The backbone of the healthcare system is communication between patients & their doctors, among healthcare teams, & even between practices & third-party providers like pharmacies, labs, & insurance companies.
But healthcare communication today is broken. Its disconnected, siloed, antiquated, & highly inefficient & in worst-case scenarios, its even responsible for lost patient lives.
Were trying to fix that. Klaras mission is to transform communication in healthcare, so all patients can receive great care.
We believe that the future of healthcare will be amazing. It will be patient-centric & truly connected so medical teams can work together easily, information can be shared between people & systems seamlessly, & patients can always get the high-quality care that everyone deserves.
Though our mission is big, our team is still small. And thats where you come in.
We are a Series A startup thats growing quickly, with plenty of interesting challenges to tackle & foundations to build. Its an entrepreneurial environment filled with opportunities for personal growth, where there is no shortage of projects to own or game-changing ideas to suggest. We are autonomous, data-driven, humble, & transparent. We have a healthy irreverence for the status quo, & a relentless passion for making our users lives better. And we believe the power of a talented team can accomplish anything even revolutionizing healthcare.
About the Role:
The Director, Information Security is responsible for the ongoing management of information security policies, procedures, & technical systems in order to maintain the confidentiality, integrity & availability of the workforce members & the organization.
- Prepare, implement, & document Klaras security policies & procedures, as required by HIPAA and/or Klaras business operations, & as set forth in such policies & procedures. Review & revise such policies no less than annually, & more frequently as required by changes in law and/or changes in Klaras internal operations.
- Implement & oversee Klaras HIPAA security compliance program, including but not limited to, administering the implementation of reasonable safeguards to protect the confidentiality, integrity, & availability of electronic-PHI. Such safeguards shall include, but not be limited to, conducting continuous risk analyses, implementing policies & procedures, & overseeing the security programs.
- Implement & oversee Klaras risk management program, & involve legal counsel, information technology personnel, records management personnel, senior management, the Privacy Officer, & any other parties or persons deemed to be appropriate in such process.
- Conduct continuous risk analysis & implement revisions to the risk management program as necessary based on the results of such risk analyses. Evaluate the security & confidentiality risks to all systems, applications or procedures. Develop or acquire security reminders & resources, including, but not limited to protection from malicious software, & implement their use within the risk management program.
- Review & respond to any incident analysis reports, involving third party security specialists and/or legal counsel, as necessary.
- Design & implement HIPAA training modules in accordance with Klaras security policies & procedures.
- Audit Klaras HIPAA security compliance program (e.g., security policies & procedures, security programs, & training) no less than annually. Implement revisions to the HIPAA security compliance program as necessary based on the results of such audits.
- Prepare & implement procedures to ensure Klaras compliance with its security policies & procedures, together with any applicable privacy law (e.g., HIPAA, HITECH, & relevant state law).
- Implement & oversee procedures detailing Klaras investigation of, & response to, any security incidents, or any potentially suspicious event (e.g., multiple failed log-in attempts).
- Assist the Privacy Officer as necessary in the investigation of any potential non-compliance with the security policies & procedures or applicable law.
- Communicate with state and/or federal agencies, or any other law enforcement entities, regarding Klaras compliance with any applicable security law.
- Advise & consult Klara leadership regarding potential business endeavors to ensure that such future endeavors are structured to ensure the security of patient information, including, but not limited to, electronic-PHI.
- Advise & consult Klara leadership regarding changes to technologies and/or laws that may impact Klaras business operations and/or HIPAA compliance.
- Implement & oversee the privacy compliance of Klaras website, including but not limited to, monitoring the data collected by such website for compliance with applicable security law.
- Foster a HIPAA compliant environment through his/her day-to-day job performance, & through the preparation of HIPAA security informational materials that shall be made available throughout Klara.
- Additional job responsibilities may be added as agreed between the Director, Information Security & Klara leadership.
- At least 3 years of information security work experience is required, preferably at a HIPAA regulated startup or consulting company
- Experienced in the management of both physical & logical information security systems
- Strong technical skills (application & operating system hardening, vulnerability assessments, security audits, TCP/IP, intrusion detection systems, firewalls, etc.)
- Outstanding interpersonal & communication skills
- CISSP (Certified Information Systems Security Professional) certification
- Must possess a high degree of integrity & trust along with the ability to work independently
- Excellent documentation skills
- In-depth knowledge of the HIPAA Security Rule & other government technology laws
- Successful completion of a comprehensive background check process