Information Security Manager
Aunt Bertha, a Public Benefit Corp. · Austin, TX
Health & Well-Being
Partners & AdvocatesPosted 1 month ago
Google Cloud Platform
Our Mission: To connect all people in need and the programs that serve them (with dignity and ease).
Aunt Bertha picks up where Uncle Sam leaves off by making it easy to find and apply for government and charitable social service programs. By organizing the world's human service program information, we make it easy for people in need and the people who help them to find help in seconds on https://findhelp.org.
We are looking for people who are driven to make the world a drastically better place and want to join our small group of thoughtful, committed citizens because they believe, as Margaret Mead said, "Never doubt that a small group of thoughtful, committed citizens can change the world; indeed, it's the only thing that ever has."
Our employees are aligned around this mission. That's why it is a requirement of our application process that you include a cover letter detailing how Aunt Bertha’s mission speaks to you.
Please note: If our mission doesn't strike a chord with you that is OK. But please consider not applying. We are seeking people who come on fire after learning about what we do.
In this work, privacy and security are a top priority and foundational to all that we do. For example, we work with health insurers, hospital systems, schools and universities, city and state governments, and more, to reach people in need. Therefore, it is of the utmost importance that we protect our customer’s and our user’s data by delivering against the Security, Privacy, and Compliance commitments we make to our diverse constituent groups. To ensure we do this, we seek to hire an Information Security Manager who will serve as the Deputy CISO responsible for executing our Information Security Program.
Our Information Security program attained HITRUST status in 2019. This role is a critical part of our strategy to maintain our compliance status while incrementally improving our security program and modernizing our platform architecture. Strong process skills and an ability to pull alongside the product engineering teams to evaluate the security impact of changes are a must for any successful candidate.
The Ideal Candidate
such as logical access control or separation of duties when working across the business. They are confident in their ability to establish processes by putting “pen to paper” to document the current state, with an eye towards continuous improvement in the future. This candidate is excited to learn the ins and outs of executive communication and corporate governance while bringing their deep expertise as a subject matter expert and an individual contributor to the executive leadership committee. Aunt Bertha takes its customer commitments seriously and is expecting this hire to be the first line of defense to ensure our senior leadership is informed and effective when it comes to managing our security, privacy, and compliance risks.
This skillset and experience level can expect to command 150-195 base salary, with higher pay bands associated with more excellent experience serving in a CISO or vCISO capacity. Ideal candidates will be excited to have access to senior management and gain experience coaching executives on managing cybersecurity risk. Additionally, they understand this role to be one that will require them to serve as a shining example of what being an independent contributor looks like on the security team.
· Has deep technical expertise both in cloud technology and information security within an agile, DevOps engineering culture
· Has strong business acumen and experience communicating with C-Suite
· Has managed policy and procedures before in a formal manner
· Has deep technical expertise in cloud security, but not NIST or healthcare compliance
· Has not managed policy and procedure formally, but has expert process management skills
· Lacks experience communicating with C-Suite
Has not managed individual contributors
Is not confident in process skill set – Documentation, Design, Execution, and Improvement
Does not have any cloud experience
Thinks manual asset inventories are good enough
- Facilitate Executive Risk Committee meetings and continuously improve the effectiveness of risk management processes
- Review, Update, and Maintain Information Security policies and procedures as well as the company risk register
- Respond to customer requests for information regarding our cybersecurity and compliance posture (Cybersecurity Questionnaire’s)
- Support Annual HITRUST and HIPAA audits
- Develop Aunt Bertha’s information security program using the NIST 800-171 framework
- Manage the security operations team comprising of security analysts and an embedded security engineer
- Work with the Engineering department to develop a secure software development lifecycle (S-SDLC)
- Translate security and compliance requirements into technical controls that can be developed by the engineering department and embedded into the platform
- Review new technologies and evaluate their impact on current and future compliance requirements
- Mature security operations through needs analysis, selection, configuration and monitoring of security tools such as:
o Security Information and Event Management (SIEM) systems
o Web Application Firewalls – WAF
o Endpoint Protection Systems – EDR
o Intrusion Detection and Protection – IDS/IPS
o Cloud Security Posture Management - CSPM
- CISSP or CISM certification
- 3+ Years working as an Information Security Manager or Process Lead for a HIPAA or HITRUST organization
- Deep understanding of Risk Management processes and principles
- Technology selection and vendor management experience
- Experience managing individual contributors and providing critical feedback
- A Cloud Security Certification on GCP/Azure/AWS
- Lean/SixSigma experience or greenbelt certification
Aunt Bertha is proud to be an Equal Opportunity Employer. We are building a company whose employees understand our users, through their own lived experiences. This means we strive to hire employees that are diverse by race, gender, gender identity, gender expression, age, religion, sexual orientation, physical abilities, veteran status and socio-economic upbringing.