What are the responsibilities and job description for the Chief Information Security Officer position at 1upHealth, Inc.?
As our CISO, you will be responsible for the overall security posture of the company, IT infrastructure, regulatory compliance, and product security. You will work cross-functionally with engineering, product, legal, and operations teams to embed security best practices across our organization and platform. You will also be responsible for building a culture of security awareness, ensuring compliance with healthcare regulations (e.g., HIPAA, SOC 2, HITRUST), and driving strategic IT initiatives that support our growing team.
You Will:
Security & Compliance Leadership
Must-Have Qualifications:
1upHealth only uses email domains of First Name. Last Name@1up.health or no-reply@1up.health to communicate with prospects. You will never receive an email from a third-party email service such as gmail. In addition, we will never ask a candidate for employment to share personal information (such as banking information, social security numbers, passport, etc), purchase their own equipment, or pay to apply to an open position.
About 1upHealth
At 1upHealth, our mission is to unlock health data and improve industry outcomes. As leaders in FHIR® interoperability, our platform makes it easier for partners to access, integrate, aggregate, and share data across a variety of systems. 1upHealth is building a data ecosystem to promote the digital transformation of the industry and encourage insight-driven healthcare.
We are proud to announce that we have been named 2022 Best Places to Work in the Small Company and Best Paying Company categories by Built In Boston.
Benefits
100% Paid BCBS Medical and Dental Insurance for Employees
Vision Insurance
Unlimited PTO
Equity
401(k)
Home Office Stipend
Commuter Stipend
Wellness Reimbursement
Parental Leave (16 weeks for birthing parents, 6 weeks for non-birthing parents)
Company Meetings with Free Lunch
You Will:
Security & Compliance Leadership
- Develop, implement, and maintain a comprehensive security strategy covering IT, compliance, and product security.
- Lead the company's risk management initiatives, identifying and mitigating security threats to company assets, infrastructure, and product.
- Own and maintain security certifications and compliance programs (HIPAA, SOC 2, HITRUST).
- Oversee security audits, penetration testing, and risk assessments.
- Ensure security policies, controls, and best practices are integrated into the SDLC and IT operations.
- Oversee the IT team, ensuring secure, scalable, and efficient internal IT systems.
- Establish and enforce identity and access management (IAM) policies, endpoint security, and cloud security best practices.
- Ensure robust disaster recovery (DR) and business continuity (BCP) plans.
- Partner with the engineering team to secure cloud infrastructure.
- Build and scale a product security program to ensure security is embedded throughout the software development lifecycle (SDLC).
- Implement DevSecOps principles and tools to automate security testing and monitoring.
- Work closely with engineering and product teams to ensure secure architecture, encryption, authentication, and API security.
- Establish vulnerability management and incident response processes for product-related security threats.
- Lead security training and awareness programs for employees to reduce human risks (e.g., phishing, social engineering).
- Develop and maintain a robust incident response plan and lead the company's response to security incidents and breaches.
- Collaborate with legal, PR, and executive leadership to ensure transparent incident communication when needed.
Must-Have Qualifications:
- 15 years in information security, IT security, or compliance roles, with 5 years in a leadership role.
- Experience in a health tech, SaaS, or regulated industry (HIPAA, SOC 2, HITRUST, GDPR, etc.).
- Deep knowledge of cloud security, network security, application security, and DevSecOps principles.
- Proven ability to build and scale security programs from the ground up.
- Strong background in IT systems security, identity and access management (IAM), and infrastructure security.
- Hands-on experience with SIEM, endpoint security, vulnerability management, and IAM solutions.
- Excellent communication and stakeholder management skills, with experience presenting to executive leadership and board members.
- Certifications: CISSP, CISM or equivalent.
- Experience working with third-party auditors, regulators, and legal teams.
- Familiarity with Zero Trust architecture and emerging security trends in health tech.
1upHealth only uses email domains of First Name. Last Name@1up.health or no-reply@1up.health to communicate with prospects. You will never receive an email from a third-party email service such as gmail. In addition, we will never ask a candidate for employment to share personal information (such as banking information, social security numbers, passport, etc), purchase their own equipment, or pay to apply to an open position.
About 1upHealth
At 1upHealth, our mission is to unlock health data and improve industry outcomes. As leaders in FHIR® interoperability, our platform makes it easier for partners to access, integrate, aggregate, and share data across a variety of systems. 1upHealth is building a data ecosystem to promote the digital transformation of the industry and encourage insight-driven healthcare.
We are proud to announce that we have been named 2022 Best Places to Work in the Small Company and Best Paying Company categories by Built In Boston.
Benefits
100% Paid BCBS Medical and Dental Insurance for Employees
Vision Insurance
Unlimited PTO
Equity
401(k)
Home Office Stipend
Commuter Stipend
Wellness Reimbursement
Parental Leave (16 weeks for birthing parents, 6 weeks for non-birthing parents)
Company Meetings with Free Lunch
