Role Summary

Soleo Health is seeking a Senior Director, Information Security Officer to enhance and safeguard our company's IT infrastructure in Frisco, TX or St. Louis, MO. Join us in Simplifying Complex Care!

​

Company Overview

Soleo Health Perks:

Competitive Wages

401(k) with a Match

Referral Bonus

Paid Time Off

Great Company Culture

Paid Parental Leave Options

Affordable Medical, Dental, & Vision Insurance Plans

Company Paid Disability & Basic Life Insurance

HSA & FSA (including dependent care) Options

Education Assistance Program

​

The Position:

The Senior Director, Information Security Officer will report directly to the Chief Information Officer (CIO) and holds a pivotal executive technology leadership role. This position is crucial for shaping and executing the company's cybersecurity strategy, ensuring the protection of information assets, and maintaining compliance with industry standards within the healthcare sector. The CISO will develop, recommend, and implement comprehensive security measures that leverage advanced technologies and best practices to safeguard sensitive data while adhering to healthcare regulations.

• Cybersecurity Strategy Development: Develop and implement a robust cybersecurity strategy that aligns with the organization's overall objectives and industry standards. Apply a risk-based approach to identify, prioritize, and mitigate risks to enhance patient data security and protect against cyber threats.
• Governance and Compliance: Establish and enforce information security policies to ensure data integrity, confidentiality, and compliance with healthcare regulations, including HIPAA, HITRUST, and HITECH. Develop frameworks for consistent security practices across the organization.
• Healthcare Data Security: Implement advanced data security measures to protect sensitive healthcare information. Ensure compliance with data privacy laws and safeguard patient information from breaches and unauthorized access. Lead efforts to enable the organization to achieve HITRUST certification.
• Risk Management: Conduct regular risk assessments and vulnerability analyses to identify and address potential security threats. Prioritize action plans based on a risk-based approach to minimize potential impact. Develop and maintain incident response plans to manage data breaches and other security incidents effectively.
• Security Infrastructure Management: Lead the design and implementation of scalable security architecture tailored to healthcare applications. Ensure the efficient and secure collection, storage, and retrieval of data across all business units.
• Team Leadership: Build and manage a lightweight, high-performing information security team over time, fostering a culture of continuous learning and innovation. Develop training programs and career paths to attract, retain, and grow top cybersecurity talent.
• Cross-Functional Collaboration: Work with senior leaders to integrate security measures into all aspects of the business. Promote a security-centric culture and advocate for proactive risk management and data protection.
• Technology and Vendor Management: Evaluate and implement cutting-edge security technologies and tools. Manage relationships with external vendors and partners to ensure optimal solutions and services, focusing on healthcare-specific technologies and compliance requirements. Develop a framework to efficiently assess new technology software and partner requests within the organization.
• Performance Measurement: Develop and track key performance indicators (KPIs) to measure the effectiveness of security initiatives. Provide regular updates to the executive team on the progress and impact of security strategies, particularly in relation to compliance, risk reduction, and incident response.

Required Qualifications:

• Bachelor’s degree in information security, Computer Science, Information Technology, or related field.
• Minimum of 10-15 years of experience in information security and technology roles, with extensive experience in the healthcare sector including familiarity with healthcare data security practices, regulations, and standards.
• Expertise in advanced security technologies (e.g., encryption, intrusion detection, DLP, incident response) and proficiency in security management tools and platforms (e.g., SIEM, IDS/IPS, DLP).
• Strong understanding of security architecture and infrastructure design tailored for healthcare applications.
• In-depth knowledge of healthcare regulations, such as HIPAA, HITRUST, and HITECH, with experience ensuring compliance with healthcare data privacy and security standards.
• Proven ability to lead and manage a high-performing security team, with experience in talent management, training program development, and fostering a culture of continuous learning and innovation.
• Ability to formulate and execute security strategies that align with business objectives and industry standards, driving transformational change and positioning the organization as a leader in healthcare data security.
• Excellent communication and interpersonal skills, with the ability to effectively collaborate with senior leaders and cross-functional teams, and strong advocacy for security-centric decision-making.

​

Preferred Qualifications:

• Advanced degree in Information Security, Business Administration, Healthcare Administration, or a related discipline preferred.
• Experience evaluating and implementing cutting-edge security technologies and tools suitable for healthcare environments, managing relationships with external vendors and partners.
• Ability to develop and track key performance indicators (KPIs) to measure the effectiveness of security initiatives, with experience providing regular updates to the executive team.

About Us: Soleo Health is an innovative national provider of complex specialty pharmacy and infusion services, administered in the home or at alternate sites of care. Our goal is to attract and retain the best and brightest as our employees are our greatest asset. Experience the Soleo Health Difference!

​

Soleo’s Core Values:

• Improve patients’ lives every day
• Be passionate in everything you do
• Encourage unlimited ideas and creative thinking
• Make decisions as if you own the company
• Do the right thing
• Have fun!

​

Soleo Health is committed to diversity, equity, and inclusion. We recognize that establishing and maintaining a diverse, equitable, and inclusive workplace is the foundation of business success and innovation. We are dedicated to hiring diverse talent and to ensuring that everyone is treated with respect and provided an equal opportunity to thrive. Our commitment to these values is evidenced by our diverse executive team, policies, and workplace culture.

​

Soleo Health is an Equal Opportunity Employer, celebrating diversity and committed to creating an inclusive environment for all employees. Soleo Health does not discriminate in employment on the basis of race, color, religion, sex, pregnancy, gender identity, national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an organization, parental status, military service or other non-merit factor.

