Director, Information Security

Overview: The Director, Information Security oversees the critical programs that protect application and data assets which drive revenue for the organization. This role will engage with leadership teams in all areas of the organization to ensure effective information security programs and processes are in place. The Director, Information Security is responsible for the following areas: cybersecurity operations and cybersecurity technology oversight, governance, and application security including security architecture, secure SDLC process and tooling, Threat Modeling, DevSecOps Security Champions and DevSecOps Community management.

Duties and Responsibilities:

• Drives the deployment and adoption of the following functional areas/programs:
• Daily Cybersecurity Operations Oversight
• Cybersecurity tooling operational configurations
• Security Architecture Patterns and Pattern Languages
• Threat Modeling Program
• Establishment and management of a DevSecOps program and Community
• Secure CI/CD Implementation
• Data Protection
• Third party Penetration Testing Program
• Vulnerability Management Program;
• Responsible for the identification of security trends in order to achieve and maintain a holistic security posture including, but not limited to risk analysis, security architecture and design, and systems security engineering;
• Manage the daily operational integration between CCS, in particular the CCS Technology and Engineering teams, and the CCS MDR Vendor. Produce weekly Cybersecurity activity reports. Drive Cybersecurity technology configuration updates so that identified risks are not left unaddressed.
• Ensure ongoing protection of confidential data and risk assessment relative to CCS business model including, but not limited to classification of data, access controls, encryption, key management, storage and resource allocation.
• Drive the establishment of a technical/engineering DevSecOps Champions program and Community. Leading the adoption of DevSecOps principles, advanced role-based training, offensive testing and managing a community.
• Establish norms for security architecture and implementation pattern authorship and re-use across the engineering community;
• Establish recurring and long-range security and compliance goals and KPIs. Define metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements;
• Liaise with business, technology and product engineering to understand their security architecture needs and influence adoption of enterprise-wide security architecture.
• Maintain compliance with CCS's policies, procedures and mission statement.
• Adhere to all confidentiality and HIPAA requirements as outlined within CCS's Operating Policies and Procedures in all ways and at all times with respect to any aspect of the data handled or services rendered in the undertaking of the position.
• Fulfill those responsibilities and/or duties that may be reasonably provided by CCS for the purpose of achieving operational and financial success of the Company.
• Uphold responsibilities relative to the separation of duties for applicable processes and procedures within your job function.
• We reserve the right to change this job description from time to time as business needs dictate and will provide notice of such.
  

Job Requirements:

• Minimum 10 years of progressive experience performing technology and security related duties with at least 4 of the years in cybersecurity and systems security;
• Ability to communicate with and influence all levels within a dynamic fast past organization;
• Demonstrated experience in managing a team, as well as, coaching and motivating employees;
• Knowledge of applicable NIST, ISO, HIPAA, SOC, HITRUST, CIS and data privacy practices and laws;
• Strong leadership skills and excellent cross functional relationship building skills;
• Strong interpersonal and oral communication skills, highly self-motivated and directed;
• Experience in a national or international company with a geographically dispersed workforce;
• Knowledge of State and Federal laws governing public companies as related to Information Security;
• Knowledge of current landscape and future trends in information security, compliance, and risk management;
• Familiarity with cloud security alliance preferred; and
• CISSP, CISA, OSCP or other information security certifications are preferred.
  
  

Education:

• Bachelor's degree in Information Technology related field and or equivalent work experience required.
  
  

Physical Demands and Work Environment:

• Sedentary work (i.e. sitting for long periods of time);
• Exerting up to 10 pounds of force occasionally and/or negligible amount of force;
• Frequently or constantly to lift, carry push, pull or otherwise move objects and repetitive motions;
• Subject to inside environmental conditions; and
• Travel for this position will include less than 5% locally usually for training purposes.
  
  

ComplexCare Solutions Offers a Competitive Salary and Benefits Package

In addition to the base compensation, this position may be eligible for performance-based incentives.

The actual base pay offered may vary depending on multiple factors including, but not limited to, job-related knowledge/skills, experience, business needs, geographical location, and internal equity. At ComplexCare Solutions, it is not typical for an individual to be hired at or near the top end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate.

Base Compensation Range

$149,100—$248,500 USD

Studies have shown that women and people of color are less likely to apply for jobs unless they believe they meet every one of the qualifications listed in a job description. If you don't meet every qualification listed but are excited about our mission and the work described, we encourage you to apply regardless. ComplexCare Solutions is most interested in finding the best candidate for the job and you may be just the right person for this or other roles.

By embracing diversity, equity and inclusion we enhance our work environment and drive business success. ComplexCare Solutions strives to reflect the diversity of the communities where we operate and of our clients and everyone whom we serve. We endeavor to create a culture of inclusion in which our associates feel empowered to bring their full, authentic selves to work and pursue their professional goals in an equitable setting. We understand that by fostering this type of culture, and welcoming different perspectives, we generate innovation and growth.

ComplexCare Solutions is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirement.

The Company maintains a drug free work environment for all of its associates, which includes employees, contractors and vendors. It is unlawful for associates to manufacture, sell, distribute, dispense, possess or use any controlled substance or marijuana in the workplace and doing so will result in disciplinary action, up to and including termination of employment or the contracted relationship.

To review the legal requirements, including all labor law posters, please visit this link