ABOUT RIGHTWAY

At Rightway we are committed to creating a diverse environment and are proud to be an equal opportunity employer. We hire for the best talent and actively seek diversity of thought processes, beliefs, background and education. Rightway fosters an inclusive culture where differences are celebrated to drive the best business decisions possible.

We are committed to equal opportunity and fairness regardless of race, color, religion, sex, gender identity, sexual orientation, nation of origin, ancestry, age, physical or mental disability, country of citizenship, medical condition, marital or domestic partner status, family status, family care status, military or veteran status or any other basis protected by local, state or federal laws.

Rightway Healthcare was founded in early 2017 by a team of dedicated healthcare, business and technology leaders. Rightway is a technology platform that provides employees and their families with the support, information and advocacy they need to be better healthcare consumers. We combine a high-tech consumer portal with a high-touch dedicated concierge environment to provide consumers with the same level of support and guidance they would receive if they had a doctor in the family. We are focused on personalization, advocacy and results. 

Rightway works with employers from 100 25,000 employees to provide best-in-class healthcare and pharmacy benefit navigation for employees. We are committed to generating high member satisfaction scores, industry leading engagement and a quantifiable ROI for every employer. Our approach is rooted in analytics and guided by a bottom-up understanding of a population. 

Rightway is privately financed, having raised over $30mm to date from investors such as Thrive Capital. It is headquartered out of New York City, with new offices in Hudson Yards. We also have an office in Miami, FL.

Position Description

The Director of Information Security will report directly to the CTO and be responsible for Rightways security and compliance programs. This individual will ensure that Rightway, a leading provider of healthcare service, effectively protects and manages patient healthcare information. Further, the Senior Director of Information Security will introduce appropriate operating controls-- procedures and processes that are easily introduced to the organization but enhance our security and compliance during the companys day-to-day service delivery. This position will require collaboration with the technology organization and business stakeholders to ensure our security programs and posture continue to scale with the business.

This role will be based in the New York City office, with initial remote working flexibility due to COVID-19.

Role and Responsibilities:

• Define and manage the IT security policies and environment consistent with the enterprise architecture and information security and privacy strategy.
• Ensure ongoing analysis of information security threats, vulnerabilities, and market trends. Identify and contain emerging threats before they can have a negative impact on business operations.
• Develop and maintain an effective information security architectural approach, ensuring that the approach is implemented in accordance with appropriate standards.
• Oversee and lead all our compliance efforts (SOC 2 and HI-TRUST)
• Lead remediation of vulnerability scan alerts to ensure a sustained hardening of the Rightway infrastructure and operating environment. 
• Implement and manage industry best practices around access controls, end-point security capabilities, and infrastructure configuration management. 
• Lead monthly and quarterly information security compliance meetings 
• Serve as subject matter expert supporting client security RFIs and questionnaires 
• Write reports including assessment-based findings, outcomes and propositions for further system security enhancement
• Provide Rightway executive team security threat and program briefings

Required Skills and Competencies:

• CISSP, CISA, CISM, Info-Sec Security certifications preferred
• Experience complying with various security standards, compliance frameworks and best practices. (HIPAA, HITRUST, SOX, CCPA, PCI, NIST, CSA, ISO)
• At least 6+ years of information security and/or compliance experience with 3+ years of management experience
• Bachelors degree in Computer Science, Information Security, or related field; Masters degree a plus
• Ability to work independently and collaborate with stakeholders across the organization
• Strong experience in securing AWS Cloud Infrastructure and knowledge of MDM tools Kaseya and Jamf 
• Knowledge of cloud based computing environments and enterprise database management technologies