Security Compliance and Risk Manager

At Bluesight, our mission is to create groundbreaking solutions that increase efficiency, safety and visibility for health systems, hospital pharmacy, and pharmaceutical manufacturers.  We empower our customers to deliver the right medicine to the right patient at the right time, every time.  We are a high growth healthcare information technology company with a start-up 'vibe' but over 2,000 customers using our proven solutions.

Bluesight is seeking to add an IT Compliance and Risk Manager to our team!  The IT Compliance and Risk Manager will provide risk oversight and direct hands-on completion of deliverables related to our security posture and compliance.   The Risk Manager will lead our efforts in protecting sensitive healthcare data, securing our cloud infrastructure, and ensuring regulatory compliance. The ideal candidate will possess strong managerial abilities, deep expertise in cloud security (particularly AWS), and a background in SaaS/internet technologies. A vital responsibility of the role will be ensuring the strategic view is developed and executed with consideration for the risks involved while proactively managing IT and data risks in the organization.

• Perform compliance monitoring, analysis, tracking, and reporting
• Oversee, direct, and complete security audits
• Complete security risk assessments
• Lead Bluesights' annual SOC2 Type 2 renewal certification
• Support execution of the enterprise-wide risk assessment framework as it pertains to Risks, Controls, and overall Governance activities
• Develop and manage the Bluesight Security Program, including technical security assessments, vulnerability management, and penetration testing
• Ensure the confidentiality, integrity, and availability of our cloud-based systems and data through strong collaboration with our engineering and IT teams.
• Maintain, implement, and improve upon security strategies
• Assists in defining and maintaining security policies, standards, and guidelines.
• Evaluate and implement security technologies, including endpoint detection, firewalls, and other security tools.
• Collaborates with vendors and internal teams to deploy and integrate security solutions.
• Conducts security assessments, including vulnerability assessments and penetration testing.
• Manage overall Security Risks to company systems, data and operations.
• Conduct an Annual Security & Privacy Risk Analysis
• Manage and maintain the Risk Register
• Work with executive leadership on prioritization and remediation
• Lead the implementation of controls and mitigation strategies
• Develop and maintain security incident response and investigation efforts
• Manage Security monitoring platforms
• Manage Security Incident Response
• Monitor and analyze
• Provide recommendations to remediate identified security vulnerabilities.
• Participates in tabletop exercises and simulations to enhance incident response capabilities.
• Contribute to the development and delivery of security awareness training for employees.
• Provide guidance on security best practices and awareness.
• Collaborates closely with the Engineering, DevOps, and IT teams to understand operational challenges and contribute to solutions.
• Maintain comprehensive documentation related to security architecture, assessments, and technology implementations.
• Ensures documentation is aligned with organizational standards.
• Ensure that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.
• Develop and present, highly technical information and presentations to non-technical audiences at all levels of the organization.

• 3-6 years of strong information security experience and technical security experience 
• Minimum of 10 years of IT and IT compliance experience
• Strong experience with security and privacy compliance frameworks.
• Demonstrated success in managing external audits and internal assessments.
• Extensive experience using and securing AWS cloud environments
• Extensive experience with Application Security on internet-facing systems
• Strong understanding of SaaS and internet technologies.
• Strong management and mentoring skills
• Prior experience in healthcare technology or other regulated industries is highly desirable.
• Proven track record of securing AWS workloads, managing risk, conducting audits, and implementing security best practices.
• Industry certifications such as AWS Certified Security Specialty are preferred.
• BS in Computer Science, Information Systems, or related field preferred
• Must be able to demonstrate integration of regulations and processes such as SOC2, ISO, HIPAA, and Hi-Trust
• Strong project management and organizational skills; ability to manage multiple initiatives simultaneously.
• Must have exceptional writing capabilities on technical and process security controls
• Must be able to articulate risk mitigation and answer IT Security questions in a professional manner

This position is a remote position and open to applicants in the continental United States.

Why Bluesight?

Bluesight’s culture is built on innovation and teamwork. There’s room to grow and opportunities to take initiative. You will partner with sharp, motivated teammates looking to disrupt a massive industry—and have fun doing it.  We truly believe that where you work and what you do matters.  Join us as we revolutionize the hospital pharmacy landscape!

-Competitive salary

-Time off when you need it – unlimited vacation days!

-Generous insurance coverage

-401k program with a company match

-Fun, collaborative culture!

EOE AA M/F/VET/Disability

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, religion, color, national origin, sex, protected veteran status, disability, or any other basis protected by federal, state or local laws.