• Develop and implement the organization's information security strategy. • Provide regular security updates to the CIO, other executives, and the board of directors, including presentations on security matters. • Represent the organization in security-related matters with external parties, including vendors and auditors. • Work closely with the CIO and operate as a member of the DevOps team to emphasize and implement security initiatives. • Conduct regular risk assessments and vulnerability scans using tools like Rapid7 IVM and internal tracking systems. • Oversee the development and implementation of incident response plans and conduct tabletop exercises with DevOps team members. • Ensure compliance with relevant regulations and standards, including HITRUST, NIST, DirectTrust, HIPAA, SOC 2 (Type II), ISO. • Manage internal and external security audits, including evidence collection and preparation. • Develop, review, and update information security policies and procedures, including the Vulnerability and Patch Management Procedure and Data Center Access Procedure. • Participate in the day-to-day operations of the security team and manage security tools and technologies, including Check Point, SentinelOne, and intrusion detection systems. • Lead and mentor the security team, reviewing tasks and responsibilities working closely with the DevOps team members. • Evaluate and manage security vendors, including VDA Labs, KnowBe4, and perform vendor audits.