CISO

Job description

About the Role:

The Chief Information Security Officer has a primary role in being responsible for information security for the company. CISO will define and execute on the company’s Information Security Strategy while maintaining compliance with key certifications and industry standards such as HiTrust, HIPAA and PCI. CISO will also take part in setting and refining company goals and vision as a member of the Technology Leadership team. The Chief Information Security Officer reports directly to the Chief Technology Officer.

Specific responsibilities:

• Manage and mature an enterprise-wide information security strategy.
• Align cybersecurity initiatives with business objectives and regulatory requirements.
• Communicate security risks and strategies to executive leadership and the board.
• Conduct risk assessments and manage security risks proactively.
• Ensure compliance with industry regulations (e.g., HIPAA, PCI, NIST).
• Oversee audits, security assessments, and incident response planning. Execute them hands-on as needed.
• Implement security governance and risk management frameworks.
• Oversee the security operations center (SOC) and threat intelligence programs.
• Develop and implement incident response plans and lead breach investigations.
• Ensure the deployment and management of security tools (firewalls, intrusion detection, endpoint protection).
• Monitor and respond to emerging threats and vulnerabilities.
• Implement data protection measures, including encryption and access controls.
• Work with legal teams to ensure compliance with data privacy laws.
• Conduct cybersecurity awareness training for employees.
• Promote a security-conscious culture across the organization.
• Work with IT, legal, and compliance to ensure security integration.
• Assess and manage security risks in third-party vendors and partners.
• Evaluate and implement new security solutions and architectures.
• Monitor for bot attacks, credential stuffing, and API security vulnerabilities.
• Deploy and manage web application firewalls (WAF), DDoS protection, and endpoint security.

What you’ll need:

• 15+ years of experience with Cyber Security including recent hands-on experience conducting audits and remediations, investigation of security incidents, and other security tasks as needed.
• Bachelor’s degree or higher in Computer Science, ideally with Cyber Security specific certifications.
• Experience managing a small team of security analysts. Hiring, coaching and mentoring them as needed.
• Ability to work closely with Engineering, Operations, Legal, and Compliance teams on security related tasks and initiatives
• Experience with obtaining and maintaining HiTrust certification
• Experience with maintaining HIPAA and PCI Compliance at an Ecommerce (D2C) Company

Compensation, Benefits, & Additional Details:

At Health-E Commerce, our goal is to provide an offer that supports growth potential within the role and allows for future salary progression.  Final compensation is evaluated on various factors which include but aren’t limited to experience, skills, internal equity among peers, and geographic location.

• Compensation: $150,000 - 180,000
• Discretionary Annual Bonus Eligibility: Up to 25%
• Medical, Dental, Vision, and 401K with a company match
• Dependent Care, FSA & HSA accounts
• Paid Parental & Bonding Leave
• Flexible PTO & office closure on all major holidays
• Monthly wellness & internet reimbursements
• Professional development including certification support & leadership coaching
• Mental Health resources
• 100% remote within the United States
• Must be able to work EST hours