Director, Information Security

Director, Information Security

Marathon Health (www.marathon-health.com) people are more than just employees—they are ambassadors. Join our mission to change healthcare! We are hiring a full-time Director, Information Security to join and lead our team. 

This is a full-time position that in addition to a great team and work environment offers competitive pay and full benefits package including medical and dental insurance, vision, 401k, paid time off and holidays and resources to support your ongoing growth and development.

About Marathon Health

Marathon Health is one of the nation’s leading providers of employer-based health services.   We serve businesses throughout the United States, providing a different kind of healthcare program that focuses on total population health management and health risk reduction.

Marathon Health promotes a culture of health and wellness in everything we do. It is for this reason we seek to hire individuals who embrace wellness and model healthy behaviors in their own lives. We are proud to be a drug and tobacco free company. We value the richness diversity brings to our workforce and are committed to being an equal opportunity employer and provider (EOE).

Marathon Health is a growing national employer-based healthcare provider, and we are looking for a Director, Information Security. This role will work closely with the VP of IT Operations and CISO to develop and execute our Infrastructure Roadmap, lead our Vendor management Practice, and support implementation and expansion of new health centers. 

This role will involve external conversations and interactions with both clients and vendors in support of Marathon’s security program.  The Director will also head the SOC 2 Type 2 programs and any future state certification or assessment.

• Reporting to Marathon Health’s VP of IT Operations and CISO, you will execute on the vision, strategy, and roadmaps for our Security programs aligning to strategic business plans with sensitivity to operating in a dynamic Healthcare setting.
• Lead and direct and Marathon Health’s internal and outsourced security teams to execute on the roadmap defined by our CISO
• Manage the prospect, client and 3^rd party security assessment fulfillment process.
• Work with cross-functional teams including Technology, Legal, Privacy, Finance, Internal and External Auditors to achieve corporate objectives relating to information and data security
• Identifying vulnerabilities
• Developing and implementing comprehensive risk treatment plans to protect Marathon’s assets
• Monitoring compliance with the information security policies
• Keeping up to date with IT security standards and emerging threats
• Partner with legal and compliance teams to create and support a security culture through education and awareness programs designed to reduce the risks to the enterprise while also engaging key business leaders to ensure business unit involvement
• Maintain up-to-date knowledge of emerging technologies and services that will help Marathon maintain its technical edge and evolution
• Architect, prioritize, coordinate, and communicate the choice of security technologies necessary to ensure a highly secure yet frictionless computing environment
• Assists in the evaluation of overall risk for IT systems and the data they contain and process, accounting for the people, processes, and technologies that provide security controls
• Serving as an Information Security expert, contribute to the definition of overall IT architecture and advise regarding the data security aspects of transactions (e.g., customer agreements, third-party data sharing agreements)

Additional Responsibilities

• Provide leadership and oversight of Marathon’s technology vendor management program
  • Collaborate with other Marathon leaders on vendor contracts, renewals and requirements to ensure minimal duplication of technology purchases, accurate and efficient deployment of licensing, and informed purchasing decisions based on vendor risk assessments
• Provide oversight and program management of new Health Center implementations and decommissioning Health Centers as it pertains to infrastructure and security.
  • Lead cross functional infrastructure teams and third parties to develop and operationalize an efficient process for quickly and efficiently manage implementation and deimplementations.

• Bachelor’s Degree in Business, Computer Science, or other related field or equivalent experience
• Bachelor's degree in Computer Science, Information Technology, or a related field or equivalent experience
• 5+ years of experience in a combination of risk management or information security, and information technology management roles
• 5+ years in a senior leadership role in security or similar role
• Knowledge and understanding of relevant legal and regulatory requirements, including HIPAA (Health Insurance Portability and Accountability Act), and PCI-DSS, Service Organization Control (SOC) or Hi-Trust
• Experience with cloud computing technologies, especially AWS (Amazon Web Services), with security commitments to customers and partners
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs
• Demonstrated experience with Application Security, DevOps, or Cloud Security functions as a leader or in a people management role
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical
• Ability to collaborate effectively with diverse teams and stakeholders

(Colorado Only*) Minimum annualized pay rate from: $173,500 - $191,200