open position

chief information security officer

The Company

Datavant is a rapidly growing healthcare technology company with a mission to connect the world’s health data. By eliminating data silos in the healthcare industry, we aim to unlock opportunities to accelerate clinical data exchange, medical research, and help organizations design better ways to facilitate access, affordability, and quality of care leading to better patient outcomes.

By joining Datavant today, you’re stepping onto a highly collaborative team that is passionate about creating transformative change in healthcare. We look for people who are smart, nice and get things done. Datavant is a distributed, remote-first team (no office locations) and we empower ‘Datavanters’ to shape their working environment in a way that suits their needs -- learn more here!

Like many startups, Datavant is fast-paced, product-driven, and focused on challenging the status quo. But cultures are defined on how they are different, not how they are the same, and we encourage you to read about the Datavant Way here.

Learn more ↗

The Opportunity

As CISO, you will be a leader who shapes what we do and will set the tone for how we do it.

You will be responsible for each of our security functions: Governance, Risk, and Compliance (GRC), Security Engineering, Security Operations, and IT Security (including IAM).

Your north star will be establishing Datavant’s security posture as our strongest differentiating factor enabling our business objective to connect the world’s healthcare data.

Reporting To: matt vail, CTO

Linkedin ↗

Location:

Remote, preference for East Coast candidates for proximity to other company leaders.

Responsibilities:

● Defining and reinforcing the Datavant information security vision, strategy, infrastructure and practices across the organization; serving as the subject matter expert in the function

● Establish short-and-long term security goals; defines security strategies and metrics as well as predictive insights and reporting mechanisms for continual program improvements

● Utilizing leading edge technology and engineering practices to ensure patient and company data is secured effectively and flexibly

● Advising business and technology leaders on internal and product security topics, providing a risk-based perspective to security discussion

● Representing the security function to clients and partners, positioning Datavant’s security program as a differentiator in the market

● Leading the ongoing development of an integrated protection program combining cyber and technology capability, measured governance, and transparent and open dialogue regarding cybersecurity with Datavant’s partners and patients

● Leading a team of across four functional pillars: Governance, Risk, and Compliance (GRC), Security Engineering, Security Operations, and IT Security (including IAM)

● Leading a team of 100 FTEs (70 FTEs in security and 30 in IT, plus 100+ IT contractors) designing a fast-moving, efficient security function that can meet the pace of the business

●      Monitoring regulatory compliance with enterprise security policies and educating business unit leaders and service managers on compliance efforts.
●      Directing the investigation of cyber security incidents and serving as main point of contact for communications to executive leadership and the Board of Directors
●      Directing and performing audits to ensure environments and systems meet expected levels of policy compliance and security standards

The Candidate

Skills:

You are passionate about building a business that transforms the healthcare industry
You have a hunger to win
You can both “lead” and “do”
You are ambitious, scrappy, tenacious, and you get things done
You are comfortable making hard decisions and move quickly
You are noted as one of the best problem solvers in your organization
You are highly organized and reliable; you bring structure to complexity

Knowledge:

Knowledge and demonstrated experience with relevant, global regulations and guidelines including HITRUST, SOC-2, SOX, FedRamp, HITECH, HIPAA Privacy & Security, GCP.
Depth in the area of data governance and security.
Ideally in a complex data-rich environment, supporting shared information services and business intelligence across multiple lines of business.
Modern and meaningful technical depth at an architectural level, with a track record of applying engineering excellence to solve business problems.
Depth in modern application security and security operations functions. Ideally has managed through a significant incident.

Experience:

You have 15+ years of engineering experience including multiple years in leadership, managing managers, building scrappy teams from scratch and building large enterprise software.
You’ve served as a CISO at a public company leading all four of the above functions
You’ve served as a CISO at a private equity environment leading all four of the above functions
You have experience managing a highly functioning team of engineering teams
You have experience in healthcare or other highly regulated field like financial services
Ideally brings experience in working with sensitive customer data, especially in Healthcare or financial services
Experience with cloud security, platforms and services and modern technology delivery experience. Including DevOps, Agile software development and automation, as well as demonstrated partnership with IT operations, infrastructure, enterprise architecture, and large program management and business support.
Experience representing information security with external clients/customers or as part of an enterprise sales process.