The CISO leads the company's information security strategy, manages teams, ensures compliance, conducts risk assessments, and communicates with executive leadership.
About the Role:
The Chief Information Security Officer has a primary role in being responsible for information security for the company. CISO will define and execute on the company’s Information Security Strategy while maintaining compliance with key certifications and industry standards such as HiTrust, HIPAA and PCI. CISO will also take part in setting and refining company goals and vision as a member of the Technology Leadership team. The Chief Information Security Officer reports directly to the Chief Technology Officer.
Specific responsibilities:
- Manage and mature an enterprise-wide information security strategy.
- Align cybersecurity initiatives with business objectives and regulatory requirements.
- Communicate security risks and strategies to executive leadership and the board.
- Conduct risk assessments and manage security risks proactively.
- Ensure compliance with industry regulations (e.g., HIPAA, PCI, NIST).
- Oversee audits, security assessments, and incident response planning. Execute them hands-on as needed.
- Implement security governance and risk management frameworks.
- Oversee the security operations center (SOC) and threat intelligence programs.
- Develop and implement incident response plans and lead breach investigations.
- Ensure the deployment and management of security tools (firewalls, intrusion detection, endpoint protection).
- Monitor and respond to emerging threats and vulnerabilities.
- Implement data protection measures, including encryption and access controls.
- Work with legal teams to ensure compliance with data privacy laws.
- Conduct cybersecurity awareness training for employees.
- Promote a security-conscious culture across the organization.
- Work with IT, legal, and compliance to ensure security integration.
- Assess and manage security risks in third-party vendors and partners.
- Evaluate and implement new security solutions and architectures.
- Monitor for bot attacks, credential stuffing, and API security vulnerabilities.
- Deploy and manage web application firewalls (WAF), DDoS protection, and endpoint security.
What you’ll need:
- 15+ years of experience with Cyber Security including recent hands-on experience conducting audits and remediations, investigation of security incidents, and other security tasks as needed.
- Bachelor’s degree or higher in Computer Science, ideally with Cyber Security specific certifications.
- Experience managing a small team of security analysts. Hiring, coaching and mentoring them as needed.
- Ability to work closely with Engineering, Operations, Legal, and Compliance teams on security related tasks and initiatives
- Experience with obtaining and maintaining HiTrust certification
- Experience with maintaining HIPAA and PCI Compliance at an Ecommerce (D2C) Company
Compensation, Benefits, & Additional Details:
At Health-E Commerce, our goal is to provide an offer that supports growth potential within the role and allows for future salary progression. Final compensation is evaluated on various factors which include but aren’t limited to experience, skills, internal equity among peers, and geographic location.
- Compensation: $150,000 - 180,000
- Discretionary Annual Bonus Eligibility: Up to 25%
- Medical, Dental, Vision, and 401K with a company match
- Dependent Care, FSA & HSA accounts
- Paid Parental & Bonding Leave
- Flexible PTO & office closure on all major holidays
- Monthly wellness & internet reimbursements
- Professional development including certification support & leadership coaching
- Mental Health resources
- 100% remote within the United States
- Must be able to work EST hours
Top Skills
Ddos Protection
Endpoint Protection
Firewalls
Hipaa
Hitrust
Intrusion Detection
Nist
Pci
Security Tools
Web Application Firewalls
Similar Jobs
Healthtech • HR Tech • Kids + Family • Other • Social Impact • Telehealth
The VP Security (CISO) will lead Carrot's Security function, ensuring compliance with international laws, security of sensitive member data and driving strategic security initiatives to support business growth and objectives.
Top Skills:
AWSAzureCismCisspHitrustIso 27001Nist CsfOwaspPci DssSoc 2 Type Ii
Artificial Intelligence • Fintech • Machine Learning • Social Impact • Software
As a Senior IT Engineer, you will architect, implement, and scale infrastructure, drive automation, and ensure security across IT systems while mentoring junior engineers.
Top Skills:
AnsibleAWSBashCi/CdGoogle SuiteJAMFOktaPalo Alto FirewallsPythonSlackTerraform
Artificial Intelligence • Fintech • Machine Learning • Social Impact • Software
The IAM Senior Engineer will design, implement, and maintain identity and access solutions, manage tools, integrate solutions, and ensure compliance with security policies.
Top Skills:
AtlassianAWSGoogle SuiteMfaOauthOidcOktaSalesforceSAMLSlackSso
What you need to know about the Charlotte Tech Scene
Ranked among the hottest tech cities in 2024 by CompTIA, Charlotte is quickly cementing its place as a major U.S. tech hub. Home to more than 90,000 tech workers, the city’s ecosystem is primed for continued growth, fueled by billions in annual funding from heavyweights like Microsoft and RevTech Labs, which has created thousands of fintech jobs and made the city a go-to for tech pros looking for their next big opportunity.
Key Facts About Charlotte Tech
- Number of Tech Workers: 90,859; 6.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lowe’s, Bank of America, TIAA, Microsoft, Honeywell
- Key Industries: Fintech, artificial intelligence, cybersecurity, cloud computing, e-commerce
- Funding Landscape: $3.1 billion in venture capital funding in 2024 (CED)
- Notable Investors: Microsoft, Google, Falfurrias Management Partners, RevTech Labs Foundation
- Research Centers and Universities: University of North Carolina at Charlotte, Northeastern University, North Carolina Research Campus
