Role Description We are seeking a visionary yet pragmatic Chief Information Security Officer (CISO) to build and own Nsight Health’s security and compliance function from the ground up. As we scale our AI-powered healthcare platform, we require a leader who views security not as a blocker, but as a competitive differentiator and a prerequisite for enterprise growth. Reporting directly to the COO, you will inherit an existing compliance team and a mandate to elevate our security posture. This is a "builder-operator" role: you will establish frameworks (CIS, SOC 2), mature existing HIPAA processes, and serve as a credible, forward-leaning partner to our AI-focused product and engineering teams. AI Fluency Requirement — Non-Negotiable Nsight Health is an AI-first organization. Every member of our leadership and operations team is expected to actively use AI tools in their day-to-day work — not as a novelty, but as a core productivity multiplier. This role requires genuine curiosity about AI, comfort experimenting with tools like Claude, ChatGPT, and workflow automation platforms, and the judgment to know when AI helps and when it doesn't. If AI makes you uncomfortable, this is not the right role. Key Responsibilities - Security Program Ownership: Build and continuously improve Nsight’s security policies and standards; establish a risk-based framework grounded in CIS Controls and maintain our security architecture across cloud and SaaS platforms. - Regulatory & Compliance Leadership: Own the end-to-end HIPAA/HITECH program; lead SOC 2 Type II certification efforts, embedding controls into daily workflows so compliance is continuous rather than an annual event. - AI Security & Innovation: Actively assess the security implications of our AI-forward stack (LLMs, agentic workflows, and automation); develop guardrails that balance rapid innovation with responsible risk management. - Vendor & Incident Management: Design and lead a robust vendor risk management program and own the enterprise incident response plan, including tabletop exercises and real-time incident management. - Team Leadership: Directly lead and mature the existing compliance function; partner with the VP of IT on internal systems security and foster a security-first culture that enhances, rather than hinders, productivity. The Impact You’ll Make - Strategic Trust: You will turn security into a sales accelerator by providing clear, jargon-free assurance to our enterprise customers and partners. - Scalable Governance: You’ll transition the company from "startup speed" to "enterprise-ready" by automating evidence collection and risk assessments. - AI Resilience: You will ensure our AI-first mission is built on a rock-solid foundation, identifying emerging AI-specific attack vectors before they impact the business. Qualifications - 8+ years of information security experience, with at least 3 years in a leadership role owning a security or compliance program. - Deep HIPAA/HITECH Expertise: Practical knowledge of operationalizing compliance in a SaaS healthcare environment. - SOC 2 Mastery: Hands-on experience achieving or maintaining SOC 2 Type II certification. - AI Fluency: Genuine enthusiasm for and professional experience using AI tools (ChatGPT, Claude, etc.) as a core productivity multiplier and a deep understanding of their security implications. - Incident Leadership: Demonstrated experience managing real-world security incidents and data breaches. Preferred - Certifications: CISSP, CISM, HCISPP, or equivalent. - Industry Background: Experience in healthcare SaaS, digital health, or value-based care technology. - Builder Mindset: Prior experience building a security function from scratch at a growth-stage or PE-backed company. - Technical Breadth: Familiarity with cloud security (AWS/GCP/Azure) and AI governance frameworks. Compensation & Benefits - Competitive base pay: $180,000 – $220,000 annually. - Additional Compensation: Bonus Eligible: Annual performance-based bonus (Company + Individual). - Benefits Include: - Unlimited PTO - Medical, Dental, Vision, and supplemental insurance options - 401(k) Plan with 3.5% Company Match - Company-provided equipment Join Our Mission-Driven Team At Nsight Health, you’ll be part of a fast-growing organization that sits at the intersection of healthcare, technology, and compassion. We’re looking for a CISO who cares deeply about protecting patient data while enabling the future of connected care. Our team culture is collaborative, agile, and purpose-driven. Every role—from clinical operations and customer success to marketing, technology, and leadership—directly contributes to improving how healthcare organizations care for their patients.

