PayGround is looking for a highly skilled and experienced Director of Information Security and Compliance to join our team. The successful candidate will be responsible for overseeing all aspects of information security and compliance within our organization, with a particular focus on maintaining the integrity, confidentiality, and availability of our systems and data in accordance with industry regulations and best practices. You will be responsible for leading efforts to obtain various certifications such as SOC 2, PCI-DSS and HITRUST, supporting customer diligence questionnaires and ongoing audits, and overall ensuring that PayGround achieves and maintains excellence in security and compliance.

About Us

PayGround is a Healthcare FinTech company that is innovating the way people pay healthcare providers by creating a meeting place for healthcare payments. We’re a group of caring, talented, and (we like to think) fun people setting out to solve some problems that shouldn’t exist in 2024. Come join us and be a part of it.

Responsibilities

• Develop, implement, and maintain comprehensive information security policies, procedures, and standards to protect the company’s assets and data.
• Lead the organization’s efforts to achieve and maintain compliance with relevant regulatory requirements, including HIPAA, GDPR, PCI-DSS, and other industry standards.
• Conduct regular risk assessments and vulnerability scans to identify potential security threats and weaknesses in our systems and infrastructure.
• Design and implement robust security controls and measures to mitigate risks and vulnerabilities, including encryption, access controls, and intrusion detection systems.
• Collaborate with cross-functional teams to integrate security into the development lifecycle of our products and services, ensuring that security considerations are addressed from design to deployment.
• Oversee incident response and disaster recovery planning, including the development of response procedures, incident detection and reporting, and post-incident analysis and remediation.
• Stay informed about emerging threats and security technologies, and provide strategic guidance to senior management on cybersecurity trends and best practices.
• Manage relationships with external auditors, regulators, and other stakeholders, and coordinate audits and assessments of our information security and compliance programs.
• Conduct and manage 3rd party vendor assessments to ensure alignment with PayGround’s security and compliance policies.
• Respond to and manage customer security questionnaires and conversations in support of sales and ongoing compliance.
• Foster a culture of security and compliance awareness throughout the organization. Work with team leaders to “shift left” and distribute security and compliance responsibility throughout the organization.
• Monitor industry trends and developments to ensure the company’s security and compliance practices remain current and effective.

Qualifications

• Bachelor’s degree in Computer Science, Information Technology, or related field; advanced degree preferred.
• 8+ years of experience in information security, with at least 3 years in a leadership role.
• Experience working with cloud service providers specifically AWS Cloud Platform, including implementing and managing security controls in cloud environments.
• Deep understanding of healthcare industry regulations and compliance requirements, such as HIPAA/HITRUST.
• Strong knowledge of information security frameworks and standards, such as NIST Cybersecurity Framework, ISO 27001, and SOC 2.
• Demonstrated experience obtaining industry certifications such as SOC 2, PCI-DSS, and HITRUST, including leading the preparation, assessment, and remediation efforts.
• Experience with conducting risk assessments, vulnerability management, and security incident response.
• Proven track record of successfully leading and managing information security and compliance programs in a complex, regulated environment.
• Excellent communication and interpersonal skills, with the ability to effectively communicate technical concepts to non-technical stakeholders.
• Relevant certifications such as CISSP, CCSFP, CISM, or CompTIA Security+ are a plus.

Benefits

Our benefits package is designed to reward contribution and loyalty and to attract the kind of talented individuals who have their pick of employers. We offer a highly competitive package comprising:

• Competitive base salary
• Stock Options
• Core benefits including: full medical, dental, vision, matching 401k