Chief Information Security Officer

Company Overview

We provide solutions that make a meaningful difference in healthcare. Founded in 1995, MIE serves as the innovation engine for business units that serve hospitals and health systems, physician practices, Fortune 500 employers, government agencies, and consumers. MIE’s web-based health information technology platform is helping physicians, nurses, and administrators make a meaningful difference in healthcare delivery across the globe.

Key Responsibilities

• Strategic Security Leadership:
  • Develop and implement the organization's information security strategy.
  • Provide regular security updates to the CIO, other executives, and the board of directors, including presentations on security matters.
  • Represent the organization in security-related matters with external parties, including vendors and auditors.
  • Work closely with the CIO and operate as a member of the DevOps team to emphasize and implement our security initiatives.
• Risk Management:
  • Conduct regular risk assessments and vulnerability scans using tools like Rapid7 IVM and internal tracking systems.
  • Oversee the development and implementation of incident response plans and conduct tabletop exercises with DevOps team members.
• Compliance and Audit:
  • Ensure compliance with relevant regulations and standards, including HITRUST, NIST, DirectTrust, HIPAA, and SOC 2 (Type II), ISO.
  • Manage internal and external security audits, including evidence collection and preparation.
  • Oversee the evidence collection process for audits, working with third-party auditors for response submission.
  • Work closely with business development and legal to assist with security compliance requirements.
  • Assist with identifying and implementation of international security compliance.
• Policy and Procedure Development:
  • Develop, review, and update information security policies and procedures, such as the Vulnerability and Patch Management Procedure and Data Center Access Procedure.
  • Ensure policies are communicated and enforced throughout the organization, including through security awareness training.
• Security Operations:
  • Participate in the day-to-day operations of the security team and manage security tools and technologies, including Check Point, SentinelOne, and intrusion detection systems.
  • Monitor security alerts and respond to incidents, including phishing attempts reported through the various tools.
• Team Management:
  • Lead and mentor the security team, reviewing tasks and responsibilities working closely with the DevOps team members.
• Vendor Management:
  • Evaluate and manage security vendors, including VDA Labs, KnowBe4, reviewing security agreements and contracts.
  • Perform vendor audits and maintain required documentation.