Senior Director of Information Security/CISO

Marathon Health is a leading provider of advanced primary care in the U.S., serving 2.5 million eligible patients through approximately 630 employer and union-sponsored clients. Our comprehensive services include advanced primary care, mental health, occupational health, musculoskeletal, and pharmacy services, delivered through our 680+ health centers across 41 states. We also offer virtual primary care and mental health services accessible in all 50 states. Transforming healthcare delivery with a patient-first approach, we prioritize convenient access to both in-person and virtual care, resulting in improved health outcomes and significant cost savings. Committed to inclusivity and collaboration, we foster a positive work environment and recruit exceptional talent to ensure expertise and compassion in healthcare delivery. Marathon has been recognized as a five-time Modern Healthcare Best Places to Work in Healthcare winner and a six-time Best in KLAS award winner for employer-sponsored healthcare services.

Director, Information Security

Marathon Health is a growing national employer-based healthcare provider, and we are looking for a Sr Director of Information Security. This role will work closely with the CTO to develop and execute our cybersecurity program which involves protecting the organization's assets, applications, systems, and technology while enabling and advancing business outcomes. Work with business leaders to educate and manage technology risks. This role will also operate as our CISO and be a trusted advisor for both technical and non-technical executives. She/he will lead cybersecurity operations and implementing disaster recovery protocols and business continuity plans with business resilience in mind. This is a remote-friendly position that can be located anywhere in North America.

This role will involve external conversations and interactions with both clients and vendors in support of Marathon’s security program. The Sr. Director will also head the SOC 2 Type 2 programs and any future state certification or assessment.

Responsibilities

• Reporting to Marathon Health’s CTO, you will execute on the vision, strategy, and roadmaps for our Security programs aligning to strategic business plans with sensitivity to operating in a dynamic Healthcare setting.
• Building and driving a cybersecurity strategy and framework, with initiatives to secure the organization's cyber and technology assets
• Continuously evaluating and managing the cyber and technology risk posture of the organization
• Lead and direct and Marathon Health’s internal and outsourced security teams to execute on the roadmap defined by our CTO
• Manage the prospect, client and 3rd party security assessment fulfillment process.
• Work with cross-functional teams including Technology, Legal, Privacy, Finance, Internal and External Auditors to achieve corporate objectives relating to information and data security
• Identifying vulnerabilities
• Developing and implementing comprehensive risk treatment plans to protect Marathon’s assets
• Monitoring compliance with the information security policies
• Keeping up to date with IT security standards and emerging threats
• Partner with legal and compliance teams to create and support a security culture through education and awareness programs designed to reduce the risks to the enterprise while also engaging key business leaders to ensure business unit involvement
• Maintain up-to-date knowledge of emerging technologies and services that will help Marathon maintain its technical edge and evolution
• Architect, prioritize, coordinate, and communicate the choice of security technologies necessary to ensure a highly secure yet frictionless computing environment
• Assists in the evaluation of overall risk for IT systems and the data they contain and process, accounting for the people, processes, and technologies that provide security controls
• Serving as an Information Security expert, contribute to the definition of overall IT architecture and advise regarding the data security aspects of transactions (e.g., customer agreements, third-party data sharing agreements
  
  

Qualifications & Additional Responsibilities

• Bachelor’s Degree in Business, Computer Science, or other related field or equivalent experience
• Bachelor's degree in Computer Science, Information Technology, or a related field or equivalent experience
• 10+ years of experience in a combination of risk management or information security, and information technology management roles
• 10+ years in a senior leadership role in security or similar role
• Knowledge and understanding of relevant legal and regulatory requirements, including HIPAA (Health Insurance Portability and Accountability Act), and PCI-DSS, Service Organization Control (SOC) or Hi-Trust
• Experience with cloud computing technologies, especially AWS (Amazon Web Services), with security commitments to customers and partners
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs
• Demonstrated experience with Application Security, DevOps, or Cloud Security functions as a leader or in a people management role
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical
• Ability to collaborate effectively with diverse teams and stakeholders
  
  

Pay Range: $170,000 - $195,000

The actual offer may vary dependent upon geographic location and the candidate’s years of experience and/or skill level. This position is also eligible for an annual incentive.

We are accepting applications for this position until a final candidate has been selected. To apply to this position and learn more about open jobs at Marathon Health, visit our careers page https://www.eversidehealth.com/careers/.

Marathon Health Benefits Summary

We believe in empowering teammates to do their best work and build better healthcare. Below are some of our benefit offerings. Eligibility is based on 24/hr week.

• Health and Well-Being: Free Marathon Health membership for in person and virtual care, employer paid life and disability insurance, and choice in medical/dental plans, vision, employer funded HSA, FSA, and voluntary illness, accident and hospitalization plans. Benefits are effective on the first of the month following date of hire.
• Financial Support: Competitive compensation, 401k match, access to financial coaching through our Employee Assistance Program
• Lifestyle: Paid time off for vacation, sick leave, and more, holiday schedule