What are the responsibilities and job description for the Senior Director, Information Security position at Well?
Brief Description
Company: Well is a healthcare innovation company with the heart of a services organization and the DNA of a SaaS platform. Our Dynamic Engagement System transforms workforce health by uniting AI, human guidance, and proven behavioral science to reduce costs, improve outcomes, and create resilient, thriving workforces. We partner with the world’s largest, most sophisticated employers and the consultants who advise them. We’re a highly diverse and engaged organization whose employees are passionate about the mission of the company and whose management is passionate about the employees. We promote an employee- and member-centric culture with generous benefits, which you can learn more about here: https://www.well.co/careers.
Position Title: Senior Director, Information Security (Security Officer)
Reporting to: VP, Legal & General Counsel (Privacy Officer)
Location: Preference for Chapel Hill, NC or Newton, MA
Compensation: $190,000 - $230,000 per year, depending on qualifications, plus bonus potential and benefits
Description: As the Security Officer for Well, you will collaborate with executive management and key operational teams to determine acceptable levels of risk for the organization and you will be responsible for developing and maintaining the company’s information security management program, which includes policies designed to protect enterprise communications, systems and assets from both internal and external threats. Reporting to the VP, Legal & General Counsel, you will provide independent partnership to our key operational teams, most notably the technology organization, driving both the development of policies that achieve the right posture, given our strategic and operational needs, and consulting on the implementation of such policies that you own and maintain on an ongoing basis. You will also serve as the subject matter expert and key contact for customers on security and member data privacy issues as they relate to the use of our platform, in close collaboration with the General Counsel (Privacy Officer). Additionally, you will collaborate with the General Counsel to provide independent risk reporting and escalation directly to the Board of Directors.
Key Responsibilities
Well is on a mission to redefine the healthcare experience. This is an opportunity to re-shape healthcare for America. We are developing solutions to improve the quality and affordability of healthcare. We welcome team members who are passionate about that mission. We embrace diversity and are committed to building an inclusive team.
Well is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. We seek diversity and encourage individuals from underrepresented groups to apply.
Company: Well is a healthcare innovation company with the heart of a services organization and the DNA of a SaaS platform. Our Dynamic Engagement System transforms workforce health by uniting AI, human guidance, and proven behavioral science to reduce costs, improve outcomes, and create resilient, thriving workforces. We partner with the world’s largest, most sophisticated employers and the consultants who advise them. We’re a highly diverse and engaged organization whose employees are passionate about the mission of the company and whose management is passionate about the employees. We promote an employee- and member-centric culture with generous benefits, which you can learn more about here: https://www.well.co/careers.
Position Title: Senior Director, Information Security (Security Officer)
Reporting to: VP, Legal & General Counsel (Privacy Officer)
Location: Preference for Chapel Hill, NC or Newton, MA
Compensation: $190,000 - $230,000 per year, depending on qualifications, plus bonus potential and benefits
Description: As the Security Officer for Well, you will collaborate with executive management and key operational teams to determine acceptable levels of risk for the organization and you will be responsible for developing and maintaining the company’s information security management program, which includes policies designed to protect enterprise communications, systems and assets from both internal and external threats. Reporting to the VP, Legal & General Counsel, you will provide independent partnership to our key operational teams, most notably the technology organization, driving both the development of policies that achieve the right posture, given our strategic and operational needs, and consulting on the implementation of such policies that you own and maintain on an ongoing basis. You will also serve as the subject matter expert and key contact for customers on security and member data privacy issues as they relate to the use of our platform, in close collaboration with the General Counsel (Privacy Officer). Additionally, you will collaborate with the General Counsel to provide independent risk reporting and escalation directly to the Board of Directors.
Key Responsibilities
- Partner with infrastructure and engineering teams to develop and monitor a strategic, comprehensive enterprise security and IT risk management framework and program
- Work directly with the business units to facilitate risk assessment and risk management processes
- Understand and interact with related disciplines (e.g., through committees or working groups) to ensure our policies are tuned correctly to balance strategic and operational realities, and the consistent application of our policies and standards across all technology projects, systems and services
- Serve as a subject matter expert and point of contact for customers, potential customers, and sales colleagues on security and member data privacy issues as they relate to the use of our platform (e.g., in RFP responses, contracts, implementation, security audits)
- Lead selection and management of external vendors to conduct third-party audits, assessments and certifications (e.g., HITRUST, SOC2, etc.)
- Partner with infrastructure and engineering teams to design, maintain, and regularly test business continuity and disaster recovery strategies to ensure platform resilience and data availability, as well as to lead incident response plan (IRP) development and act as quarterback for IRP issues
- Partner with infrastructure and engineering teams on continuous security monitoring operations, vulnerability management programs, threat intelligence, and the deployment of the corporate endpoint/network security stack
- Partner with business stakeholders across the company to raise awareness of risk management concerns and ensure compliance with required policy acknowledgments and training
- Assist with overall business technology planning, providing a current knowledge and future vision of technology and systems
- Take personal responsibility for keeping all Well systems and data, including sensitive member data, secure and safe, according to Well data and security policies and HIPAA guidelines
- Minimum of 8 years of experience in a combination of compliance, risk management, information security and IT roles in a high-growth organization
- Knowledge of common information security management frameworks, such as SOC, HIPAA/HITRUST, NIST and ISO
- Demonstrated ability to develop effective security policies and governance programs in a health-related business context
- Commercially minded, strong track record of partnership across the business, including successful collaboration with technical teams
- Deep understanding of software engineering workflows and work products along with the ability to apply this knowledge to optimize strategies that achieve strategic alignment with organizational objectives
- Experience with Cloud computing across virtualized environments
- Professional security management certification(s)
- Experience with contract and vendor negotiations and management, including managed services
- Familiarity with internal audit methodologies applicable to SaaS companies, IT general controls (ITGC) testing, and control framework evaluation (e.g. COSO, COBIT); experience building or managing an internal audit function
- Familiarity with AI security best practices and governance frameworks (e.g., NIST AI RMF, OWASP LLM Top 10, ISO/IEC 42001), including experience assessing and mitigating AI-specific risks such as model security, data integrity, and prompt injection in a healthcare or SaaS context
Well is on a mission to redefine the healthcare experience. This is an opportunity to re-shape healthcare for America. We are developing solutions to improve the quality and affordability of healthcare. We welcome team members who are passionate about that mission. We embrace diversity and are committed to building an inclusive team.
Well is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. We seek diversity and encourage individuals from underrepresented groups to apply.
Salary : $190,000 - $230,000