Blink Health is a well-funded healthcare technology company on a mission to make prescription drugs more accessible and affordable for everyone. We're scaling up in a highly complex vertical to change the way Americans access the prescription drugs they need.
Our proprietary platform and supply chain allows us to offer everyone — whether they have insurance or not — amazingly inexpensive prices on over 15,000 medications. With the addition of telemedicine and home delivery for prescriptions, Blink is providing a life-changing experience for people all over the country and fixing how opaque, unfair and overpriced healthcare has become. We are a highly collaborative team of builders and operators who invent new ways of working in an industry that historically has resisted innovation. Join us!

What success looks like in this role:

• Will be a driving force in setting the security and compliance roadmap for the organization
• Design, engineer, configure and integrate system security solutions that meet stated security control objectives
• Design and implement application and data security solutions to meet business objectives, IT strategic initiatives, corporate and regulatory requirements
• Monitor and resolve end-to-end process for things like repetitive pain points, sticking points, and blockers
• Coordinate with infrastructure and application development project teams to deliver solutions collaboratively, ensuring that corporate security policy, standards and industry best practices are met.
• Drive the selection, POC, implementation and operational deployment of new security technology solutions to ensure the confidentiality, integrity and availability of business data
• Deploy and configure technology, partnering with IT Infrastructure teams and vendor product professional service partners
• Maintain and improve existing security application tool set

How to achieve success:

All Blinkers are expected to operate with our value of “Good Giving” in mind. Our culture is infused with the dedication and enthusiasm of employees who continuously strive to make a difference. Here’s how you will do that in this role:

Good Execution - Do your best work 

• Deliver and maintain security solutions and process (i.e. vulnerability management, privileged access management)
• Cyber incidents identification and activation of incident response procedures
• Monitor and validate security controls
• Respond to security alerts, incidents and issues
• Ensure security controls meet HIPAA/SOC2 compliance needs and best practices

Good Owner - Be the CEO of your role 

• Be an advocate for security and compliance best practices throughout the organization
• Confirm and document vulnerability and security risks and develop mitigation plans
• Take responsibility for the long term success of security training
• Anticipate and aggressively remove obstacles that slow down or prevent programs from delivering on program objectives
• Train and embed security to groups of different disciplines with varying levels of experience

Good Learning - Learn something new every day 

• Stay current with developing technologies, emerging threat landscape and predict the impact of changing technologies
• Lead by example putting new ideas into action, failing fast and learning from each experience

Good Feedback - Consider the perspective of others 

• Listen actively and respond effectively through a variety of channels
• Accept and provide a high level of feedback to colleagues to encourage an open and collaborative culture
• Promote trust and encourage teamwork allow the Information Security team to do their best work

Desired qualities and experience:

• Professional certifications in information security management, such as a CISSP or CISM a plus
• Strong familiarity with information security frameworks (e.g. NIST, CIS, or ISO) and experience architecting solutions to meet compliance requirements (e.g. PCI-DSS, GDPR, CCPA)
• In-depth understanding of complex systems such that you can inspire confidence with product development teams and provide technical leadership and engineering practices for the security engineering teams working on building tools and platforms.
• Deep understanding of security in distributed systems at scale for an engineering organization of >200 developers
• Clear understanding of host operating systems including Linux-focused experience
• Demonstrated best practice usage of security technologies in public cloud environments: Vulnerability scanning and management, SIEM / logging, WAF, security groups and network segmentation, system hardening, incident response and malware prevention
• Problem solving skills and ability to work under pressure in fast paced, customer facing 24/7 production environments
• Self-starter with strong work ethic willing to identify issues and lead them to the conclusion
• Ability to see the big picture and present ideas clearly with demonstrated thought leadership
• Assist in developing, implementation and configuration of security tooling

We are an equal opportunity employer and value diversity of all kinds. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.