Wellframe is a Boston-based digital health company focused on building the next generation of infrastructure for care delivery by combining clinical medicine and mobile technology. We’re using our system to deliver more personalized treatments, optimize the management of large patient populations, and dynamically organize health care resources around the needs of patients. We partner with health insurers, hospitals, device companies, and outpatient clinical settings to bring the highest standards of preventive medicine to patients with complex medical and social needs using a tech-enabled approach to care delivery.

The Director of IT & Security is responsible for the technical oversight of Wellframe’s information security technology portfolio and program. This Director works closely with Engineering teams and the Privacy Officer to design and execute an IT Security strategy in a secure and compliant manner. The Director is a subject matter expert for all information security platforms and is responsible for developing the organization’s information security architecture as well as auditing information security policies and procedures and investigating information security events. This individual will serve as the company’s HIPAA Security Officer, and will be responsible for following and applying other applicable standards and best practices. 

The Director, IT & Security will actively promote a culture of information security, serving as an advisor and resource for other staff. This individual will take a proactive approach in continually assessing the security of those systems throughout their lifecycle, providing recommendations for enhancing security and adapting to new threats and vulnerabilities. 

Responsibilities:

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization
• Collaborate with Engineering and the Privacy Officer to ensure appropriate security processes, procedures and tools are installed, monitored, and effectively operating and alerting in the product and enterprise environment
• Oversee the administration of all information security technology platforms, ensuring that technologies are optimally configured and maintained to provide maximum uptime and protection to the organizations’ information systems
• Oversee and directly participate in the selection, installation, configuration, and monitoring of new information security technologies. Manage IT services vendor(s)
• Conduct regular technical risk assessments/audits of systems and infrastructure
• Draft, develop, and implement up-to-date security policies and procedures to safeguard information and data, and oversee training and dissemination of best practices. Maintain and incorporate current knowledge of HIPAA and other applicable standards
• Manage information security programs, including, but not limited to; information security awareness, vulnerability management, vendor risk management and risk management
• Lead the response and remediation relating to information security related incidents
• Review customer contracts and security addendums related to Information Security
• Be a point of contact for clients for articulating our infrastructure and security program

Requirements:

• In-depth knowledge of applications, systems, network and data security, telecommunications, security operations, hardware, devices, software and protocols
• 10+ years of direct experience in the areas of systems architecture, administration, database administration, network operations, or data center operations
• Strong knowledge of information security principles and practices
• Experience in managing security for protected health information (PHI) under different privacy laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the European Data Protection and Privacy Directive (GDPR) a plus
• Strong technical skills with the ability to explain and work through complicated IT security issues
• BS in Computer Science, IT, or related experience
• Certification in the area of information security such as CISSP, CISA, CISM, or similar
• Experience with cloud environments, architectures and technologies such as AWS, Google Cloud Platform, G-Suite and various communication and collaboration tools

Wellframe, Inc. is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status or any other characteristic protected by local, state, or federal laws, rules, or regulations.