Information Security Manager

About Stellar Health :

Historically, US Healthcare has relied on a fee-for-service reimbursement system where providers are paid based on the quantity of patient visits and procedures, rather than the quality of health outcomes.

At Stellar Health, we help primary care providers put patient health first. Our platform - a mix of technology, people, and analytics - supports providers at the point of care, delivering real-time patient information, activating practice staff, and empowering providers and care teams with incentives that reward the work they are already doing to keep patients healthy. Using the Stellar App, our web-based, point-of-care tool; practices receive a simple checklist of recommended actions that support the best quality care. Providers and care teams are then paid monthly for each action they complete, and Payors save money in reduced healthcare costs along the way.

Stellar is a US-based Health-tech backed by Top VCs (General Atlantic, Point72, & Primary Venture Partners) with an established product & proven operating model. We've shown that we make a real difference for physician practices and their patients.

About the position :

Stellar Health is looking for an Information Security Manager to help prioritize and drive our Information Security program and investments. We are looking for an individual that is passionate about building out new security processes that are thoughtful in their design for both external users, customers, and teammates.

Stellar Health operates in the HealthTech space and is HITRUST R2 certified. This role will help ensure our security program is proactive as possible by :

Helping reduce the effort to maintain and demonstrate our alignment to HITRUST by automating the collection of evidence, as well as deploy continuous testing of controls.Staying aligned with our cross-functional teams as they deliver on their controls and support our security processes. Bolster and improve our internal security processes as a security team by partnering with our leadership team to set strategic priorities for the team, informed by our organization and platform services' threat models.

How you'll make an impact :

By 3 months you will...

Have a solid foundation of our current security posture, controls, and security processes, what is working well and where there are gapsHave a prioritized list of areas of improvement and / or investments to help reinforce and improve our security postureImplemented 1-2 improvements to current processes and / or automations to ensure a security control is working appropriately, examples of potential improvements : Ensure all Git repos align with our change management standards around PR reviews, automated code testing, deployments and any required security reviewsImplement continuous testing of our endpoint configurations to ensure they align to our security standards (e.g. all endpoints are encrypted at rest, have security agents deployed)

By 6 months you will...

Aligned with senior leadership around team skillset and staffing needs to maintain security processes and operationsCollaborated with other teams that support our security controls to expand the list of improvements to include non-security pain points in evidence collection or inefficient processesDelivered first quarter of 1-2 projects from the prioritized list of areas of improvementEstablished a process to review high risk applications and systems with System Owners to ensure they align to any applicable security standards / controls and other security recommendations

What You'll Bring :

4-5 years of security program & engineering experience building and implementing security tooling and processesStrong familiarity and experience helping secure cloud environments and infrastructure, preferably AWSSupported, and preferably led, external audits of security frameworks (e.g. SOC 2 Type 2, ISO 27001, HITRUST)Experience with coding and automation, preferably Python and / or Terraform

Who will love this job :

• You enjoy a tight partnership and daily interactions with DevOps and IT engineers to deliver on technical projects and process improvements
• You are passionate about designing thoughtful, business-focused solutions to security problems vs implementing a security "best practice" solution when not applicable
• You appreciate the need to audit and validate security controls, but would much rather automate the work where possible so you can focus your efforts on creating strong proactive partnerships and further reducing security risks elsewhere

Pay :

The salary range for this role is $170,000 - $200,000 + an annual performance based bonus. Where a new hire falls within this range will be based on their individual skills and experience, and how these competencies compare across other employees in the same role. Stellar's bands are designed to allow for individual compensation growth within the role. As such, new hires typically start at the lower end of the range. Stellar rewards performance and outcomes - should you join the company, you will have the opportunity to grow your salary over time.

Perks & Benefits :

Stellar offers a carefully curated selection of wellness benefits and perks to our employees :

Diversity is the key to our success . Stellar Health is an equal opportunity employer and we are open to all qualified applicants regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, veteran status, or any other legally protected status.

We believe that diverse teams -and the different identities, cultures, and life experiences our team members bring to the table- enable us to create amazing products, find creative solutions to interesting problems, and build an inclusive working environment.

Stellar Health Employment Privacy Notice

At Stellar Health, your privacy and security as a job seeker is a priority no matter where you are in the interview process . As recruiting scams have become more prevalent, please take note of the following practices to ensure the legitimacy of any interaction with our team.

If you are ever unsure whether you are in contact with a legitimate Stellar Health teammate, please contact people-team@stellar.health. If you believe you've been a victim of a phishing attack, please mark the communication as "spam" and immediately report it by contacting the U.S. Federal Trade Commission.