• Develop and implement the organization's information security strategy. • Provide regular security updates to the CIO, other executives, and the board of directors, including presentations on security matters. • Represent the organization in security-related matters with external parties, including vendors and auditors. • Work closely with the CIO and operate as a member of the DevOps team to emphasize and implement security initiatives. • Conduct regular risk assessments and vulnerability scans using tools like Rapid7 IVM and internal tracking systems. • Oversee the development and implementation of incident response plans and conduct tabletop exercises with DevOps team members. • Ensure compliance with relevant regulations and standards, including HITRUST, NIST, DirectTrust, HIPAA, and SOC 2 (Type II), ISO. • Manage internal and external security audits, including evidence collection and preparation. • Oversee the evidence collection process for audits, working with third-party auditors for response submission. • Work closely with business development and legal to assist with security compliance requirements. • Assist with identifying and implementing international security compliance. • Develop, review, and update information security policies and procedures, such as the Vulnerability and Patch Management Procedure and Data Center Access Procedure. • Ensure policies are communicated and enforced throughout the organization, including through security awareness training. • Participate in the day-to-day operations of the security team and manage security tools and technologies, including Check Point, SentinelOne, and intrusion detection systems. • Monitor security alerts and respond to incidents, including phishing attempts reported through various tools. • Lead and mentor the security team, reviewing tasks and responsibilities while working closely with the DevOps team members. • Evaluate and manage security vendors, including VDA Labs, KnowBe4, reviewing security agreements and contracts. • Perform vendor audits and maintain required documentation. • Develop and deliver security awareness training to employees, including utilizing KnowBe4, TalentLMS, and internal training programs. • Provide onboarding training for new employees. • Develop and manage the security budget, planning and prioritizing security projects, including funding for tools and conferences.