Company Description

At Northwestern Medicine, every patient interaction makes a difference in cultivating a positive workplace. This patient-first approach is what sets us apart as a leader in the healthcare industry. As an integral part of our team, you'll have the opportunity to join our quest for better healthcare, no matter where you work within the Northwestern Medicine system. At Northwestern Medicine, we pride ourselves on providing competitive benefits: from tuition reimbursement and loan forgiveness to 401(k) matching and lifecycle benefits, we take care of our employees. Ready to join our quest for better?

• Threat and Vulnerability Management - Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers throughout our cloud service
• Malware protection - Prevent, detect and respond to the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action
• System hardening - Establish, implement, and actively manage (track, report on, correct) the security configuration cloud resources using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings
• Data protection - Define and manage processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information (DLP, GASB…)
• Log management/Security Analysis - Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack¿
• Incident Response - Protect the organization's information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker's presence, and restoring the integrity of the network and systems
• Penetration Tests and Red Team – coordinate testing the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker
• Maintains solid technical competence for assigned services and systems while grasping the integration and interaction of all supported services and systems
• Provides technical leadership and support for computing systems security
• Strong operations experience focused on public cloud security
• Maintains a broad working knowledge of the full range of NMHC IT security policies and controls
• Provides diagnostic skills and expertise to coordinate problem determination and solution, including vendors and manufacturers, across the full range of NMHC cloud security controls
• Thorough understanding of cloud infrastructure security and networking, governance, maintaining compliance, creating security policies and blueprints, security in layers concepts, key vaults, intrusion protection, risk mitigation and automated security remediation (SecOps)
• Code using modern scripting languages (Python, Ruby, PowerShell, JavaScript)
• Develops reports, monitoring dashboards, workflows, and metrics within cloud and hybrid environments
• Responds thoroughly and promptly to customer needs as defined in conjunction with our customers
• Manages customer relationships and follows issues through to closure. Includes all aspects of customers (NMHC technology users, IS team members, etc.)
• Works effectively in supporting the Information Service team with project and support activities
• Actively participates and communications with the project teams
• Prepares and delivers effective support by seeking a thorough understanding of the team’s goals and objectives
• Understands the business and clinical processes at NMHC and the operational environments of assigned customers
• Experience with gathering business requirements, technical analysis and design
• Utilize ServiceNow ITOM, Orchestrator, Cloud Management, Cost Management, Change Management, Asset Management, creating workflows and authorization workflows, CMDB to accurately communicate cloud capabilities
• Communicates clearly, responsively, and purposely with customers and team members
• Proficient in all written communication, both internally and externally
• Develops effective relationships with users and other IS team members to enhance the timeliness and effectiveness of technology solutions
• Reviews technology projects, analyzes business requirements, recommends system changes, writes technical specifications and implements system and system changes to address changing application requirements
• Provides technical leadership including the identification and implementation of NMHC best practice standards
• Develops project plans to direct technology activities either in support of application projects or as independent work activities
• Works directly with project managers to understand application objectives, develop scope of project, outline effort projections, determine schedules, and finalize plans
• Establishes and enforces standards and procedures in accordance with NMHC’s security policies
• Providing on-call support is required.

Required:

• 5+ years of experience in core discipline
• Excellent verbal and written communication skills

​

Preferred:

• Bachelor’s degree in related field or equivalent years of experience
• 5+ years of experience in core discipline in the healthcare industry

Northwestern Medicine is an affirmative action/equal opportunity employer and does not discriminate in hiring or employment on the basis of age, sex, race, color, religion, national origin, gender identity, veteran status, disability, sexual orientation or any other protected status.

Summary Information about the Role

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

​

Company Overview

Microsoft's Mission is to "Empower every person and every organization on the planet to achieve more" and Security is core to that statement. The M365 product portfolio makes up some of the most widely used and trusted productivity applications and services in the world, and is driving AI value through CoPilots. Would you like to help us protect the billions of people these apps empower to accomplish more in their lives? It’s a fun, dynamic, and always interesting set of problems securing these services and protecting our customers.

• Drive understanding and decision making around Security Incidents and the Post Incident Review (PIR) Process
• Driving Secure Engineering policies, practices, and tooling across user-facing services at Microsoft, including AI platforms and implementations
• Helping guide Engineering Teams across Microsoft on security best practices
• Collaborating with teams across Microsoft to help define the state of the art for detection, prevention, and elimination of security risks
• Identifying emerging security problems that need additional focus, and contributing to building solutions to solve them, often utilizing AI
• Mentoring others inside and outside of Microsoft on building secure platforms and systems
• Plan and manage an expanding portfolio of security and privacy programs and track associated metrics
• Create and present plans to management for driving security and privacy objectives across M365 services
• Represent Microsoft in various customer briefings and security conferences

Required Qualifications

• Bachelor's Degree in Computer Science, or related technical discipline AND 8+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
• OR equivalent experience.

​

Other Qualifications

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

​

Additional or Preferred Qualifications

• Bachelor's Degree in Computer Science or related technical field AND 12+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
• OR Master's Degree in Computer Science or related technical field AND 10+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
• OR equivalent experience.

Software Engineering IC6 - The typical base pay range for this role across the U.S. is USD $161,600 - $286,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $209,600 - $314,400 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

​

Single reqs: Microsoft will accept applications for the role until February 23, 2025.

​

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.