Chief Information Security Officer

Sword Health is shifting healthcare from human-first to AI-first through its AI Care platform, making world-class healthcare available anytime, anywhere, while significantly reducing costs for payers, self-insured employers, national health systems, and other healthcare organizations. Sword began by reinventing pain care with AI at its core, and has since expanded into women’s health, movement health, and more recently mental health. Since 2020, more than 700,000 members across three continents have completed 10 million AI sessions, helping Sword's 1,000+ enterprise clients avoid over $1 billion in unnecessary healthcare costs. Backed by 42 clinical studies and over 44 patents, Sword Health has raised more than $500 million from leading investors, including Khosla Ventures, General Catalyst, Transformation Capital, and Founders Fund. Learn more at www.swordhealth.com.

As Chief Information Security Officer, you’ll be responsible for creating and managing a global, enterprise wide security strategy and program.  Reporting to the Chief Scientific Officer, you will work cross functionally with our Engineering, Product, Operations, and HR teams to create strategies, policies, and frameworks as they relate to application security, compliance, and security operations.

What You'll be Doing:

• Define and drive Sword's information security roadmap, strategy, tactics, and execution
• Architect programs and processes that evaluate and enhance Sword's  information security policies and ensure the security of Sword's security perimeter through monitoring, remediation, reporting, and auditing
• Partner with Sword's engineering and product teams during scoping and execution of all roadmap deliverables to ensure that security concerns are treated as first class product requirements 
• Respond appropriately and effectively to security-related incidents and report back to key internal and external stakeholders
• Participate in externally requested security audits from partners
• Lead efforts to continuously review and update company-wide information security policies to align with industry best practices 
• Oversee and coordinate security efforts across the company alongside Privacy, Engineering, Ops, HR, Product, and more
• Stay up to date with IT/Security industry trends and evaluate new solutions & techniques
• Launch company-wide security initiatives and training
• Partner with commercial and customer success teams to support customer acquisition and retention.

What You'll Need to Have:

• ~10 years of experience building and leading security teams focused on all aspects of cybersecurity, including identity management, software security, GRC, and security operations, with increasing responsibilities
• Overseen security teams and vendor management
• Experience leading SOC 2, HITRUST, CMMC, FedRAMP or similar audits and/or certifications
• Ability to lead and motivate cross-functional teams while thriving in a fast-paced growing company
• Self-motivation and drive to go above and beyond
• Excellent communication, interpersonal and leadership skills, able to communicate security concepts to both technical and nontechnical audiences
• Experience with IT risk management standards, practices, methods, and frameworks including ISO 27001, COBIT and NIST CSF
• Drive the implementation of an effective digital health program to enhance the patient experience and improve overall outcomes
• Expertise in healthcare financial management, including IT budgeting, financial planning, and operations.
• You must be a US Citizen

We'd Love to See:

• Superior level of mentorship, leadership, and collaboration
• Professional certifications such as CISSP, CISM, etc are preferred
• Prior experience in digital health and health care
• Strong understanding of IL6 (Impact Level 6) environments, with experience implementing security measures in such high-security areas.
• Experience in a high growth company
• Possesses a functional knowledge of ITIL practice
• Experience in building clinical informatics, digital health, and data analytics programs
• Demonstrated understanding of cyber security and potential threats/current landscape
• Functional knowledge of Epic Electronic Medical Records (EMR) system.