Sr. Director, Information Security

WHO YOU ARE

You are a cybersecurity thought leader who can see around corners. You understand the delicate balance between control and efficiency and have worked in highly regulated industries with exposure to multiple threat vectors. You embrace the democratization of information security and evangelize the importance of accountability by educating those who handle sensitive data. You understand the decisions you make impact an entire organization and demonstrate thoughtfulness in reasoning and execution. You are passionate about your work and empathetic to those whom you support. Does this sound like you? If so, we should talk.

WHO WE ARE

Evergreen Nephrology partners with nephrologists to transform kidney care through a value-based, person-centered, holistic, and comprehensive approach to kidney care. We believe patients living with kidney disease deserve the best care. We are committed to improving patient outcomes and improving quality of life by delaying disease progression, shifting care to the home, and accelerating kidney transplants.

We help nephrologists focus on the right patients at the right time across the full care spectrum. We do this by providing them with the best-in-class interdisciplinary clinical resources, analytical insight and tools, and services to patients.

We listen to the needs of our patients, our employees, and our client partners, continually working to push beyond the status quo in which the care system manages patients today.

YOUR ROLE

As Senior Director Information Security, you will lead a team of risk and security professionals

PRIMARY FUNCTIONS

• Accountable for rapidly developing and executing on an InfoSec separation roadmap from Evergreen's existing technology MSO provider
• Accountable for assessing existing InfoSec technology platforming and vendors to ensure alignment with long-term Evergreen growth strategy
• Develops InfoSec policies, procedures, and controls to manage on-premises and cloud platforms containing PII and PHI
• Develops risk mitigation strategies for threat vectors related to a mobile/field workforce
• Establishes risk assessment processes for new technology platforms introduced at Evergreen
• Collaborate with internal teams and external vendors to addresses security posture mandates (e.g. HITRUST) of Evergreen business partners
• Collaborate with internal teams and external vendors to implement new software, policy configurations & settings to mitigate vulnerabilities
• Partner with Evergreen I&O leadership to mature IAM and single sign-on strategy
• Partner with Evergreen I&O leadership to mature mobile device and mobile application management strategy
• Serves as a Subject Matter Expert (SME) for security and risk tool sets
• Liaise with Business and IT Groups in the security analysis, design and planning phases of IT and business-related projects
• Create and maintain new and existing playbooks/runbooks, work with multi-functional team members to maintain high-quality work standards
• Evaluate vulnerabilities that exist and make recommendations for remediation
• Ensure day-to-day operational tasks are performed and security metrics are relevant and current
• Maintain expertise in the area of Information Security, including industry trends, strategies, vulnerabilities and threats to ensure the company's assets are effectively and appropriately secured.
• Participate in security incident response processes on a per-occurrence basis
• Participate in an on-call support on a rotational basis

YOU'RE GOOD AT

• You reviewed the Who You Are section of this job posting and immediately felt the need to read on. That makes you a match for our innovative culture
• You accept that things change quickly in a startup environment and are willing to pivot rapidly on priorities

• Seven years of experience in Information Security & IT Risk Management at a senior level
• Five years of experience working with executive leadership (e.g. Vice President level and above)
• Five years of experience from within a healthcare organization (or other highly regulated industry)
• Experience with standards and frameworks (such as HITRUST, ITIL, NIST, ISO, COBIT, IETF, IEEE)
• Leading and conducting reviews of processes, policies, procedures, security, and configuration controls of existing systems as well as proposed controls of new systems
• Identifying risks, controls and gaps within a process or system and reviewing findings and management responses
• Security+, CISSP, CISM, and/or CISA certifications desired
• Network/application/system vulnerability and threat management experience

• Ability to manage budget spending/forecast through managers to meet functional objectives
• Stakeholder management skills and the ability to define and communicate the data strategy to both technical and non-technical audiences
• Proven understanding of healthcare privacy and security practices

• Excellent communication skills, both written and spoken

WE'RE GOOD AT

• You will benefit from Evergreen Nephrology's exceptional total rewards package, including competitive base pay with bonuses, paid time off starting at four weeks for full-time employees, 12 paid holidays per year, reimbursement for continuing medical education, 401k with match, health, dental, and vision insurance.
• We are proud to offer family-friendly policies that support paid parental leave and flexible work arrangements.
• We commit to a robust training and development program that starts with onboarding and continues throughout your career with Evergreen Nephrology
• As an inclusive and diverse team, you will collaborate with like-minded healthcare professionals who, like you, understand the importance and value of Evergreen Nephrology's high-quality, value-based care model

Common characteristics of the people who comprise Evergreen Nephrology:

Smart, detail-oriented, mission-driven, entrepreneurial, and operates with urgency