Join our mission to help more people live healthier, happier lives.
At Pattern Health, we believe that thoughtfully built technology can inspire and accelerate digital health innovation to deliver more impact with less hassle.
We also believe that a diverse team that represents our customers and users strengthens our ability to develop innovative products and services. Accordingly, Pattern Health seeks team members from a broad range of backgrounds, cultures, identities and experiences who are engaged with and committed to the success of our customers and each other.
This is a unique opportunity to take a leadership role in a small but fast-growing and mission-driven team. As Pattern Health’s Security and Compliance Manager, you will report to the CTO and be asked to work independently using your experience and technical knowledge to help ensure the security and regulatory compliance of our product and operations, to cultivate a company culture that embraces and integrates compliance, and to work with customers and third party assessors to assess, communicate and scale our security and compliance program. We work hard, but we are laser focused on the impact. If this sounds like you, we encourage you to keep reading!
About the Security and Compliance Manager role
Pattern Health is seeking a Security and Compliance Manager to lead information security and compliance of our product and operations. This role will be responsible for managing and improving Pattern Health’s security and compliance program across the organization, scaling and maturing the program as the company grows.
Our ideal candidate is passionate about our mission, customer-centric, growth oriented, and relentlessly focused on getting the job done.
A little bit about you:
- You have experience in security and compliance with relevant certifications, information security audit and securing cloud hosted IT systems.
- You have demonstrated experience conducting risk assessment audits with common control frameworks such as SOC2, ISO 27000 series, and/or HITRUST, and with regulations and standards such as HIPAA/HITECH, FISMA, NIST, 21 CFR Part 11 or 820.
- You have demonstrated leadership, consultative and advisory skills for security compliance programs.
- You have technical experience working with SaaS companies using Amazon Web Services (AWS).
- You have a thorough understanding of Software Development Life Cycles, and of FDA’s Computer Software Assurance (CSA) approach to software quality.
- You communicate effectively with individuals and groups in both business and training style environments.
- You are able to create, compose, and edit written materials with precision and accuracy.
Any of the following will help you stand out:
- You have experience in building and leading a security compliance team.
What you'll do:
- Continuously improve, strengthen and scale the company’s security and compliance program in coordination with internal and external teams and partners, prioritizing strategies that focus on improving quality and mitigating risks.
- Support security compliance product and program initiatives, audits and benchmarking of security policies against good practice and standards.
- Perform information security risk assessments, static and dynamic vulnerability scans, penetration tests and manage gap analyses.
- Track and manage security incidents, responses and security investigations through resolution.
- Manage compliance with standards and regulations including HIPAA/HITECH, ISO 27001, FISMA, 21 CFR Part 11 and 820, NIST, SOC, EU GDPR and more using HITRUST and other frameworks.
- Conduct annual HITRUST assessments and work closely with our third party assessor on certification audits to maintain our HITRUST certification.
- Conduct FISMA assessments as needed and assemble documentation required by federal government sponsored contracts.
- Assist with analysis and documentation of audit remediation actions related to security.
- Coordinate and provide security responses to customer questionnaires or internal questions.
- Take part in discussions with customer security teams and auditors regarding security and related interests.
- Review vendor and customer security contract terms against current policies, procedures and product capabilities.
- Clearly communicate information security principles and practices to technical and non-technical audiences in writing and verbally.
- Support the development and maintenance of information security policies, standards, and guidelines in alignment with applicable laws, common security frameworks and leading practices.
- Participate in development of training curriculum, conducting security awareness campaigns and evaluating the effectiveness.
- Facilitate the execution and continuous improvement of third-party risk management processes.
- Advise the product and engineering teams on internal and external compliance product requirements, and be Pattern Health’s subject matter expert on security and compliance across both product and operations.
This is a full-time position that includes a competitive salary, flexible remote work policy, health insurance, equity, retirement plan, paid holidays, discretionary time off and other benefits. Our headquarters are in Durham, NC, one of the highest ranked cities in the country for growth, entrepreneurship, affordability, smarts, dining and entertainment.
To learn more, please email us at careers @ pattern.health.