Chief Information Security Officer

3 days ago

🍂 Massachusetts – Remote

Although this job is listed in Massachusetts, this company may be open to hiring remote in other states.

⏰ Full Time

🔴 Lead

👮‍♂️ Security Engineer

Apply Now

Receive Emails with Similar Jobs

1upHealth, Inc.

WebsiteLinkedInAll Job Openings

1upHealth, Inc. is a leading healthcare data management platform that focuses on enabling seamless, secure, and compliant health data exchange through its FHIR-powered solutions. Their end-to-end managed platform is built to enhance interoperability and provide actionable insights. 1upHealth supports collaborations with payers, providers, digital health entities, and life sciences to meet CMS interoperability requirements effectively. The platform's offerings include advanced APIs for patient access, provider access, payer-to-payer data exchange, health data analytics, and more, all designed to improve patient care and operational efficiency while ensuring regulatory compliance.

51 - 200 employees

⚕️ Healthcare Insurance

☁️ SaaS

🔌 API

💰 $25M Series B on 2021-04

📋 Description

• As our CISO, you will be responsible for the overall security posture of the company, IT infrastructure, regulatory compliance, and product security. • You will work cross-functionally with engineering, product, legal, and operations teams to embed security best practices across our organization and platform. • You will also be responsible for building a culture of security awareness, ensuring compliance with healthcare regulations (e.g., HIPAA, SOC 2, HITRUST), and driving strategic IT initiatives that support our growing team. • Security & Compliance Leadership: • Develop, implement, and maintain a comprehensive security strategy covering IT, compliance, and product security. • Lead the company’s risk management initiatives, identifying and mitigating security threats to company assets, infrastructure, and product. • Own and maintain security certifications and compliance programs (HIPAA, SOC 2, HITRUST). • Oversee security audits, penetration testing, and risk assessments. • Ensure security policies, controls, and best practices are integrated into the SDLC and IT operations. • IT & Infrastructure Security: • Oversee the IT team, ensuring secure, scalable, and efficient internal IT systems. • Establish and enforce identity and access management (IAM) policies, endpoint security, and cloud security best practices. • Ensure robust disaster recovery (DR) and business continuity (BCP) plans. • Partner with the engineering team to secure cloud infrastructure. • Product & Application Security: • Build and scale a product security program to ensure security is embedded throughout the software development lifecycle (SDLC). • Implement DevSecOps principles and tools to automate security testing and monitoring. • Work closely with engineering and product teams to ensure secure architecture, encryption, authentication, and API security. • Establish vulnerability management and incident response processes for product-related security threats. • Security Awareness & Incident Response: • Lead security training and awareness programs for employees to reduce human risks (e.g., phishing, social engineering). • Develop and maintain a robust incident response plan and lead the company’s response to security incidents and breaches. • Collaborate with legal, PR, and executive leadership to ensure transparent incident communication when needed.

🎯 Requirements

• Must-Have Qualifications: • 15+ years in information security, IT security, or compliance roles, with 5+ years in a leadership role. • Experience in a health tech, SaaS, or regulated industry (HIPAA, SOC 2, HITRUST, GDPR, etc.). • Deep knowledge of cloud security, network security, application security, and DevSecOps principles. • Proven ability to build and scale security programs from the ground up. • Strong background in IT systems security, identity and access management (IAM), and infrastructure security. • Hands-on experience with SIEM, endpoint security, vulnerability management, and IAM solutions. • Excellent communication and stakeholder management skills, with experience presenting to executive leadership and board members. • Nice-to-Have Qualifications: • Certifications: CISSP, CISM or equivalent. • Experience working with third-party auditors, regulators, and legal teams. • Familiarity with Zero Trust architecture and emerging security trends in health tech.

🏖️ Benefits

• 100% Paid BCBS Medical and Dental Insurance for Employees • Vision Insurance • Unlimited PTO • Equity • 401(k) • Home Office Stipend • Commuter Stipend • Wellness Reimbursement • Parental Leave (16 weeks for birthing parents, 6 weeks for non-birthing parents) • Company Meetings with Free Lunch