Who we are

Cityblock Health is a new type of healthcare company, operating out of Brooklyn and backed by Alphabet’s Sidewalk Labs, along with some of the top healthcare investors in the country.

Our mission is to radically improve the health of urban communities, one block at a time. Importantly, our solutions are designed specifically for Medicaid and lower-income Medicare beneficiaries, and we bring the capability to deliver care in the home and neighborhood with our field-based teams. In close collaboration with community-based organizations and leading commercial partners, we are reorganizing the health system to focus on what matters to our members. We deliver personalized primary care, behavioral health, and social services through a network of neighborhood hubs with deep community-based partnerships and world-class technology.

Over the next year we’ll grow quickly, including entering new markets and dramatically expanding our software footprint. This role will be a key contributor to the success of all of our digital product experiences.

The role

We are seeking a Director of Information Security to help us double down on patient data privacy standards and security standards across organization as we scale.

Cityblock manages healthcare clinics, corporate offices and Commons, our digital care management platform. Commons enables our clinical teams to engage with members, collect structured data about medical, behavioral and social needs, and develop personalized care plans that drive good health. Commons will allow our care operations to scale to eventually support hundreds of thousands of patients in cities across the country.

We’re developing software in-house fresh from a modern tech stack: GraphQL, Typescript, Node.js, Scala and Postgres, all hosted in a dockerized environment on HIPAA-compliant AWS through Aptible, and using Redox as our integration layer to Electronic Health Record (EHR) systems. Our data infrastructure uses Google Cloud Platform tools such as Google Kubernetes Engine, Google Cloud Dataflow, BigQuery and Pub/Sub.

If you’re passionate about building great software for the people who need it most, and seeking an entrepreneurial opportunity on a rapidly scaling team, we want to hear from you!

Responsibilities:

• Implement, manage, and enforce information security directives as mandated by HIPAA
• Manage security incidents and events involving protected health information (PHI)
• Lead information security training initiatives to educate Cityblock employees about information security risks and best practices for software engineering and other functions
• Evaluate security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary
• Ensure that the business continuity plan, including disaster recovery, business continuity, risk management and access controls needs Cityblock offices and clinics are addressed
• Serve as internal subject matter expert for information security compliance
• Works closely with the VP of Engineering, Compliance Manager, COO and IT lead to ensure alignment across security and privacy compliance programs including policies, practices and investigations
• Maintain an information security risk assessment/analysis, mitigation and remediation Responsible for development and implementation of security risk management plan.
• Ensure that Cityblock has audit controls to monitor activity on systems that contain or use PHI
• Oversee periodic monitoring and reviewing of audit records to ensure that activity is appropriate. Such activity would include, but is not limited to, logons and logoffs, file accesses, database access, use of removable media and printing
• Ensure our partners understand and are satisfied with our security practices
• Communicate with vendors to ensure they are using best in class security when handling our data

Qualifications:

• 10+ years experience serving as a security officer in large enterprises
• Knowledge and experience in state and federal information security laws, including but not limited to HIPAA, including NIST, SOC 2, ISO 27001, PCI and all other applicable regulations.
• Demonstrated organization, facilitation, written and oral communication, and presentation skills

Nice to Haves

• Security certification such as Certified in Healthcare Privacy and Security (CHPS) and/or other healthcare industry related security credentials.
• Bachelor’s degree or equivalent experience in Computer Science or related field
• Demonstrated skills in collaboration, teamwork, and technical problem-solving. Able to roll up sleeves and assist with engineering and IT activities related to security.
• Extensive familiarity with health care relevant legislation and standards for the protection of health information and patient security.
• Information Security certifications such as CISSP, GIAC, CISA, CISM, etc. certification or similar

Cityblock values diversity as a core tenet of the work we do and populations we serve. We are an equal opportunity employer, indiscriminate of race, religion, ethnicity, national origin, citizenship, gender, gender identity, sexual orientation, age, veteran status, disability, genetic information, or any other protected characteristic.