At HEADCHECK Health, our goal is simple: we want to improve outcomes for athletes by preventing mismanaged head injuries. Our tools are designed to help all those involved in the identification, management, and care of a suspected concussion. Whether at the amateur or professional level, HEADCHECK’s end-to-end solutions enable organizations of all types and sizes to execute their current concussion protocols, support athlete recovery, and mitigate risk.
Over 3000 progressive organizations, from professional sports leagues like Major League Soccer to local grassroots community sports teams, are empowered by HEADCHECK Health to make a difference for their athletes.
As the Information Security and Compliance Lead you will provide authoritative level security consulting, technical planning, technical design/architecture, and operational direction to ensure timely identification, prioritization and communication of key IT risks and ensure that mandatory governance and certifications, such as SOC2, are completed each year. InfoSec Lead works with both technical and non-technical team members to identify, propose, and implement information security measures for the organization.
Key Responsibilities:
- Ensure HEADCHECK is compliant to applicable laws, regulations, certifications and security best practices
- Coordinate and enforce all efforts related to IT security compliance and regulatory requirements
- Support the implementation of a comprehensive security program which includes security incident management processes and frameworks such as NIST, SOC and HITRUST. Coordinate and perform ongoing monitoring of compliance to the security framework controls
- Maintain current knowledge of applicable privacy laws and accreditation standards (i.e., HIPAA, PIPEDA, GDPR and more), and stay apprised of advancements in information privacy technologies to ensure organizational adaptation and compliance
- Create a culture of security awareness, ownership and accountability across the company and facilitate IT security training and best practices for the business.
- Communicate key metrics regarding IT Security performance and industry advancements to leadership
- Lead and handle event management concerning the configuration, monitoring, compliance and strategic discussion of meaningful systems, including applications, servers, and user-based behavior
- Lead Investigations of all security incidents and provide input into post incident reviews including recommendations regarding remediation and prevention of recurrence
- Lead the vulnerability management program, including working with product owners to fulfill remediations
Passions, skills, and competencies would include:
- Passion for health, sports and technology & want to help us bring them together
- BS/MS Degree in Engineering, Computer Science or equivalent
- Computer Engineering Professional Security Certification (e.g. CISSP, CISM); Information Network Certification, CCENT/CCT, CCNA, CCDP, or other is an asset
- 5+ years of Information Security experience
- Solid understanding of monitoring solutions
- Highly analytical, able to quickly analyze high-level issues and see them through to resolution
- Strong knowledge of Internet and network security technologies such as: TCP/IP, firewalls, routers, switches, IDS/IPS, Web Proxy, VPN, Encryption technologies, hardening techniques, and forensics
- Strong knowledge in identity management, authentication, encryption, and health data practices
- Strong familiarity with Data Privacy laws and Information Security frameworks, guidelines, and standards such as NIST, PCI & OWASP Top 10
- Understands information Network and Security concepts, protocols, industry standard methodologies and strategies related to enterprise Network and Security
- Excellent oral, written, and interpersonal communication skills
- Confirmed ability to work independently and cross-functionally business team members
- Strong problem solving and decision-making skills
Job Type: Full-time