Abacus Insights is a mission-driven, start-up technology company that is focused on improving health outcomes, lowering the cost of healthcare, and delivering a more seamless healthcare experience.  At our core, we are passionate about advancing healthcare and improving people’s lives through technology. 

With our deep expertise in cloud-enabled technologies and knowledge of the healthcare industry, we have built an innovative data integration and management platform that allows healthcare payers access to data that has been historically siloed and inaccessible. Through our platform, these health insurance payers can ingest and manage all the data they need to transform their business by supporting their analytical, operational, and financial needs.      

Through this mission and passion to aid people and population health, we have built a highly successful SaaS business that is heavily funded (since our founding in 2017 we have over 18 million) by leading VC firms who have deep expertise in the healthcare and technology industries. At Abacus, we are solving problems of massive scale and complexity in an industry that is not only ripe for disruption but requires innovation. We see massive growth in our future and would love for you to be a part of it!  

As Abacus is preparing for its next phase of growth and continues to expand our customer base, we have recognized the need for a Chief Information Security Officer (CISO). The CISO will play a critical role in helping to build and ship secure products with velocity, while protecting the critical customer production and corporate infrastructure. The CISO will also drive technical vision, execution and security leadership for Abacus as well as build strong security hygiene and posture within the organization with a focus on keeping the company and its data assets safe.

Strategy and Management Components of CISO:

• Further drive a culture of security across the organization through greater participation in the DevOps cycle.
• Understand the key attack vectors and be responsible for protecting Abacus from malicious actors misusing our platform, preventing malware and account takeovers.
• Responsible for ensuring that secure product features are created and shipped with velocity while ensure that the critical user data is safe. 
• Responsible for protecting our production and corporate infrastructure and building the foundational infrastructure that enables us to support a secure global corporate and production environment.
• Responsible for detecting and responding to intrusions by building and deploying advance detection capabilities, tools to analyze suspicious activities and respond to them appropriately.
• Responsible for creating the compliance strategy, obtaining the necessary compliance certifications and drive ongoing maintenance and audits of these certifications to include but not limited to: HITRUST, SOC2, GDPR, SOX etc.

Responsibilities:

• Bringing and maturing complex, cloud-based data products to market, and ideally have experience navigating the inherent challenges of the healthcare industry
• Exceptional technical leader with sufficient depth in InfoSec, AppSec, and Security Operations (SecOps).
• Identifying, analyzing, and evaluating technology risk and measure the risk quantitatively and qualitatively. The Chief Information Security Officer and their team will also be responsible for partnering with other constituents to propose and implement a security program in order to advise the business on the best risk solution portfolio.
• Direct influence at the C-Suite level and with the platform's architectural direction. As a result, this leader will enter the organization with a deep knowledge in the Security space and thus will be the key leadership position to drive this ongoing effort. This leader will need to operate effectively as a strong influencer in the organization.
• Protect the company’s data while reducing the number of known vulnerabilities in the production and corporate environments and access to user data in production. The Chief Information Security Officer will help drive business functions to operate in a highly secure environment. The Chief Information Security Officer in doing so, will manage Risk and Compliance to build and drive various security programs and assist with things such as vendor security reviews and compliance. The Chief Information Security Officer will be responsible for conducting internal privacy assessments art working closely with the Compliance team(s), IT, HR, Sales and Marketing, Procurement, and any third-party data vendors/providers to ensure that all other requirements pertaining to data privacy and compliance issues are upheld.
• Promoting an effective narrative about security to ensure that there is a strong cultural fit with new and existing employees.  In addition, the leader will look to evaluate security intelligence and altitude when building out teams and functions within the company.

Requirements:

• Domain Expertise: A strong understanding of the common security domains including Security Engineering (DevSecOps), InfoSec/InfraSec, AppSec, as well as compliance.
  • Familiarity with Public Cloud deployments and offerings in AWS, Azure, or Google Cloud.
  • Have obtained compliance certifications and drive ongoing maintenance and audits of certifications in the areas of HITRUST, SOC2, GDPR, SOX among others.
• Leadership: Built and grown a world-class security team of 8-10 FTEs with an emphasis on Engineering excellence. Someone with experience managing other managers with evidence of developing and actively monitoring their former team members. The CISO will provide direct leadership by setting, communicating, and modeling high standards of performance and professionalism, developing and maintaining a high level of work ethic and personal credibility with staff and the executive team while demonstrating consistent and sound judgment.
• Credible, Effective Driver, Communicator and Influencer: The CISO should possess excellent communication skills, including the ability to communicate security related concepts to technical and nontechnical audiences (internal and external); well-developed interpersonal and collaboration skills. The CISO should be able to point to successful programs they were able to conceive and implement across their organizations.
• Strategic: Abacus Insights is rapidly evolving the product and use cases for their business. The CISO will demonstrate ability to create and drive an overall security strategy throughout the organization. As result, the CISO will work closely with the leadership team to define the long-term goals for the security posture and roadmap for the organization. The CISO will work closely with both internal and external security experts to ensure Abacus security processes and practices are state of the art and demonstrate the most advanced methods in enterprise security.