Director of InfoSec

VI is the market leading Enterprise-AI platform for health, serving the world’s largest health organizations — from Fortune 500 health providers to pharma and consumer brands — helping them maximize acquisition, enrollment, engagement, retention, and health outcomes. Vi offers 3 main product lines: Acquire, Engage and Transform.

Backed by $60M+ in R&D, our powerful platform serves over 100 million members daily — and growing. We are based in New York, Austin, Nashville & Tel Aviv.

As VI's Director of InfoSec, you'll spearhead our security initiatives, safeguarding our day-to-day operations. Your role is pivotal in implementing and maintaining advanced security technologies, continuously monitoring threats, and adeptly responding to potential security incidents. You will maintain and refine our security policies and procedures, ensuring alignment with VI's overarching business goals.

Your responsibilities extend to educating our employees on security best practices and fortifying their ability to identify and mitigate risks. Collaborating across departments, you'll ensure that our security strategies are seamlessly integrated with business operations.

Requirements:

At least 5 years of experience with Information Security (security researcher, security engineer, security architect) and 3 or more years of experience in a leadership position
A bachelor's degree in computer science, information security, or a related field.
Deep knowledge in Information Security / ISMS
Ability to find and analyze IT systems security vulnerabilities
An understanding of past, current, and emerging security exploit types
Skilled in consultancy, risk management, solution design and issue resolution
Good understanding of IT infrastructure and technical security measures
Experience in resource and vendor management
Experience in cloud security including Docker and Containers
Experience with AWS (GCP in addition is a plus)
Good understanding of software development practices
Understanding of log analysis and security forensics
Experience of conducting and working with 3rd party suppliers to conduct penetration tests, both software and hardware
Knowledge of information security management frameworks, such as ISO/IEC 27001, Soc 2, HIPAA, PCI and HITRUST
Strong negotiation skills for negotiating contracts and IT support services to be rendered.
Excellent understanding of current legislation and regulations relevant to our organization.
Excellent project management and leadership skills.
First-rate written and verbal communication skills.
Demonstrate resilience under very demanding pressures and circumstances

Responsibilities:

Develop, implement and monitor a strategic, comprehensive information security and IT risk management program
Work directly with the business units to facilitate risk assessment and risk management processes
Develop and enhance an information security management framework
Interact with relevant teams through committees to ensure the consistent application of policies and standards across all projects, systems and services
Partner with stakeholders across the company to raise awareness of risk management concerns
Assist development teams, providing a knowledge and guidelines in matters concerning security and compliance
Establish and operate an Information Security Management System (ISMS)
Identify new security challenges and ensure action is taken to eradicate risks / ensure effective management of threats and security incidents
Promote awareness of strategic initiatives and encourage self-sustaining security practices and behaviors within delivery teams
Report IT situations, where there is an initial suspicion of criminal offenses, intentional acts, or significant irregularities & breaches of regulatory or security standards
Review existing technical environments & policies globally, propose and manage changes to improve Information Security
Display resilience and adaptability under demanding circumstances.
Lead the renewal process of our SOC 2 Type II certification, ensuring continuous compliance and adherence to standards.
Manage and respond to vendor risk assessments, ensuring alignment with our security protocols and maintaining robust security partnerships.