Position Overview

Outset is looking for a hands-on information security leader to lead cyber security operations across the company. The security leader will be responsible for developing policies and procedures, executing security projects and conducting security operations. The security leader will collaborate with engineering, IT, quality, regulatory, program management, and other members across the organization to build effective security operations.

As the head of information security, governance, and compliance, you will be responsible to lead the company wide policies on cybersecurity and privacy. To do so, you will need to influence and keep accountable every function of the company, from IT and software to Sales and Operations, design and implement company-wide processes to continuously improve our cybersecurity posture, be an advocate for patient and customer privacy, lead the security council, and report to the executive team and board of directors on the overall security and privacy posture of the company.

Ideal candidates must have excellent problem-solving skills, a high degree of attention to detail, strong organizational skills, and a proven track record developing enterprise-grade security platform. This leadership position is an excellent opportunity to work for a growing medical device startup.

Responsibilities/Functions:

• Develop security strategy and roadmap to create best-in-class security for a medical device company
• Manage information security program assessment from initial planning, scheduling, communications with systems owners and related stakeholders through to final reporting to the executive team
• Function as a Security Lead and Subject Matter Expert (SME), responsible for managing security for all environments – Tablo medical device, cloud and on-premise
• Conduct technical evaluation of information system design, focusing on information security aspects and accreditation according to the NIST and CIS 20 framework
• Implement and monitor a comprehensive enterprise information security and IT risk management program
• Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and policies.
• Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene the Incident Response Team as needed, or requested, in addressing and investigating security incidences that arise.
• Influence technology decisions as a member of our engineering leadership

Required Qualifications

• 15 industry experience in a security function
• A B.S. or M.S. in Computer Science or related field, or equivalent experience

Desired Qualifications

• Security certificate is a plus: CISSP, CISA, CEH, CISM, ISSAP, ISSEP
• Experience leading organization through certification such as FIPS, FedRamp, HiTrust
• Demonstrated experience with CloudTrail, AWS Core Services like (EC2, VPC, ELB and S3) and DDoS Mitigation (Shield, WAF, CloudFront)
• Demonstrated ability to configure and deploy secure and solution, including solutions such as SAML-based federation, Web, custom brokers, etc.
• Knowledge of risk assessment tools, technologies and methods
• Expertise in designing secure networks, systems and application architectures
• Disaster recovery, computer forensic tools, technologies and methods
• Planning, researching and developing security policies, standards and procedures
• System administration, supporting multiple platforms and applications
• Expertise with mobile code, malicious code, and anti-virus software
• Endpoint security solutions, including file integrity monitoring and data loss prevention
• Ability in deploying logging and monitoring tools over large deployments and automating event response
• Experience configuring and securing web applications, including WAF, DDoS mitigation strategies and application hardening
• Experience working in a customer-facing technical role
• Impeccable written and oral communication skills