Location: Remote U.S.

Employment Type: Full-time

Team: Regulatory Affairs

About the Position

Flywheel is seeking a Business Information Security Officer to join our busy and growing team. This is a unique opportunity for a motivated professional with a passion for Information Security to utilize their skills within a fast- paced company working with cutting edge technology. Successful applicants will have a passion for assessing current industry trends while following regulatory changes in order to support the Compliance and Security Program and its implementation company wide. They will also have a passion for instructing and leading personnel in a professional and constructive manner, with a focus on the company's security posture. The Business Information Security Officer is an integral part of the Regulatory Affairs department and will manage security Risk and Supplier Assessments for the organization. Compliance is a team effort at Flywheel, and the role will work closely with the Director of Information Security to guide the direction of the organization’s security and compliance efforts. The Business Information Security Officer will interface with the sales, development and operations teams to advocate for security best practices and will have an excellent opportunity to drive security projects and manage the risk management lifecycle. We’re highly responsive to customer needs and constantly strive to make a positive contribution to the biomedical and life sciences communities we serve.

The Business Information Security Officer will report directly to the Sr. Director of Regullatory Affairs. They will assist the Director of Information Security and lead the successful delivery of information security initiatives across the organization. The individual will serve as a trusted advisor to product and engineering teams and will help identify, assess and execute remediation and mitigation plans to minimize security risks while partnering with business leaders to ensure that business decisions are risk aware and made with security in mind.

Environment

Work closely with our team of engineers and business stakeholders in a fast- paced startup environment. The development team operates within a lightweight Agile process and is empowered to alter it as needed to achieve team and company objectives. In this role, you will collaborate with multiple departments spanning across the company. We’re highly responsive to customer needs and constantly strive to make a positive contribution to the biomedical and life sciences communities we serve.

Team members are recognized and rewarded when advocating for customer success and satisfaction over other concerns. We value self-motivated, creative individuals who work well in a collaborative environment – constantly generating and sharing new ideas and solutions with the team.

Flywheel has a comprehensive benefits package and encourages a balanced work life and home life.

Responsibilities

• Directly liaising between Compliance and Engineering teams in support of audit and compliance activities. Collecting and processing evidence in support of internal and external regulatory audits.
• Acting as a direct interface between engineering and Senior leadership and reporting deviations from control standards.
• Perform maintenance activities for control deficiencies to remediate any audit findings.
• Assist the IT/Engineering and operations team(s) in the maturation, implementation and configuration of security controls including but not limited to: antivirus, whitelisting, patch management and encryption technologies.
• Assess risk to Flywheel’s data and platforms, recommend, document and maintain programs to address those risks.
• Supplier risk management.
• Validate, communicate, track, and work with appropriate team members in IT, Engineering and operations to ensure remediation of security vulnerabilities, reported or identified through audits and scans.
• Work with Engineering leadership to support management of security domains (change management, configuration management, SDLC practices, CI/CD toolset, etc.) concerning Flywheel's software development processes and application platform technology stacks.
• Collaborate with internal stakeholders to ensure we are building secure web applications that preserve the integrity, confidentiality, and availability of company and client systems and data.
• Participate in Disaster/Recovery planning and testing.
• Work cross-departmentally to facilitate IT risk assessment and risk management processes.
• Provide strategic risk guidance to Engineering and Product Development teams for IT projects, including the evaluation and recommendation of technical controls.
• Work cross-departmentally to ensure that security and compliance programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
• Managing risk by assessing vulnerability of systems to cyber attacks or other security breaches.
• Responding to security incidents such as data breaches or cyber attacks by identifying their cause and taking corrective action to prevent them from happening again in the future.
• Performing security assessments on hardware and software applications to identify any vulnerabilities that could be exploited by hackers or malicious insiders.
• Managing and tracking audit milestones.
• Working with internal and external stakeholders to schedule and deliver audits and audit supporting activities.
• Performing monthly, quarterly, and annual continuous monitoring activities.
• Track and drive audit and gap remediation activities.
• Managing and tracking audit milestones.
• Working with internal and external stakeholders to schedule and deliver audits and audit supporting activities.
• Implements, measures and reports KPIs associated with the state of information security; reporting on Security performance against established programs to the Director of Information Security.
• Monitor information security related Websites (US-CERT, SANS Internet Storm Center, etc.) and mailing lists (SANS NewsBites, etc.) to stay up to date on current attacks and trends.
• Analyze potential impact of new threats and exploits and communicate risks to relevant business units.
• Other duties to support the Cybersecurity Program as assigned.

What would make you a great fit

• Required: SOC 2, ISO 27001, HIPAA.
• Desired: ISO 27799, HITRUST, FedRAMP.
• Desired Certifications: CISSP, CISM, GIAC, CISA, CRISC.
• Bachelors’ Degree in Information Technology related field or commensurate experience.
• Self-managing, self-motivated and effective in a distributed workforce.
• Proactive problem solving and forward-leaning work ethic.
• Prefer a fast-paced environment with rapidly changing requirements and procedures.
• Strong attention to detail surrounding HIPAA compliance and security guidelines.
• 5 years experience with Information Security Program Risk Management.
• Growth-oriented perspective and open to taking on new challenges.
• Familiarity with SDLC practices and Cloud Security (Google Cloud Platform and Amazon Web Services).

About Us

Flywheel is the leading research data platform that's transforming the way biomedical and imaging data are managed at leading life sciences, clinical, and academic institutions globally.

Flywheel provides a comprehensive research data solution with all the tools needed for curation, imaging processing, machine learning workflows, and secure collaboration. By leveraging cloud scalability and automating research workflows, Flywheel helps organizations scale research data and analysis, improve scientific collaboration, and accelerate discoveries.

Company Values

GO STEADY WITH LEVITY

The alchemy of effective teamwork happens when we each take ownership of both the menial and the magical every day. We’re serious, but never stuffy. We keep our cool under pressure because we assume best intentions and maintain perspective. This allows for true teamwork, with a dash of irreverence.

WORK BETTER TOGETHER

We are tenacious and united in our pursuit of solving our customers’ biggest challenges, and no challenge is too big. Diverse backgrounds across our team make us more effective as we listen, absorb, collaborate, and iterate to innovate.

FIGURE IT OUT

We’re obsessed with uncovering the why of any given. Having an open mind allows us to be quick to fail and quick to adapt. We relentlessly pursue continual improvement through learning and imagining new possibilities.

GIVE A SHIT

We’re fueled by grit, boundless energy, and a deep belief that we are doing cool shit. We don’t hesitate to stand up and speak out because we trust that through tough, honest discourse we can drive change and make a real difference for our customers and our mission.