Role Description Sift Healthcare is seeking a Senior Cloud Security Engineer to join our growing team. The Senior Cloud Security Engineer will be responsible for designing, implementing, and maintaining secure cloud infrastructure, platforms, and applications for Sift and will work closely with cross-functional teams to identify and mitigate risks, develop and implement cloud security strategies, and ensure compliance with regulatory requirements. - Cloud Security Engineering: Design, develop, and implement cloud-based infrastructure and programs, including identity and access management, configuration management, and security monitoring. - Cloud Security Architecture: Design and implement secure cloud architectures. - Security Operations: Lead the secure operations of cloud infrastructure, platforms, and software, including installation, maintenance, and improvement of cloud computing environments. - Threat Modeling and Risk Assessment: Analyze and identify potential security threats, assess risks, and develop mitigation strategies to ensure the security and integrity of cloud-based systems. - Compliance and Governance: Ensure compliance with regulatory requirements (e.g., HIPAA, Fed/StateRAMP, GDPR) and organizational policies, and develop and maintain cloud security governance frameworks. - Collaboration and Communication: Partner with architects, engineers, and data scientists to develop and implement AI/ML and cloud security strategies. - Continuous Improvement: Identify areas for improvement to enhance visibility, detective capabilities, and risk reduction. Qualifications - 8+ years of relevant Cyber Security experience. - Strong understanding of cloud security frameworks, regulations, and standards (e.g., NIST, ISO 27001). - Experience with cloud security tools and technologies (e.g., AWS IAM, AWS Control Tower, GuardDuty, Macie, CNAPP, CWPP, SIEM). - Excellent communication and collaboration skills, with the ability to work with technical and non-technical stakeholders. - Highly organized and motivated, with the ability to deliver results with minimal direction. Requirements - Cloud certifications (e.g., AWS Certified Security). - Experience with DevOps and automation tools (e.g., Terraform, Ansible, GitHub Actions). - Knowledge of scripting languages (e.g., Python, Bash, R, Jupyter Notebook, PowerShell). - Familiarity with Agile development methodologies. - Healthcare experience. Compensation Compensation will be based on skills, experience, and performance. Company Description Sift is a data science company working to improve payments operations and outcomes in the healthcare industry. We are a growing and dynamic team that is serious about AI. Based in Milwaukee, Wisconsin, Sift is thriving and looking for motivated team members who will help shape our culture. Sift offers competitive salaries and benefits. Learn more about Sift at www.sifthealthcare.com .

Role Description cFocus Software seeks a Sr. Cybersecurity Engineer / Architect to join our program supporting the National Institutes of Health (NIH). This position is remote and requires a Public Trust clearance. - Lead security engineering and architecture activities - Implement NIST 800-53 controls - Advise development teams on secure SDLC practices - Support incident response analysis - Implement security controls and network protections - Design, review, and implement secure architectures supporting hybrid scientific and IT environments across NCATS infrastructure - Provide technical leadership on security engineering solutions supporting secure system development and infrastructure modernization - Ensure architectures align with NIST SP 800‑53, NIST SP 800‑37, NIST SP 800‑160, FISMA, and NIH security policies - Integrate security engineering practices across the system development lifecycle (SDLC) using DevSecOps and security‑by‑design principles - Provide technical cybersecurity consulting to developers, engineers, and project stakeholders implementing NIST SP 800‑53 Rev. 5 security and privacy controls throughout system development - Participate in architecture discussions, sprint reviews, and design reviews to ensure security requirements are integrated into system design and implementation - Map system functionality to applicable security controls and develop control baselines aligned with system FIPS‑199 categorizations - Provide implementation guidance on encryption, identity management, logging, secure API management, and other security technologies - Assist with development of RMF artifacts including SSPs, SAPs, SARs, POA&Ms, Continuous Monitoring Strategies, and PIAs - Serve as a technical lead supporting incident response coordination, analysis, and remediation across NCATS systems - Coordinate with NCATS IT teams, security stakeholders, and the NIH Cyber Security Operations team - Perform incident triage, containment, analysis, escalation, and remediation activities - Conduct forensic analysis, malware review, and technical investigations supporting incident response activities - Develop incident reports documenting root cause, impact, remediation steps, and lessons learned - Support system authorization and assessment readiness activities for NCATS information systems - Conduct pre‑assessment reviews and security control validation to prepare systems for compliance with federal security requirements - Develop and maintain Authority to Operate (ATO) documentation and supporting artifacts - Support FedRAMP authorization activities where applicable - Assist with independent security assessments and remediation of identified vulnerabilities - Provide engineering support for network security architecture and firewall management across the NCATS environment - Design and maintain network segmentation strategies and security zones based on risk and sensitivity - Implement firewall rules based on least privilege and default‑deny principles - Conduct firewall configuration management, rule validation, and change control - Validate logging configurations across network devices to support federal logging and monitoring requirements Qualifications - Bachelor’s degree in Computer Science, Cyber Security, or related field - 10+ years of cybersecurity engineering or security architecture experience - Experience designing and implementing security controls in federal or regulated environments - Security architecture and engineering practices - NIST Risk Management Framework (RMF) - NIST SP 800‑53 security controls - FISMA compliance - Security authorization / ATO processes - Incident response and threat analysis - Network security architecture and firewall management

