Director, Information Systems Security and Privacy

About Podimetrics: 

Founded in 2011, Podimetrics set out on a mission to improve patient lives through early detection and prevention of diabetic foot ulcers, the leading cause of lower limb amputations. Podimetrics has since evolved to become a rapidly growing virtual care management company with advanced technology and patient-centered services.

Today, Podimetrics teams with and provides solutions to patients, payers and providers that alleviate the health and financial implications of diabetic foot complications in high-risk populations. We are a mission driven, financially responsible enterprise that enables patients to stand on their own feet and live more independent and fulfilling lives. 

Core Values:

• Mission First: We are here to drive critical change, bring hope and compassionate care to those in great need.
• People Matter Most: We advance our mission by caring for our people (colleagues, patients, providers, customers and stockholders), treating them with kindness and respect.
• Courageous Action: We are driven to act and demand mutual accountability. We believe that missteps foster learning and iterative improvement.
• Healthy Debate: We commit to transparent discussion and resulting decisions. The very best decisions come from differing points of view, requiring good intentions, mutual trust and no ego.
• Deep Curiosity: We are always striving to learn more and do better. We question if the best we have ever done couldn’t be improved further.
  

Role Description:

The Director of Privacy and Security is a senior leader at Podimetrics, a care management company with the leading solution to help prevent diabetic foot ulcers. Commensurate with Podimetrics’ mission, the primary objective for the Director of Privacy and Security is to improve patients’ lives through the early detection and prevention of diabetic foot complications by ensuring that the sensitive information entrusted to us by patients and customers is handled in compliance with applicable laws, regulations, customer requirements, and best practices. To this end, the Director of Privacy and Security will partner with the executive leadership team to define and execute strategic priorities related to Podimetrics’ existing privacy and security policies and activities.

Key Responsibilities:

• Lead and coordinate multi-disciplinary teams across the company to successfully complete internal and third-party audits and attestations, including for SOC-2 and HITRUST
• Support our quality/regulatory function for components of US and international regulations related to privacy and security
• Maintain compliance with our existing policies and procedures related to compliance with applicable laws, regulations, customer requirements, and best practices, and evolve them to ensure we meet our customers’ and patients’ needs
• Serve as a technical leader for cybersecurity strategy and implementation, with an ability to work as an individual contributor alongside direct reports (player-coach role).
• Execute and improve upon a cybersecurity roadmap for new system deployments and integrations.
• Create and adhere to budgets, driving cost-cutting opportunities and cost-conscious decisions.
• Aggressively drive cybersecurity vulnerability remediations.
• Interface with customer data security and privacy teams during vendor assessments, maintaining timelines to support sales and projecting competence and confidence to the customer on the company’s behalf
• Collaborate with the product development, software, and research teams to incorporate security and privacy best practices into the design, testing, and maintenance of our products, services, operational tools, and cloud infrastructure
  
• Complete routine compliance activities related to software and computing infrastructure hardening, monitoring, remediation, testing, patching, and documentation.
• Enterprise systems administration, maintenance, and optimization (e.g. NetSuite, MS Office, Salesforce, GSuite)
• IT Support oversight for corporate computing resources including policy implementation and maintaining high SLAs for internal staff. 
• Leadership for small GRC/ISS team 
• Responding to compliance questionnaires from prospective and existing clients. 

Qualifications:

• Cybersecurity background
• Bachelor's degree in relevant field
• Experience maintaining organizational compliance using cloud providers including Amazon Web Services and Google Cloud Platform
• Experience managing compliance for a healthcare company is strongly preferred
• Understanding in the following areas:
  • Antivirus/EDR
  • Patch Management
  • Serverless Infrastructure (AWS and GCP)
  • Firewall Configuration
  • CASB
  • Encryption (in transit and at rest, FIPS)
  • Multifactor Authentication
  • Single Sign on
  • Data Loss Prevention (Host and Network DLP)
  • Host Intrusion Detection/Prevention
  • Network Intrusion Detection/Prevention
  • Security Operation Center (SOC) Management
  • SIEM
  • Disaster Recovery
  • Business Continuity
  • Vulnerability Scanning
  • Penetration Testing
  • Mobile Device Management
  • DNS
  • DHCP
  • WAF - Web Application FirewallTabletop Exercises
  • Content Filtering
  • Identity Management (e.g. MS Active Directory)
• Experience with the below technologies is a plus:
  • MS Defender Suite
  • Intune
  • Jamf
  • EntraID

Competencies:

• Accountability: Take ownership and responsibility for patient outcomes and provider and customer satisfaction.
• Attention to detail: Does not let important things slip through the cracks or derail a project
• Proactiveness: Have a bias to action and anticipate the future needs of the business.
• Resourcefulness: Find creative solutions to difficult problems, doing a lot with a little.
• Honesty/integrity: Earns trust and maintains confidences, doing what is right, not what is expedient
  

Benefits: 

• Pay Range - $200,000+ annual base salary
• Annual Bonus Opportunity
• Equity Options
• Flexible Paid Time Off (Guaranteed four weeks of PTO)
• Paid Sick Leave (up to 40 hrs annually)
• Fully Paid Parental Leave (12 weeks for birthing parents, 8 weeks for non-birthing/adoptive parents)
• Competitive Medical, Dental, and Vision plans – Podimetrics covers 80% of premiums.
• Health Savings Account with employer contribution
• Employee Assistance Program - Free, confidential advice for team members who need help with stress, anxiety, financial planning, and legal issues.
• 401k
• Life Insurance - Podimetrics pays 100% of the cost of Basic Life & Personal Accident
• Disability insurance – Podimetrics pays 100% of the cost of Short-Term and Long-Term Disability Insurance
• Additional life insurance, critical illness, and accident coverage are available
  

Podimetrics is committed to a diverse and inclusive workplace. We are an equal opportunity employer and do not discriminate based on race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.