Director, Security & Privacy

Who we are:

EHE Health is the leading national preventive healthcare provider network partnering with mid- and large-sized employers to help their employees and dependents stay healthy by screening and diagnosing health risks through comprehensive exams, allowing for early intervention. Named by Fortune Magazine and Great Place to Work® as one of the Best Workplaces in healthcare, EHE Health is headquartered in New York City and has over 200 health clinics and practices across the U.S., staffed by a network of curated primary care physicians and clinicians.

EHE Health was recently acquired by Consello Capital, the private equity arm of Consello. This transformative partnership leverages Consello’s proven expertise in scaling high-growth ventures and its extensive network of industry leaders. Together, EHE Health and Consello will unlock unprecedented opportunities to accelerate EHE Health’s mission of revolutionizing preventive care.

What we’re looking for:

EHE is looking for a talented Director, Security and Privacy to support our IT and Privacy & Security teams in ensuring proper security protocol and procedures around all of our infrastructure. The Director, Security and Privacy will facilitate and implement processes to assess the compliance of our security policies in accordance with standard frameworks. They will regularly perform internal audits, risk assessment, and security analyses to keep all processes and controls in optimal form. The ideal candidate will be detail-oriented, proactive, and collaborative while managing the complete incorporation of security best-practices across the organization.

In this role, you will:

• Perform information systems security and assurance audits of networks, systems, applications, platforms, databases, and operating procedures in accordance with established auditing standards
• Participate in vulnerability and risk assessment reviews and evaluations of the EHE’s IT infrastructure to determine adequacy of the controls to detect and prevent unauthorized activities, provide an acceptable level of risk to the organization, and establish controls to mitigate loss
• Conduct third party risk assessments and oversee adherence to EHE requirements
• Communicate with and educate process owners on the importance of controls and an effective control environment
• Analyze security event data from customer computing platforms, network elements, and security devices
• Perform health checks on relevant operational systems
• Generate routine metrics and operational reports
• Perform threat research on emerging cyber-attacks that could impact our clients and patient
• Develop actionable, repeatable, measurable, and reportable security strategies
• Promote awareness of security policies and related security topics
• Lead EHE's response to all client and prospect security and privacy inquiries

What the role requires:

• Bachelor’s degree in related field required
• 5-7 years of related experience in change management and steering third party compliance audits and network/wireless/web app penetration tests, and acting upon remediation recommendations
• Comprehensive understanding of National Institute of Standards and Technology (NIST) 800-53, ISO27001/27701, SOC2 Type 2 and similar regulations
• Deep knowledge of Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH Act), and the Sarbanes-Oxley Act (SOX)
• Excellent written and verbal communication skills, with the ability to present and clearly disseminate information to all audiences, internal and external
• Overall knowledge and usage of cybersecurity tools, such as SIEM, EDR, and XDR
• Proven track record implementing strong identity and access management policies to enforce the principle of least privilege across all infrastructure and SaaS applications
• Robust experience analyzing cloud infrastructure misconfigurations and prioritizing risk-based mitigations
• Strong familiarity automating application security testing (SAST/DAST/SCA) and executing remediations
• Demonstrated interest identifying emerging technology risks (e.g. software supply chain and AI)

What we offer:

• Competitive salary
• Medical, dental, vision, life and disability insurance
• Employer-matched 401(k) plan
• Professional development reimbursement
• Employee access to our wellness clinics
• Gym reimbursement/Fitness bonus

The salary range for this role is $125,000 - $175,000 and is determined by a number of factors including the candidate's experience, qualifications and skills.

EHE is committed to Equal Employment Opportunity and to attracting and retaining the most qualified employees.