Providence Director of Information Security Lumedic in Seattle, Washington
Providence St. Joseph Health is calling a Director of Information Security to our location in Seattle, WA.
We are seeking a Director of Information Security who will work cross-functionality across the entire organization to manage and oversee all aspects of information security and risk management within an environment securing Protected Health Information (PHI) as required by HIPAA and the HITECH Act. Duties include overseeing enterprise information security strategy formulation and solution implementations; maintaining a thorough understanding of the threat and attack landscape and latest security and privacy trends and principles, and collaborating to execute risk management functions to surface information security risks and develop mitigation strategies, solutions, and policies. The ideal candidate would have wide-ranging experience in this role to perform a large variety of tasks - from strategy to implementation. This position interfaces directly with internal & external resources to promote security and compliance standards, policies and procedures. The person in this role needs to excel in communication and should be comfortable talking with customers, working with internal and external auditors, and implementing internal policies and procedures across a fast-growing software company. Prior management experience is required, as this person will grow a team focused on information security and risk management.
In this position you will have the following responsibilities:
Develop and maintain compliance audit programs; writing new and/or updating existing programs to address as regulatory changes.
Manage and ensure a robust, efficient, and effective Information Systems Security Program that provides for the confidentiality, integrity, and availability of enterprise information systems and assets in a HIPAA-compliant environment.
Develop/define procedures and metrics to ensure effectiveness and value of the security risk management program. Collaborate and communicate effectively with product and engineering teams to ensure compliance and information security measures are implemented and sustainable throughout our processes.
Build trusted relationships with internal & external auditors and executive management. Provide guidance, evaluation and advocacy on audit responses. Manage SOC2 audit process and assess other certifications (e.g. ISO 27001, PCI) as appropriate, designing plans to satisfy regulatory and compliance requirements related to security and privacy. Own the partnership with external auditors and legal. Review and update existing controls to best balance agile startup environment and meet the security and regulatory requirements of our customers.
Represent Lumedic security in prospect & customer conversations - Respond to customer & prospect security assessments / questionnaires and participate in security review calls w/ customers & prospects.
Collaborate across the organization to develop and conduct annual information security awareness training for employees.
Work with Executive Leadership to strategize and recommend changes and updates to company-wide processes and policies relating to security.
Lead and develop team that owns security functions. Grow and manage security team / strategize and think through team structure and growth.
Develop and deliver on-going training of compliance and regulatory requirements. Assist in the testing of controls and lead the organization's remediation of any deficiencies or issues identified. Oversee responses to all compliance issues noted by internal/external examinations.
Develop a strategy to identify and communicate security threats and vulnerabilities across the organization, prioritizing their remediation based on their potential impact using tools such as a threat assessment, criticality register, and vulnerability assessment.
Required qualifications for this position include:
Previous experience in healthcare.
Expertise with security and privacy control frameworks, such as ISO 27001, HITRUST, NIST, PCI, CSA, CIS, etc. upon hire.
Cyber security certifications such as the CISSP, CCSP, SABSA GSEC, or other relevant certifications upon hire.
Preferred qualifications for this position include:
Bachelor's degree in Computer Science, Business, Engineering or related.
Master's degree in Business or related.
8 years in a compliance and/or security management function, leading initiatives across an organization; ideally in a high-tech software company.
4 years of people management experience, leading teams to build systems, practices and policies that comply with important security standards.
Expertise with security and privacy control frameworks, such as ISO 27001, HITRUST, NIST, PCI, CSA, CIS, etc.
About the department you will serve.
Lumedic is a Seattle-based healthcare technology company transforming revenue cycle management processes for modern payers and providers. From eligibility to pre-authorization to billing, Lumedic offers an end-to-end platform and intelligent network built on blockchain technology that embraces patient, payer, and provider interactions to drive more efficient operations and make smarter data-driven decisions.
Lumedic is an equal opportunity employer and we encourage diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability or veteran status. Our goals for Lumedic are ambitious, and we’re continually in search of motivated, committed, and energetic people to join our mission.
For information on our comprehensive range of benefits, visit:
As expressions of God’s healing love, witnessed through the ministry of Jesus, we are steadfast in serving all, especially those who are poor and vulnerable.
Providence is a comprehensive not-for-profit network of hospitals, care centers, health plans, physicians, clinics, home health care and services continuing a more than 100-year tradition of serving the poor and vulnerable. Providence is proud to be an Equal Opportunity Employer. Providence does not discriminate on the basis of race, color, gender, disability, veteran, military status, religion, age, creed, national origin, sexual identity or expression, sexual orientation, marital status, genetic information, or any other basis prohibited by local, state, or federal law.
Job Category: Non-Clinical Lead/Supervisor/Manager
Req ID: 283128