Director, Security Engineering

ProductAtlanta, GA

Loyal is building healthcare’s first digital patient experience platform. We believe consumers deserve to have confidence in their healthcare journey instead of confusion and frustration. That is why we partner with the nation's leading health systems to empower patients with the information and guidance they need to make better healthcare decisions.

In this role, you will lead the software security program at Loyal. You will act as Loyal's Security and Privacy Officer, taking on a leadership role to drive our security and compliance. The security engineering team also supports Loyal's product development team to ensure that security is baked in throughout our infrastructure and software development lifecycle.

Responsibilities

  • Support Loyal’s compliance programs - HITRUST, ISO 27001, SOC 2 and HIPAA via the development, implementation and governance of common controls for our products and infrastructure
  • Support Loyal’s product development organization by facilitating the software security program
  • Build and maintain product security strategy, roadmap and metrics
    • Security governance with software security metrics, security OKRs for engineering teams and quarterly security service delivery reviews
  • Provider training for employees on an annual, quarterly, and new hire basis
  • Support security risk management
  • Participate in the Security and Privacy steering committee; periodically update senior executive staff on product security initiatives
  • Facilitate information security assessment and testing, including:
    • penetration testing
    • vulnerability scanning and mitigation
    • secure coding and testing practices
    • authentication, access, and authorization controls
  • Build monitor/alert infrastructure for intrusion prevention
  • Creation and administration of disaster recovery plans
  • Maintain a strong customer focus and translate customer needs into security, privacy and compliance features and public facing documents
  • Answer customers’ questions about security
     

Requirements

  • 10+ years of experience in the domains of information security and software engineering
  • Experience with defining and implementing security in cloud environments (especially Microsoft Azure)
  • Knowledge and experience with Internet application and mobile app security practices and techniques, especially OWASP
  • Knowledge and experience in maintaining operational computer and network security, applied cryptography, intrusion detection and prevention, identity and access management, application security, automated security patching, and vulnerability scanning systems
  • Experience administering information security programs including risk assessments, designing security architectures, developing policies, gathering metrics, and reporting status
  • Professional experience with information security in enterprise SaaS services strongly preferred
  • Experience championing the adoption of security into the SDLC via process, CI/CD automation and formal security reviews of new products.
  • Experience working in an engineering culture that emphasizes DevOps, and continuous delivery
  • Ability to cooperatively and effectively work with people from all organizational levels
  • Excellent written and verbal communication skills; proven security program and project management skills
  • Bachelor’s Degree in Computer Science or equivalent experience

Apply now

We look forward to hearing from you.

Apply