עדיין מחפשים עבודה במנועי חיפוש? הגיע הזמן להשתדרג!
במקום לעבור לבד על אלפי מודעות, Jobify מנתחת את קורות החיים שלך ומציגה לך רק משרות שבאמת מתאימות לך.
מעל 80,000 משרות • 4,000 חדשות ביום
חינם. בלי פרסומות. בלי אותיות קטנות.
Navina is a fast-growing digital health SaaS company that’s on a mission to enhance the primary care experience by transforming the way physicians interact with patient data. Our proprietary AI models are specifically designed to understand the language of primary care, transforming complex and fragmented patient data into a concise “patient portrait" and actionable clinical insights at the point of care. This allows physicians to get the full picture of their patients and act on their health status instantly and accurately. Built by physicians for physicians, our AI platform reduces physician burnout, while helping healthcare organizations thrive in value-based care. Thousands of clinicians across the United States are using Navina’s AI-powered clinical intelligence solution to improve preventative care, reduce missed diagnoses, and reclaim time with their patients.
Navina has been named one of the Top 100 AI companies globally by CB Insights, and made the list of the Top 50 Digital Health startups. We are already working with industry leading health systems and value-based organizations including Privia Health and Tampa General Hospital.
Navina is looking for a talented and hands-on SecOps Specialist to join its core InfoSec & IT department.
Responsibilities:
The role is designed to be hands-on, focusing on the operational aspects of security and compliance within the organization. It is essential for supporting Navina’s strategic vision, ensuring effective and efficient implementation of security and compliance initiatives.
In this role, you will be responsible for executing the operational aspects of information security and support security strategies formulated with the Director of InfoSec & IT. This role requires a strong focus on the day-to-day management and monitoring of security practices, the integration of security within the software development lifecycle, ensuring the organization’s policies, procedures, and different systems are aligned with customers’ requirements, regulatory requirements and industry best practices.
- Enforce security policies and procedures in our different platforms (i.e. Google Workspace, Jumpcloud, etc.) as well as implementing the principle of least-privilege, ongoing evidence collection and performing regular audits.
- Implement data access controls and policy enforcement mechanisms to safeguard sensitive information and ensure compliance with HIPAA.
- Collaborate with IT, R&D, Legal, HR and other departments to support security and compliance projects, while participating in the design and implementation of new features and products. Provide expertise and guidance on implementing security and compliance requirements while making sure that the security roadmap is fully delivered with optimal quality.
- Conduct Incident Response (IR) activities, as well as assistance in managing, refining and implementing the incident response process and procedures, ensuring readiness to respond to security incidents effectively.
- Support the development and delivery of security awareness and training programs to promote a culture of security and compliance throughout the organization.
- Work closely with the R&D and software development teams to integrate security measures throughout the SDLC, from requirements analysis to deployment.
- Facilitate GRC processes, including risk assessments, compliance audits, and policy management, ensuring alignment with external regulations and internal standards.
- Adhere to key metrics and support visualizing current standing to demonstrate the success of the department.
- Stay up to date with emerging security threats and trends.
- Provide ongoing and ad-hoc SecOps-related support to the different teams.
- Research and implement projects for deploying new cyber security tools and processes.
Requirements:
- Proactive & can-do approach, with exceptional initiative and challenge solving abilities. A team player at heart.
- Strategic thinker who is able to help architect technology and business processes, and maintain a business and customer focus.
- Knowledgeable in relevant information security frameworks / standards / regulations / best practices, such as ISO27001 / NIST CSF / SOC2.
- 2+ years of hands-on experience in SecOps.
- Strong organizational and project management skills to perform multiple tasks and projects effectively and end-to-end in an ever-changing operating environment.
- Excellent verbal/written communication and data presentation & visualization skills, including experience creating and updating policies, working collaboratively with both business, technical and non-technical teams.
- Experience in secure software development lifecycle management, security technologies, design & architecture, cloud solutions (IaaS, PaaS, SaaS - AWS), data protection strategies, and compliance audit facilitation.
- Able to formulate scripts to effectively apply SecOps policies and procedures and manage day-to-day work.
Advantages:
- Knowledgeable in HIPAA / HITRUST
- Experience in GRC
- Security certifications - CISSP / CEH / DSOE
- Strong scripting skills (Python, Bash, etc)
- Familiarity with DevOps and automation tools
- Experience working with Security Information Event Management (SIEM), Continuous Monitoring, Intrusion Detection/Prevention Systems (ID/PS), Network Traffic Analysis, Incident Response.
במקום לעבור לבד על אלפי מודעות, Jobify מנתחת את קורות החיים שלך ומציגה לך רק משרות שבאמת מתאימות לך.
מעל 80,000 משרות • 4,000 חדשות ביום
חינם. בלי פרסומות. בלי אותיות קטנות.