving, and proficient management of projects, resources, and new technologies in a dynamic environment
• Be a collaborative and persuasive leader with a strong commitment to teamwork and knowledge sharing who effectively communicates technical concepts to a broad range of technical and non-technical staff.
• Be experienced with contract and vendor negotiations.
• Evangelize IT security to make it a critical part of business operations; build trust and respect for the security function
• Be able to communicate security and risk-related concepts to both technical and nontechnical audiences (in business terms),

More about Form Health’s benefits:

• Competitive salary and equity in a high growth start-up
• Comprehensive health benefits (medical, dental, vision) 
• 401k program
• Flexible work schedules and paid time off
• Paid parental leave

Form Health’s commitment to building a diverse, equitable, and inclusive work environment:

Form Health is committed to creating a culture and environment that celebrates diversity and inclusion, while fostering safety and belonging. This extends from our remote patient care to our corporate offices and everywhere in between. We are looking for team members who want to help us further our Diversity, Equity, and Inclusion (DEI) efforts and who share our attitudes for creating an inclusive, safe, and positive work environment.