IT Security and Compliance (Remote)
Waymark is a team of healthcare providers, technologists, and builders whose mission is to bring the best healthcare to people with Medicaid benefits. Guided by the communities we serve, we bring support and technology-enabled care to help primary care providers keep Medicaid patients healthy. We are building the tools and designing an approach to enable care to reach the patients who can benefit most.
Our core values embody the essence of what makes Waymark a unique team today, and what we look for, nurture, and sustain as a team. We are bold builders, believing that the greatest challenges in care delivery can be solved when we harness the power of community and technology. We are humble learners, seeking feedback and perspectives different from our own, and welcome challenges to our conclusions. We experiment to improve, actively seeking data to inform decisions and to assess our own performance. We act with focused urgency, our commitment to our mission drives us to tirelessly pursue results.
If this vision resonates with you, we hope you consider bringing your creativity, your energy, your curiosity to Waymark.
In the IT Security and Compliance role for Waymark, you will be responsible for helping us advance our core mission through the development of robust programs encompassing information technology and information security.
The support of the information technology platforms will include all facets of IT, and the associated user experience of our teams, and care workers. This will range from asset and device management for our distributed teams, to access and account management for all platforms. In this role, you will analyze and correlate information collected from a variety of sources to identify, investigate, and report vulnerabilities in our environment, developing and implementing mitigation countermeasures for identified and potential threats, and lead the resolution of identified security incidents.
Reporting to the Head of Legal and People, you will collaborate to design policies, technical controls, and audit pipelines to ensure that the information security systems meet or exceed all applicable regulatory requirements, including those related to the handling of health information. You are technical and a strong operator at the same time, looking to build, improve, and scale reliable, security processes whenever possible.
- Develop and implement a cybersecurity program and strategy, which includes procedures and policies designed to protect Waymark communications, systems, and assets from internal and external threats and that safeguards health information.
- Collaborate with Waymark teams, including engineering, to determine risks and deploy risk management processes.
- Develop and provide training to Waymark employees on security policies and matters.
- Serve as Waymark’s HIPAA Security Officer, ensuring compliance with the HIPAA Security Rule, working closely with the legal team to document, review, maintain, and implement standards, policies, and procedures within security disciplines that may include HIPAA protections, vulnerability management, forensics, host and network-based intrusion detection, anti-virus/malware management, or data loss prevention.
- Conduct research, analysis, and correlation across a wide variety of source data to identify and prevent compromise of our networks, host systems, and data. This includes review of pending software purchases and assistance with review of BAAs.
- Provision IT equipment and software, including purchasing equipment for new employees and training them during their onboarding, as well as maintaining and monitoring the integrity of applications and security on remote devices.
- Provide engineering support for security incidents and threats in our environment.
- Track and report on IT network security to the Waymark executive leadership team.
- 8+ years of experience in information technology and risk management, including experience working in a healthcare environment, with an understanding of HIPAA
- Knowledge of information security management frameworks, such as ISO 27001 and NIST
- Strong knowledge and experience assessing security tools, platforms, and protocols
- Excellent communication and coordination skills
- CISSP - Certified Information Systems Security Professional
- Strong knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth)
- Interest in learning key healthcare data engineering approaches, architectures, and standards such as HL7, FHIR, Amazon HealthLake, Zus, and Commure.