VP of Security and Compliance
Verana Health, a digital health company that delivers quality drug lifecycle and medical practice insights from an exclusive real-world data network, recently secured a $150 million Series E led by Johnson & Johnson Innovation – JJDC, Inc. (JJDC) and Novo Growth, the growth-stage investment arm of Novo Holdings.
Existing Verana Health investors GV (formerly Google Ventures), Casdin Capital, and Brook Byers also joined the round, as well as notable new investors, including the Merck Global Health Innovation Fund, THVC, and Breyer Capital.
We are driven to create quality real-world data in ophthalmology, neurology and urology to accelerate quality insights across the drug lifecycle and within medical practices. Additionally, we are driven to advance the quality of care and quality of life for patients. DRIVE defines our internal purpose and is the galvanizing force that helps ground us in a shared corporate culture. DRIVE is: Diversity, Responsibility, Integrity, Voice-of-Customer and End-Results. Click here to read more about our culture and values.
Our headquarters are located in San Francisco and we have additional offices in Knoxville, TN and New York City with employees working remotely in AZ, CA, CO, CT, FL, GA, IL, LA, MA, NC, NJ, NV, NY, OH, PA, SC, TN, TX, UT , VA, WA, Washington, D.C. All employees are required to have permanent residency in one of these states. Candidates who are willing to relocate are also encouraged to apply.
*We Prefer candidates for this role to be Hybrid from either our San Francisco or New York City office but are open to remote.
Job Title: VP, Security and Compliance
The Vice President of Security and Compliance at Verana Health will oversee the Information Security and Compliance teams. This role involves crafting, refining, and upholding company policies and procedures in alignment with regulatory mandates, accreditations, and industry best practices like NIST, HITRUST, and SOC2 relevant to healthcare information security.
Additionally, this position will collaborate with cross-functional teams including Quantitative Sciences, Product, and Engineering to implement controls, monitor them, and handle reporting and auditing functions related to Information Security. The VP will report directly to the CEO and deliver quarterly updates to the Board of Directors' Audit Committee.
Job Duties and Responsibilities:
- Regularly review, develop, and enforce Information Security policies, procedures, and standards.
- Manage Security Procedures encompassing assessment and compliance with security measures, Disaster Recovery, Emergency operating procedures, Security Incident Response, and associated protocols.
- Establish and maintain robust security measures to prevent unauthorized access to patient data, safeguarding against anticipated threats and hazards.
- Oversee ongoing security monitoring of organizational information systems, periodically assessing information security risk and conducting analyses for compliance with statutory and regulatory requirements.
- Evaluate and recommend new information security technologies and countermeasures against information or privacy threats.
- Ensure compliance through policy adherence, effective training programs, and regular security audits (both internal and external).
- Manage Security Relationships with customers, partners, prospects
- Maintain security compliance Certifications - HITRUST, ONC, etc
- Bachelor’s degree in Computer Science, Technology, Information Security, or a related field.
- 10+ years of progressive IT experience in Security and Infrastructure and Operations, including experience in laboratory, healthcare, or pharmaceutical settings dealing with health data (PHI).
- 5+ years of cloud experience, preferably in AWS, with a focus on security considerations.
- 5+ years of people management experience.
- 10+ years of audit, risk, and compliance background, with demonstrated proficiency in CSF and Regulatory Frameworks including NIST, ONC, HITRUST, HIPAA, CCPA, GDPR.
- Experience in responding to, analyzing, and communicating information security incidents.
- Vulnerability Management - Manage reporting and analysis of vulnerability across Software development lifecycle, OWASP, etc
- Background in working with Health Tech Startups
- Strong Health Data management background is desirable.
- Experience in supporting and managing a large geographically dispersed IT infrastructure.
- IT Management, Security around IT and Security Operations
- Continue to expand and develop Security Maturity Model using security and development standards - BSIMM, etc
- We provide health, vision, and dental coverage for employees
- Verana pays 100% of employee insurance coverage and 70% of family
- Plus an additional monthly $100 individual / $200 HSA contribution with HDHP
- Spring Health mental health support
- Flexible vacation plans
- A generous parental leave policy and family building support through the Carrot app
- $500 learning and development budget
- $25/wk in Doordash credit
- Headspace meditation app - unlimited access
- Gympass - 3 free live classes per week + monthly discounts for gyms like Soulcycle
You do not need to match every listed expectation to apply for this position. Here at Verana, we know that diverse perspectives foster the innovation we need to be successful, and we are committed to building a team that encompasses a variety of backgrounds, experiences, and skills.
Please note pay ranges for major metropolitan areas may be different.