Director of Information Security
CE Broker and EverCheck Boulder, CO
- Expired: over a month ago. Applications are no longer accepted.
CE Broker creates software that simplifies licensure compliance for professionals.
We're looking for a Director of Information Security to join our team. This full-time position is open in both our locations - Boulder, CO and Jacksonville Beach, FL.
Who we're looking for:
CE Broker is seeking a self-motivated thought-leader on all things IS, capable of inspiring the buy-in of stakeholders from all levels of the organization to a strong risk-management framework; an independent professional who is passionate about staying abreast of industry best-practices and changing vulnerabilities; an idea-person with the vision to define IS practices organizationally in present and future state, as well as the initiative, ownership and accountability to personally see critical projects from inception to successful completion. Simply stated, the Director of Information Security (IS) is responsible for driving the Information Security function across all business lines of the company, covering a range of tactical, operational and strategic initiatives. In addition to possessing strong leadership skills in order to coordinate and manage projects, the right person demonstrates a track-record of successful initiatives creating, driving, and monitoring both a program and culture of security to ensure compliance with self-defined Information Security standards and industry best practices.
What you'll do in this role:
- Spearhead an ongoing risk analysis methodology to analyze the efficacy of information security protocols in both the software products and operational processes of the company.
- Constantly assess changing security risks and ensure that proportionate measures are in place to protect critical IT systems and software development operational practices, proactively communicate with internal stakeholders on any recommendations, and execute their successful implementation.
- Perform ongoing in-depth analysis of company operations, products and development practices to maintain a detailed organizational/operational view that allows for the definition, development, implementation and enforcement of a tailored information security program.
- Confidently, effectively and, as applicable, persuasively communicate with external and internal stakeholders on IS topics ranging from audit results, responding to IS questionnaires, IS policies and procedures, and adherence to industry best practices and recommendations as a result of risk analysis.
- Thought-lead and independently drive the company’s entire security strategy, to include development or revision and execution of applicable policies, procedures and employee training programs to support that strategy according to industry best practices.
- Lead a response group for security incidents to affirmatively address the problems related to information security within the company.
- Review emergency response and business continuity plans and ensure that they are current, proportionate and relevant.
- Directly manage all external audits focused on information security, including security assessments and SOC, etc., to evaluate the maturity of security practices within the company and timely execute remediation of any vulnerabilities.
- Passionately drive an information security culture running throughout the company.
- Own all compliance monitoring processes across all security policies companywide.
- Implement and maintain technical and physical safeguards and best practices for critical IT systems.
What You Bring To The Team:
- Bachelor's degree in information technology, information security, computer science or a related field.
- Security-related certifications such as CISSP, CISA, CISM, GIAC, HCISPP, CHC, CHPC or CHSP.
- Minimum 7+ years IT or Information Security progressive leadership experience.
- Expertise and experience in a variety of domains such as application development, application security, security operations, cybersecurity monitoring, vulnerability management, incident management & response, identity and access management, and cloud infrastructure (AWS).
- Experience in IT security solutions and deployments, such as vulnerability scanning, penetration testing and application security testing.
- Established knowledge with respect to data privacy compliance (such as CCPA), governance, and compliance frameworks such as HIPAA, HITRUST, NIST CSF, ISO2700X, PCI-DSS, and SOC, and with driving a compliance program in accordance with such frameworks (specifically to include SOC).
- Full understanding of security best practices, able to develop, implement, manage and administer security policies, procedures and guidelines.
- Passion to remain current on information security industry trends, standards, tools, techniques and procedures and affirmatively implement relevant changes to internal IS protocols.
- Live by a sense of personal responsibility and accountability, taking ownership and initiative over all issues within the IS scope with minimal supervision or direction.
- Experience building and leading an exceptional team, with the capability to develop and guide junior information security and IT team members.
- Adept at relationship building and partnering with technical and business leaders across the company.
- Comfort working with executive management to integrate controls into the scope of existing business practices and, as applicable, recommended new practices.
- Excellent verbal and written communication skills, comfortable drafting policies, creating reports, and presenting issues to all levels of internal and internal stakeholders from executive leadership, to customers, to outside auditors.
- Knowledge of the security vendor marketplace and the ability to efficiently manage third party security providers and navigate third-party information security attestations, audits and standards.
- Experience working within a software development company and/or the healthcare industry.
Why work for CE Broker?
- Five-time award winning "Best company to work for" by Outside Magazine!
- We've made a commitment to sustainability and are putting our money where our mouth is!
- Wellness benefits to help you live balanced - we’ll pay for your gym or fitness apps and get you discounts on organic produce.
- Professional Development Allowance - we want you to actively pursue growth and learning!
- Ample PTO, specific paid time for volunteering and a generous leave package for new parents.
- Medical, dental, and vision benefits, as well as 401K with company matching.
- Check it out for yourself at our CE Broker Culture Instagram account!
This full-time position is scheduled to work 40 hours per week, M-F unless otherwise required by project activities. The target base pay range for this role is $100,000-150,000 annually, commensurate with experience and geographic location market value and accompanied by our full benefits package.
We are an equal opportunity employer and value diversity at CE Broker and EverCheck. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Qualified candidates from all backgrounds are encouraged to apply.
Powered by JazzHR
CE Broker and EverCheck
TechnologyView all jobs at CE Broker and EverCheck