Description This is a London-based position; relocation to London, UK is required. About the Role: The Business Information Security Officer (BISO) serves as a vital strategic partner to technology and business leaders within LII of the GRS Strategic Business Unit (SBU). This role is at the forefront of implementing Liberty Mutual's cybersecurity program, proactively aligning SBU objectives with the enterprise security strategy. As a trusted business enabler, the BISO ensures all business decisions adhere to corporate security policies and are executed with a strong security mindset-without compromising speed, agility, or business outcomes. Leveraging a deep understanding of SBU strategic security needs, the BISO significantly influences the prioritization and delivery of security service features and the development of new security solutions. The BISO is committed to fostering a strong security culture, continuously improving security processes and technologies to protect our policyholders and employees. With a keen awareness of industry trends, the BISO champions security awareness and best practices across all employees. About the Department & Team: Liberty International Insurance (LII) within the Global Retail Solutions (GRS) is one of Liberty Mutual's core markets, focused on serving commercial and retail insurance customers. LII delivers specialized insurance solutions in partnership with customers, agents, and brokers across 27 countries, reflecting a truly global reach and commitment to excellence. Responsibilities: - Build and nurture strong partnerships with SBU stakeholders-including IT leadership, Product Owners, and senior business executives-to foster trust and drive efficient program implementation. - Balance individual customer needs with broader business priorities, ensuring alignment with Global Cybersecurity strategies. - Participate actively in SBU program increment planning events and, as a dotted-line member of the LII CIO leadership team, help cascade and influence a strategic cyber risk management vision that supports innovation and business execution. - Influence the prioritization and delivery of security services, as well as the development of new security products and features. - Support the creation and execution of risk remediation action plans and manage exception processes as needed. - Ensure the prioritization of security initiatives within SBU teams is balanced effectively alongside other business priorities. - Drive shared accountability for the development and ongoing management of secure applications. - Collaborate with other BISOs, the Market Strategy & Delivery Leader and the CISO to define and communicate key performance indicators (KPIs), key risk indicators (KRIs), and relevant metrics. - Stay abreast of the evolving threat landscape and advise stakeholders on emerging risks and recommended courses of action. - Commit to ongoing professional development, especially in areas of regulatory change, technology evolution, and cybersecurity and privacy trends-applying this knowledge to enhance global strategies and programs. - Partner with local counsel on incident response and regulatory compliance matters as applicable. - Support SOC and/or legal functions by assisting in the management of security incidents and events to safeguard IT assets, regulated data, and the company's reputation. - Champion third-party risk management by advising business owners on vendor engagement, remediation efforts, and continuous monitoring actions. - Advance the security champion program to deepen and broaden security engagement across SBU application development teams. - Develop and maintain a robust network of industry contacts; conduct research on industry trends, competitive landscape, and emerging technologies to inform strategic and tactical recommendations. - Travel up to roughly 20-25% of the time across the region to engage in - market with leadership teams, technology partners, and key stakeholders. Qualifications - Bachelor`s or Master`s Degree in technical or business discipline or related experience; Master`s Degree preferred. - Generally more than 10 years related experience with 5 years in leadership role. - Demonstrated real world, hands on technical design and implementation experience. - Strong familiarity with Information Security precepts, practices, and solutions. - Extensive knowledge across a broad range of identity and access management technologies. - In depth knowledge of IT concepts, strategies and methodologies and their application to business opportunities. - In depth knowledge of project delivery, business operations, objectives and strategies. - Advanced knowledge of management concepts, practices and techniques. - Strong interpersonal skills with the ability to effectively influence others. - Ability to build collaborative working relationships with a broad range of enterprise stakeholders. - Strong decision making capabilities, with proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one. About Us Pay Philosophy: The typical starting salary range for this role is determined by a number of factors including skills, experience, education, certifications and location. The full salary range for this role reflects the competitive labor market value for all employees in these positions across the national market and provides an opportunity to progress as employees grow and develop within the role. Some roles at Liberty Mutual have a corresponding compensation plan which may include commission and/or bonus earnings at rates that vary based on multiple factors set forth in the compensation plan for the role. At Liberty Mutual, our goal is to create a workplace where everyone feels valued, supported, and can thrive. We build an environment that welcomes a wide range of perspectives and experiences, with inclusion embedded in every aspect of our culture and reflected in everyday interactions. This comes to life through comprehensive benefits, workplace flexibility, professional development opportunities, and a host of opportunities provided through our Employee Resource Groups. Each employee plays a role in creating our inclusive culture, which supports every individual to do their best work. Together, we cultivate a community where everyone can make a meaningful impact for our business, our customers, and the communities we serve. We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more about our benefit offerings please visit: https://LMI.co/Benefits Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran's status, pregnancy, genetic information or on any basis prohibited by federal, state or local law. Fair Chance Notices - California - Los Angeles Incorporated - Los Angeles Unincorporated - Philadelphia - San Francisco USD $179000.00 - $322000.00