Chief Information Security Officer

Navina is a fast-growing digital health SaaS company that’s on a mission to transform the way physicians interact with patient data. Thousands of clinicians across the United States already use Navina’s AI-powered solution that transforms complex and fragmented patient data into concise “patient portraits" and actionable clinical insights at the point of care. With Navina, physicians experience less burnout, reduce missed diagnoses, and can devote more time giving better care to their patients.

Navina has been named one of the Top 100 AI companies globally by CB Insights and made the list of the Top 50 Digital Health startups. We are already working with industry-leading value-based organizations including Privia Health and Agilon.

As the Chief Information Security Officer (CISO) at Navina, you will be responsible for developing and implementing a comprehensive cybersecurity strategy that safeguards our digital assets, ensures regulatory compliance, and fortifies our defenses against evolving cyber threats. You will also be in charge of our IT team and infrastructure.

You will collaborate closely with leadership, engineering, legal, and compliance teams to establish a security and privacy-first culture across the organization. Your expertise in healthcare security, risk management, and compliance will be instrumental in maintaining trust with our customers, partners, and stakeholders.

Responsibilities

• Develop and execute a security strategy: Align information security programs with business objectives, regulatory requirements, and industry best practices.
• Support the sales teams and talk to our customers, assuring the compliance and security of our company and products.
• Ensure compliance with industry standards such as SOC2, ISO, HITRUST. Oversee and manage compliance efforts, including risk assessments, audits, PTs, and certifications.
• Lead risk management initiatives: Conduct regular risk and vulnerability assessments to identify, assess, and mitigate privacy and cybersecurity threats.
• Implement security policies and controls: Develop and maintain security policies, standards, procedures, and guidelines to protect sensitive healthcare data.
• Monitor and respond to security incidents: Oversee security event monitoring, incident response, and forensic investigations, ensuring swift and effective mitigation of threats.
• Secure cloud environments: Work closely with DevOps and engineering teams to implement security controls for on-premises and cloud-based infrastructures (AWS, Azure, etc.).
• Enhance security awareness: Conduct training programs to educate employees on cybersecurity best practices and data protection requirements.
• Collaborate with external partners: Manage relationships with regulatory agencies, auditors, and third-party security vendors.
• Report security risks to leadership: Provide regular updates on the organization’s security posture to executive leadership and the board.
• Develop and mentor IT and security teams: Build and lead a high-performing IT/Helpdesk and cybersecurity team to support the company’s security objectives.

Requirements

• Deep expertise in cybersecurity frameworks, risk management methodologies, and regulatory requirements, particularly SOC2, ISO, HIPAA, and HITRUST.
• Proven experience implementing and maintaining security programs, preferably in healthcare or other highly regulated industries.
• Strong understanding of cloud security, identity and access management, encryption, and network security technologies.
• Hands-on experience with SIEM, IDS/IPS, endpoint protection, vulnerability management, and incident response solutions.
• Ability to assess and manage third-party risks, ensuring vendor security compliance.
• Exceptional leadership, communication, and stakeholder management skills.
• Ability to translate technical security concepts into business language for non-technical stakeholders and business needs to technical requirements.

Qualifications

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• Professional certifications such as CISSP, CISM, CISA, or HITRUST CCSFP are highly desirable.
• 8-10 years of experience in information security, with at least 3 years in a leadership role.
• Demonstrated success in managing security compliance initiatives in healthcare or similar regulated environments.
• Must have excellent oral and written communication skills in both Hebrew and English.

You don’t need to meet 100% of the requirements to be a great fit. We believe in hiring people, not just checklists, and we value potential as much as experience. If this role excites you, we’d love to see your application!

Why Join Navina?

At Navina, you will have the opportunity to shape and lead the company’s security vision in a rapidly growing healthcare technology startup. Your work will directly impact the safety and integrity of critical healthcare data, contributing to our mission of improving patient care through technology. If you are a strategic leader passionate about cybersecurity and compliance in healthcare, we want to hear from you!

Join us in safeguarding the future of healthcare technology!