At Rezilient, we’re redefining primary care by making access to healthcare more convenient, timely, and seamless. Our innovative CloudClinic model combines virtual provider visits with cutting-edge technology to create a personalized digital healthcare experience that puts patients at the center of their care. - Develop, implement, and maintain the security & compliance program aligned with company goals and regulatory requirements (HIPAA, HITECH, HITRUST, SOC 2, etc.). - Lead certification and attestation efforts, including SOC 2 audits, HITRUST readiness, and other healthcare/security frameworks. - Develop and maintain security and compliance policies, standards, and procedures; ensure they are operationalized and enforced across the organization. - Oversee governance activities including risk assessments, internal audits, compliance reviews, and reporting of KPIs/metrics to leadership. - Own and manage the third-party/vendor risk management program, including security assessments, ongoing monitoring, and partnership with legal/procurement on contract requirements. - Oversee incident response from a governance and compliance perspective, ensuring response plans are in place, coordinating cross-functional efforts, and managing regulatory reporting when required. - Maintain and manage the enterprise risk register, including tracking remediation efforts and escalating risks appropriately. - Coordinate and oversee security awareness and compliance training programs, ensuring effectiveness and adoption across the organization. - Provide regular reporting to the CISO and executive team on security posture, compliance status, and risk landscape. - Monitor the evolving regulatory and industry landscape (healthcare, privacy, SaaS/cloud) and ensure the organization adapts proactively. - Partner closely with Product and Engineering teams to embed security and compliance into the product lifecycle. - Lead or support security and compliance reviews of new features, infrastructure, and architecture decisions. - Ensure adherence to secure development practices, data protection requirements, and regulatory considerations in platform design (especially for PHI/PII handling). - Act as a key stakeholder in design reviews, threat modeling, and release readiness from a compliance standpoint. - Work closely with Clinical Operations teams to maintain and evolve the compliance program for care delivery (both virtual and in-clinic). - Ensure workflows, protocols, and systems used in care delivery meet HIPAA/HITECH and other regulatory requirements. - Support audits, documentation, and training related to clinical compliance and patient data handling. - Partner with IT on clinic and corporate security, including device management, endpoint security, access controls, and software governance. - Ensure consistent enforcement of security policies across physical clinics and distributed environments. - Support implementation and monitoring of controls related to identity/access management, endpoint protection, and SaaS tools. - Partner with Growth (Sales) and Client Success teams to support security and compliance needs throughout the customer lifecycle. - Respond to security questionnaires, RFPs, and due diligence requests from prospective and existing clients. - Act as a subject matter expert in sales cycles, helping articulate the company’s security posture and build trust with buyers. - Develop and maintain standardized security materials (e.g., trust center content, policies, certifications, FAQs) to streamline sales and client interactions.

• Develop and implement threat modeling to identify security risks across applications and infrastructure. • Conduct vulnerability scanning, penetration testing, and security assessments to detect weaknesses. • Define and enforce secure coding practices in collaboration with development teams. • Work with DevOps to integrate security into CI/CD pipelines and automate security testing. • Monitor and respond to security incidents, conducting root cause analysis and implementing preventative measures. • Ensure compliance with security standards and regulations (e.g., ISO 27001, GDPR, SOC 2). • Design and implement identity and access management (IAM) policies, encryption standards, and authentication mechanisms. • Collaborate with product teams to conduct security reviews of features, APIs, and third-party integrations. • Develop incident response plans, security documentation, and best practices. • Stay ahead of emerging threats, vulnerabilities, and security technologies.

• Atuação na defesa do ecossistema Omie, você será um dos responsáveis por garantir a operação segura do maior ERP do Brasil. • Detecção e Análise: Monitoramento contínuo via SIEM, triagem de alertas e análise para identificação de ameaças. • Contenção e Erradicação: Execução de medidas imediatas para isolar incidentes e remover vetores de ataque do ambiente. • Conclusão e Lições Aprendidas: Documentação pós-incidente, análise de causa raiz e implementação de melhorias nos controles preventivos.

Role Description Social Finance, LLC seeks Cybersecurity Architect in San Francisco, CA: - Be a Cybersecurity architect evangelist who can translate security concepts into language that is meaningful to our product teams and engineering. - Integrate new and existing security tools, standards, and processes into the development life cycle. - Develop Security test plans for new products. - Design security solution blueprints that meet the system needs. - Automate security checklists and implement them as "security as code" using cloud services and CICD components. - Advise on the secure design of product and application architecture; communicate security requirements with well-defined user stories and initiatives and epics. - Review new features, product offerings and perform threat modeling in a continuous delivery agile environment. - Conduct business level security architecture assessments to features product security program and cloud application architecture, identify weaknesses, and make recommendations. - Work with our risk and compliance organization to provide input to security risk impact assessment. - Contribute to security policy, standards, and guidelines related to Information Security. - Work with engineering teams to ensure that application security risks are effectively identified using market leading tools SAST, DAST, SCA, etc and appropriately addressed while maintaining a balance between security usability. - Architects, designs, prioritizes, coordinates, and communicates the security technologies necessary to ensure a highly secure yet usable computing environment. - Provide subject matter expertise on encryption, security controls, secure design and programming practices across the Technology organization. Qualifications - Bachelor’s degree (or its foreign degree equivalent) in Computer Science, Engineering (any field), or a related quantitative discipline. - Three (3) years of experience in the job offered or in any occupation in related field. Requirements - Penetration Testing - Vulnerability Assessment - Secure Code Review - Spring Boot - SQL - Wireshark - Java, J2EE and Python - MVC frameworks - Application Servers, Web Servers and Databases Benefits - Salary: $250,000.00 - $275,000.00 per annum & standard company benefits. - Full-time telecommuting is an option.