Overview

Lightship is a clinical trials service provider leading in increasing access and choice in taking part in research to improve equity for all. We design and conduct studies in partnership with biopharmaceutical companies to accelerate bringing new therapies to market. Our approach is to engage people where they are and support them across their journey in a clinical trial, from first contact to study completion. We work to make it easy, convenient, and safe for people to take part by offering visits in clinics, at home, using our mobile research units, and digital health tools. By transforming the way we conduct clinical research, we can decrease study timelines and reduce dropouts to accelerate development of better therapies. A career in our team will provide an opportunity to collaborate with a wide array of functions and service lines to support our clients and projects to operate new capabilities, achieve operational efficiencies, and deploy technology.

This position is remote, and a successful candidate will possess a willingness and desire to work independently without significant oversight.

The Information Security Manager is responsible for:

• Understanding Lightship's data and cyber security strategy and works to develop, manage and administer our security program.
• Continuously improve, strengthen, and scale the company's security and compliance program in coordination with internal and external teams and partners, prioritizing strategies that focus on improving quality and mitigating risks.
• Evaluating and working closely with technical IT personnel to implement technical security solutions and evaluate changes to risk and effect of risk mitigation strategies.
• Supporting security compliance product and program initiatives, audits and benchmarking of security policies against best practices and standards.
• Performing and/or oversee information security risk assessments, static and dynamic vulnerability scans, penetration tests, and manage gap analyses.
• Tracking and managing security incidents, responses, and security investigations through resolution.
• Managing compliance with standards and regulations including HIPAA/HITECH, ISO 27001, NIST, SOC, and more using HITRUST and other frameworks.
• Conducting annual IT Risk Assessments and working closely with our third-party assessor on certification audits to obtain and/or maintain certifications.
• Assisting with analysis and documentation of audit remediation actions related to security.
• Contributing to discussions with customer security teams and auditors regarding security and related interests.
• Reviewing vendor and customer security contract terms against current policies, procedures, and product capabilities.
• Communicating information security principles and practices to technical and non-technical audiences both in writing and verbally.
• Supporting the development and maintenance of information security policies, standards, and guidelines in alignment with applicable laws, common security frameworks and leading practices.
• Participating in development of training curriculum, conducting security awareness campaigns, and evaluating their effectiveness.
• Facilitating the execution and continuous improvement of third-party risk management processes.
• Advising the product and engineering teams on internal and external compliance product requirements and be the organization's subject matter expert on security and compliance across both product and operations.
  
  

The Information Security Manager has:

• Required Skills, Knowledge, and Abilities:
• Experience conducting risk assessment audits with common control frameworks such as ISO 27000 series, HITRUST, CSA and with regulations and standards such as HIPAA/HITECH, NIST etc.
• Strong leadership, consultative and advisory skills for security compliance programs.
• Thorough understanding of Software Development Life Cycles, Cyber Security, Social Engineering, IT Compliance and Privacy best practices.
• Experience or certification in cloud security, including experience with cloud security tools and products.
• Ability to work closely with Developers, Quality and vendors to evaluate, suggest and document controls and procedures to strengthen the cyber security posture.
• Excellent communication skills both written and oral and equally comfortable speaking with internal business users at all levels as well as business partners and vendors.
• Experience working in the Security and Compliance function for other Life Sciences or Health Care Organizations
• Education and Experience:
• Bachelor's degree in Computer Science or similar discipline, Masters preferred
• 5+ of experience in information security
• CISSP/CISM certification or other comparable accreditation are required
  

We would like to offer you:

• An opportunity to help re-envision how clinical research is executed with inclusivity, increased diversity and accessible at the core
• The chance to work with a patient-centered, clinically-oriented, collaborative team to support in the delivery of enterprise grade virtual-first clinical research solutions at scale
• An unmatched opportunity to grow as part of an established startup with industry veterans, high-caliber investors, and a massive market opportunity
• Great compensation
  
  

Generous benefits package, including:

• Top notch healthcare (medical, dental, and vision) for you and your family.
• Unlimited Paid Time Off (PTO), plus paid holidays and bereavement to help support work life balance.
• A 100% 401(k) company match for up to 4% of eligible contributions with an immediate vesting.
• A home office stipend to set yourself up for success in our distributed working environment
• Company provided laptop, your choice of a PC or a Mac
• Monthly stipend for internet and phone expenses
• Generous paid parental leave
• Short & long-term disability
• Life insurance and More!
  
  

The base salary range for this role is between $110,000 and $140,000+, depending on education, skills, and experience. To determine our compensation, we use a market-based approach that is geographically neutral. We believe that this demonstrates our company value of 'believing in people' – valuing the outputs and performance of each team member.

Please note: For the safety of our patients and each other, all positions at Lightship that require travel, in-person participation, or are patient-facing, do require vaccination against COVID-19.

Our commitment to diversity & inclusion:

Lightship is an equal opportunity employer and promotes a diverse and inclusive workplace. Lightship considers all applicants without regard to race, color, religion, creed, national origin, age, sex, marital status, ancestry, disability, veteran status, gender identity, genetic information, sexual orientation, or any other status protected by applicable law. EEO is the Law

#jobs #careers #IT #ITjobs #security #informationsecurity #technology #nowhiring #hiringnow