Who We Are:

CirrusMD is a different kind of telemedicine company. In less than a minute, patients reach a live, licensed physician via mobile app or browser, conversing at their pace and convenience. Available 24/7/365, CirrusMD’s integrated care is delivered via board-certified doctors who can treat a broad range of conditions, from acute to chronic, and from primary care to specialty areas, including behavioral health. CirrusMD is available to 10 million users across all 50 states, and exclusively offered through employers and health plans. Learn how CirrusMD is transforming virtual care: cirrusmd.com

Who We’re Looking For:

As the IT & Cybersecurity Program Manager you will support and lead initiatives related to governance, risk, compliance, and enterprise information security and operations. You will manage our established control environment and cybersecurity program(s) including policy, standards, procedures, and documentation. You will oversee our cybersecurity education and training program, manage annual security and compliance assessments, lead table-top exercises, and optimize processes to meet and maintain compliance for specific standards such as ISO27001, HIPAA, and SOC2.

You should be comfortable improving and supporting programs to help mature our overall enterprise security posture. You will research, recommend (and at times) implement new technologies and practices while staying up with industry trends. You should have a technical background in Governance Risk and Compliance (GRC), with specific experience creating and implementing IT security policies and systems to meet organizational objectives.

What You’ll Accomplish

• Manage CirrusMD’s cybersecurity program to keep pace with changes in the overall threat landscape.
• Act as information security lead for IT and business project teams to identify potential threats and offer solutions and technologies in support.
• Support third-party assessments of critical security controls for the company’s cloud-based applications and and manage remediation tasks
• Work with internal and external compliance, infrastructure and application development teams to ensure GRC initiatives are aligned and advancing with business objectives
• Support sales and customer enablement activities including RFP responses, contract negotiations or client-led security assessments.
• Manage audit and compliance testing, documentation, and follow-up.
• Maintain an evolving security awareness program to address common vulnerabilities (OWASP) and emergent threats.
• Monitor the enterprise IT threat landscape, devising cybersecurity policy and controls to reduce risk, leading auditing and compliance initiatives, and more.
• Oversee a variety of security policy domains associated with GRC, incident response and management, HR management, and additional domains.
• Coordination with the Federal Compliance team to support government agencies

• Bachelor’s degree from an accredited, four-year undergraduate program; preferably in computer information systems, computer science or related field.
• 4 years of experience in a purely information security role
• 3-5 years of experience in a technical, hands-on role (IT, network, software development, etc.)
• Continuous compliance education -- ensuring adaptability to evolving compliance regulations.
• Experience in a highly regulated environment. Health care/HIPAA experience preferred.
• CISA and CISM certifications, or equivalent.
• Exceptional prioritization, time management and strong communication skills are essential for this role, managing activities with internal peers as well as outside parties both technical and non-technical.
• Conversant in cybersecurity, assurance, and audit standards/models/frameworks such as ISO27001, NIST, HITRUST, HIPAA

Preferred Qualifications

• Technical experience in multiple technology areas such as application deployments, endpoint detection and response, data handling and integrity, cloud infrastructure, network routing and DNS, encryption and cryptographic modules, identity and access management, and authentication (AAA).
• Experience with securing cloud environments
• Direct experience with ISO27001 and SOC2 Type II
• Exposure or familiarity with FedRAMP
• Comfortable acting as both as player and / or coach as program needs grow
• Denver-area candidates are strongly preferred.

Why CirrusMD?

Make a lasting impact in healthcare! Proudly recognized as a top place to work by BuiltIn CO, CirrusMD is paving the way to a better healthcare future and our work truly matters. We are enabling easier access to healthcare for millions of people. You’ll have a chance to make real contributions to the health and wellness of our communities. Telehealth is one of the fastest growing industries and now, more than ever, there is unlimited opportunity to take charge & shape your career at CirrusMD. We take the health and happiness of our employees seriously and offer outstanding benefits including:

• Company funded & deeply subsidized benefit options for you and your family that begin day 1
• Unlimited PTO / Vacation program
• 401(K) + match & stock options
• Paid maternity & paternity leave
• Remote friendly (with the option to work out of our Denver HQ)
• Growth opportunity
• A positive, collaborative and diverse culture
• Social events onsite & remote
• Free, unlimited access to our chat based platform
  
  
  

If you are looking to make a lasting impact where your voice matters, consider joining our team. The base salary range for this position is $130,000-155,000/year. Actual pay may vary based on job-related skills, qualifications, certifications, experience and location. This role may also be eligible for a discretionary bonus in addition to equity incentives and a comprehensive benefits package. Denver-area candidates are strongly preferred.

CirrusMD is committed to creating a diverse and inclusive workforce and is proud to be an equal opportunity employer. We aim to create a workplace that celebrates the diversity of our employees, users, and customers. We strive to deliver products and services that work for everyone by including perspectives from backgrounds that vary by race, ethnicity, social background, religion, gender, age, disability, sexual orientation, veteran status, and national origin.

Notice to recruiters and placement agencies: If you are a recruiter or placement agency, please do not submit résumés to any person or email address at CirrusMD prior to having a signed agreement with Human Resources. CirrusMD is not liable for and will not pay placement fees for candidates submitted by any agency other than its approved recruitment partners. Also, any résumés sent to us without an agreement in place will be considered your company's gift to CirrusMD and may be forwarded to our Talent Acquisition team.