If you or a loved one has ever experienced a major medical event, you know how overwhelming it is to process the flood of information that follows—whether it’s hastily delivered guidance from your doctor, or a pile of paperwork on managing your recovery. And once you get home, it can feel impossible to know where to start, or how to stay on track to reach your health goals.

At Wellframe, we’re helping healthcare organizations fill this gap, so people can get the holistic resources and support they need to feel their best, outside traditional care delivery settings. Through our patented platform, Wellframe translates evidence-based, peer-reviewed guidelines and literature into an interactive daily checklist delivered to patients through the Wellframe mobile app. As patients engage with the Wellframe app, their data is shared in real time with their care team through the care team dashboard, which utilizes advanced algorithms to generate early intervention alerts. With secure two-way messaging, Wellframe facilitates long-term, trusted relationships between patients and care teams.

The Security and IT teams are responsible for protecting company resources, as well as enabling users to work efficiently with technology solutions and hardware.

This role is responsible for the security compliance program for organizational applications and infrastructure. This role ensures compliance with internal security requirements in key IT areas, including performing security assessments and on-going evaluations for organizational compliance and risk management frameworks; e.g., SOC 2, HIPAA, HITRUST, ISO/IEC 27001, NIST, FedRAMP, etc., reviewing enterprise agreements related to information systems and/or architecture, responding to security questionnaires, administering information security policies and procedures, performing risk assessments, and assisting with business continuity and disaster recovery plans.

Areas of Responsibility:

Assessment and Analysis

• Assist with administration, management, and reporting for security assessments and on-going monitoring activities; e.g., SOC 2 Type II, NIST, ISO/IEC 27001, HIPAA, GDPR, etc.
• Perform security control assessments using applicable frameworks and projects to fulfill resulting corrective action plans
• Work with external auditors to complete company audits
• Work closely with the Legal & Privacy team on regulatory compliance requirements
• Perform assessments on prospective and current vendors
• Provide responses to security questionnaires supporting due diligence and risk management activities for existing and/or prospective customers

Security and Technical Operations

• Develop, document, and disseminate professionally written reports and visual presentations to all staff levels; e.g., executive staff, program managers, technical teams, etc., about security assessment conclusions, recommendations, and remediation strategies
• Assist in managing automated technical solutions, as well as manual procedures, to document and manage risks to organizational information assets and resources
• Test information security controls, across multiple business processes and/or locations, ensuring implementation techniques meet the intent of organizational compliance frameworks and security requirements
• Update policies and procedures describing security requirements, guidance, and standards for organizational information systems and architecture
• Maintain detailed records and reports
• Review industry-accepted sources of information to stay ‘up-to-date’ on information security principles and standards related to new business IT strategies or development of information systems
• Review proposed changes to information systems and provide approval/disapproval with explicit consideration for security impact analyses
• Review security logs and alerts to investigate and respond to security events

Strategic Planning

• Assist in the development, documentation, and dissemination of information security policies and procedures describing security requirements, guidance, and standards for organizational information systems and architecture
• Promote security awareness throughout company

Education, Experience, and Skills Required:

• 5+ years of related experience in internal auditing and information security roles
• Bachelor Degree in Computer Science, Information Security, Information Technology or related discipline, or equivalent combination of education and experience required
• Experience working with software development and the agile framework
• Experience working within a regulated industry with strong preference given to healthcare
• Security and compliance certification (CISM, CGEIT, CISA, CISSP, HCISPP) preferred
• Experience with performing security assessments
• Knowledge of security best practices for cloud architecture 
• Some off hours work and travel may be required. 

Behaviors and Traits:

• Demonstrated ability to operate as a trusted security advisor
• Excellent analytic skills and ability to effectively establish and achieve security requirements in collaboration with other departments and teams
• Strong written and verbal communication skills
• Support Wellframe’s mission by exhibiting Tenacity, Humility, and Collaboration 

Wellframe, Inc. is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status or any other characteristic protected by local, state, or federal laws, rules, or regulations.

This posting is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee and any percentages listed are approximate. Duties, responsibilities and activities may change or new ones may be assigned at any time with or without notice.