Information Security Officer
Los Angeles, CA, United States
**Location**
Remote, Los Angeles
Were looking for a proactive and personable Information Security Officer. Youll be part of a growing team working across the whole business in this important role. You will have day-to-day responsibility for the management and execution of all information security projects and tasks. The role would suit someone who is still growing in the field of information security, has implemented or maintained the ISO 27001 standard, and has previous experience of working in a regulated industry (preferably healthcare).
**About you**
* You are passionate about businesses that deliver improvements in health and wellness, and are excited by the power of technology to change peoples lives.
* You have excellent knowledge of general security risks, at both technical and business level with experience leading key projects relating to information security.
* You have expertise in information security technologies: firewalls, intrusion detection, assessment tools, encryption, certificate authority, etc., and knowledge in information security areas such as identity and access management, security policies, processes, and procedures.
* You are able to hit the ground running in a fast-paced environment with a growing workload, and are able to solve problems and find solutions with minimal hand holding.
* You have excellent verbal and written communication skills to articulate technical knowledge to non-technical audience.
* You are resilient, empathetic, collaborative, detail-oriented, and self-motivated with excellent organizational, time and project management skills.
* You are a logical thinker with a proactive approach to work and are a real tech person at heart with a passion for high quality information security.
* Nice to have
* You are working towards CISSP, or are already certified as CISM, CISA, Security+ etc.
* You have experience of working in both public cloud (AWS, Azure) and private cloud/on-premise environments.
* You have experience working with product and development teams.
* You have experience working in a start-up and have a risk based approach to information security.
**Responsibilities**
* Lead and complete information security due diligence processes during the contracting phase with clients and third party service providers.
* Maintain, audit, and improve the software platform.
* Provide expert professional advice across the company on Information Security best practice.
* Work closely with the engineering team to research, manage and implement new features, changes, improvements, and complete systems in an effort to keep the business secure in todays fast changing landscape.
* Oversee Security in project and development activities, to ensure information security risks are identified and addressed.
* Ensure compliance with regulatory requirements by providing advice to Compliance.
* Understand security frameworks (e.g. ISO 27001/2, NIST, etc.), data protection and regulatory compliance (e.g. FCA, ICO, DPA 2018, GDPR) to ensure the confidentiality, integrity and availability of information systems
* Work with contracted third parties for penetration testing, vulnerability scanning, network boundary security etc.
* Lead the internal information management forum on a quarterly basis as part of ISO 27001.
* Continuously improve and deliver information security awareness programs to all new and existing staff.
#J-18808-Ljbffr