Contact Us

Back to careers

Senior Information System Security Officer

Operations | Boston, US

About the position

At we turn the smartphone camera into a clinical-grade medical device by using a bit of computer vision and a lot of magic. We're seeking a talented and motivated Senior Security Officer to join our team at! 

In this role, you'll work closely with our entire team and report directly to our Information Security Director, using your experience in compliance frameworks and modern systems to assist with all information security processes and activities. 

We're looking for a well-organized and tech-savvy team player who can balance a process-oriented approach with a strong technical focus, and make an immediate impact within our dynamic and growing team. 

As a company working in the digital healthcare field, maintaining high security standards is crucial to us - from cyber-security and information security, to compliance and protecting private data. 

If you're passionate about working in a regulatory framework while being part of an agile and innovative team, this could be the perfect opportunity for you!

  • Experience working in the Healthcare industry conducting security risk assessments or IT audits using standardized processes such as NIST SP 800-30, ISO 27001, SOC 2, or similar
  • Experience working with cybersecurity controls frameworks and data privacy regulations such as NIST SP 800-53, ISO 27001/2, HIPAA, CIS Controls, NIST CSF, HITRUST, GDPR, CCPA, or similar
  • Excellent written and oral communication skills with an ability to effectively communicate security considerations to technical and non-technical audiences
  • Detail-oriented and organized, with good analytical and problem-solving abilities
  • Ability to manage and lead multiple complex projects in a fast-paced, dynamic operational environment, including ability to support flexible schedules for 24×7 crisis operations.
  • Experience with tools including Vulnerability scanners,IPS/IDS, SIEM.
  • Ability to identify issues, problems, and critical factors, and develop methods for corrective action
  • Proven ability to learn, show autodidactic skills, work well with a team, manage stressful situations and show initiative.
  • Established project management skills, Independently manage and complete projects without constant supervision from a direct manager
  • Excellent understanding of, and experience in developing mitigation strategies to combat the risks associated with, current and emerging threats, vulnerabilities, and attack vectors used to compromise enterprise and critical infrastructure.
  • 10+ years of Cyber Security experience with at least 5 years focusing on security operations, incident response or cyber threat investigations.
  • Strong knowledge of SIEM technologies and hands-on experience with at least one of the following technologies: Splunk, Coralogix, QRadar.
  • Minimum 7 years professional experience in audit, IT audit, cloud audit, risk management, IT security and / or similar compliance functions.
  • Hands-on experience, scripting using automations tools (e.g. Torq)
  • Strong Knowledge of security and control standards and frameworks such as HIPAA, HITRUST, NIST CSF & 800-53, ISO27001, SOC-2, PCI-DSS or similar frameworks - their use and assessment.
  • Relevant security and/or risk certifications such as GIAC Certified Incident Handler (GCIH)/ EC-Council Certified Incident Handler (ECIH)/GIAC Certified Detection Analyst (GCDA)/GIAC Cloud Forensics Responder (GCFR)/GIAC Certified Detection Analyst (GCDA)
  • Hands-on Experience working with AWS and GCP cloud environments.
  • Experience handling security conversations and concerns from Healthcare customers.
  • Experience with IT Security Assessments.
  • At least 2 years of experience in security engineering, coding and scripting, Knowledge of SDLC methodology 

You will love this job if:

  • You believe in the integration of Governance, Risk and Compliance activities that can empower a company to provide a compliant business model, manage significant risks to the business' goals and objectives, and provide accurate information to empower better decision making.
  • You are a strong critical thinker and enjoy working on challenging problems.
  • You enjoy partnering and collaborating with a range of business professionals.
Role & Responsibilities
  • Manage local and support regional and global Governance, Risk and Compliance initiatives and activities.
  • Lead and participate in HIPAA, ISO 27001,ISO 22301, HITRUST compliance assessment, evidence collection, and reporting.
  • Lead and participate with Incident Response and Business Continuity to include running frontal training, senior management table-top exercises and live testing and improving the current state.
  • Interact with cross functional teams and manage multiple projects simultaneously including deadlines ( such as annual penetration testing efforts, from scoping to finalized reports)
  • Lead the Request for Information (RFI) process from importing the security questionnaire to the RFI platform until project completion, train other team members to create local “Champions”.
  • Promote the compliance and security mindset: organize the development and delivery of required communication campaigns, awareness programs, phishing simulations and training for different focus groups and different internal and external stakeholders.
  • Support the Director of Information Security as a liaison to senior executives on matters of cyber security and cyber risk, to foster the execution of cyber security as a business enabler.
  • Collaborate with architects, DevOps/SRE, IT & security specialists to ensure required security solutions are in place throughout all IT systems & cloud platforms to mitigate identified risks sufficiently and to meet business objectives.
  • Collaborate with DevOps/SRE, IT & security to plan, execute, manage and evaluate of their infrastructures using cutting-edge SIEM tools and technologies such as Splunk or Coralogix to enhance IT security and safeguard infrastructures, incorporate various forms of data recording into projects and use cases, develop security policies based on findings, and plan cyber event & response processes. 
  • Investigate intrusion incidents, conduct forensic investigations and mount incident responses, and respond to information security issues during each stage of a security event.
  • Stay up-to-date with new security threats, vulnerabilities, and best practices and incorporate them into the security posture.

or send your CV to [email protected]