Website Loyal Health
Job Title: Principal, Cybersecurity & Data Privacy (100% remote)
Location: Remote (USA). HQ Atlanta, GA
• Unlimited paid time off, sick and personal days
• Full health, dental, and vision insurance – Loyal pays the premium for all employees!
• Long term & short term disability
• Professional development stipend
• 401[k] plan
Our mission: Loyal is a fast-growing healthcare technology company that recently raised its Series A. Founded in 2015, we are building healthcare’s smartest consumer experience platform, driven by a powerful, integrated data layer. Our remote-friendly team believes that health seekers deserve clarity in their healthcare journey, and we provide our clients with tools that connect and empower at every level of the healthcare ecosystem.
Why this role exists: Loyal believes that our people are our most valuable asset – if you’re energized by the prospect of joining a quickly growing technology company that will truly appreciate the work you do, collaborate with you at the highest level and commit to working with you as key driver of our company’s strategy, this might be a great fit!
In this role, you will lead the software security, hardware security, physical security program at Loyal. You will act as Loyal’s Security and Privacy Officer, taking on a leadership role to drive our security and compliance. The security engineering team also supports Loyal’s product development team to ensure that security is baked in throughout our infrastructure and software development lifecycle.
Our ideal candidate has the strong technical knowledge and leadership skills required to implement and manage programs while continually meeting the challenging demands in security and compliance (software security/hardware security/physical security). At Loyal, you will have the freedom and responsibility to make a major impact as an IC within the company and the growth potential to also build your own team.
Compensation: 150k – 180k DOE + Equity
• 5+ years of experience in the domains of information security or software engineering
• Experience with defining and implementing security in cloud environments (especially Microsoft Azure)
• Knowledge and experience with Internet application and mobile app security practices and techniques, especially OWASP
• Knowledge and experience in maintaining operational computer and network security, applied cryptography, intrusion detection and prevention, identity and access management, application security, automated security patching, and vulnerability scanning systems
• Experience administering information security programs including risk assessments, designing security architectures, developing policies, gathering metrics, and reporting status
• Professional experience with information security in enterprise SaaS services strongly preferred
• Experience championing the adoption of security into the SDLC via process, CI/CD automation and formal security reviews of new products
• Experience working in an engineering culture that emphasizes DevOps, and continuous delivery
• Conduct Threat Modeling against new features and bug fixes, be able to teach Engineering on how to conduct Threat Modeling during code reviews
• Ability to cooperatively and effectively work with people from all organizational levels
• Excellent written and verbal communication skills; proven security program and project management skills
• Bachelor’s Degree in Computer Science or equivalent experience
• Build and maintain product security strategy, roadmap and metrics
• Build monitor/alert infrastructure for intrusion prevention
• Creation and administration of disaster recovery plans
• Run risk management reports and conduct quarterly reviews for key vendors
• Support Loyal’s compliance programs – SOC2, HIPAA, ISO, and HITRUST via the development, implementation and governance of common controls for our products and infrastructure
• Support Loyal’s product development organization by facilitating the software security program
• Security governance with software security metrics, security OKRs for engineering teams and quarterly security service delivery reviews
• Provider training for employees on an annual, quarterly, and new hire basis
• Support security risk management
• Participate in the Security and Privacy steering committee; periodically update senior executive staff on product security initiatives
• Facilitate information security assessment and testing, including: penetration testing, vulnerability scanning and mitigation, secure coding and testing practices, authentication, access, and authorization controls
• Maintain a strong customer focus and translate customer needs into security, privacy and compliance features and public facing documents
• Answer customers’ questions about security
• Proactive contributor to our culture of kindness
• Low ego, high humility
• Driven beyond KPI’s
• Ability to look at the big picture
• Empathic and curious
• Flexible mindset
• Eager to learn and expand knowledge
• Passion for the industry, compassion for the people you’re helping
Though our headquarters are in Atlanta we are a remote-friendly company – if you feel that you are a great fit we encourage you to apply from anywhere in the United States.
To apply for this job please visit jobs.lever.co.