Cybersecurity Specialist - Richmond - DrFirst

Description

Cybersecurity Specialist

For 25 years, DrFirst has empowered providers and patients to achieve better health through intelligent medication management. We enhance healthcare workflows and help patients initiate and adhere to therapy with comprehensive solutions that improve access, affordability, and adherence to prescriptions. With our solutions benefiting 100 million patients annually, we serve over 420,000 prescribers, 71,000 pharmacies, 270 EHRs and health information systems, and more than 2,000 hospitals in the U.S. Joining our team presents a wonderful opportunity to be part of a thriving Healthcare IT company experiencing substantial growth. Here you'll work with a talented group of individuals, tackling unique and complex challenges in healthcare that few companies can match. If you have a desire to expand your skills in innovative ways and grow into your fullest potential while collaborating with intelligent colleagues, we want to hear from you

Position Overview

We're looking for a proactive Cybersecurity Specialist to enhance our security posture through audit compliance, cloud infrastructure, corporate security support, and AI-driven security initiatives. This position requires strong technical expertise, project management skills, and the ability to collaborate effectively across teams.

Who will excel in this role:

• An Innovator: Someone who thinks creatively to introduce new methods, ideas, and products.
• A Problem Solver: Someone passionate about using technology to address complex challenges and leveraging data to adopt new strategies to improve efficiency and scalability.
• A Team Builder: A person who enjoys mentoring developers, product owners, and other security team members in security principles and is dedicated to attracting and retaining top talent.
• A Trusted Advisor: An individual with strong leadership skills who consistently seeks improvement in both personal and organizational security practices.
• A Driver: A motivated individual who works with purpose and passion, elevating our technical teams through fresh perspectives, ideas, and solutions.
• A Collaborator: Someone who can effectively unite internal teams to deliver exceptional products that contribute to DrFirst's market share and profitability targets.

What You Will Focus On:

Audit Leadership (25%)

• Work with cross-organizational stakeholders to implement and monitor AI-specific controls based on NIST A1 600 and HITRUST AI Certification.
• Lead the collection of evidence for certified audits using security read-only access to production systems.
• Coordinate with departmental subject matter experts to ensure timely completion of audits.
• Apply technical expertise to streamline audit processes and maintain compliance.

Cloud Security & Monitoring (25%)

• Conduct internal audits of AWS and GCP configurations for security compliance.
• Recommend cloud settings to optimize security and operational efficiency.
• Refine security alerts to reduce false positives and enhance actionable intelligence.

Corporate Security Support (25%)

• Promptly and accurately complete customer security questionnaires.
• Stay informed of product security controls and updates.
• Develop and maintain NIST control frameworks for proactive sharing with customers.
• Perform Vendor Risk Assessments (VRAs) with a focus on emerging trends and preferred vendor guidance.

AI Security Program Development (25%)

• Monitor developments in AI-driven security and best practices for implementation.
• Understand evolving governance frameworks and compliance requirements related to AI security.
• Implement AI security monitoring systems and respond to compliance alerts promptly.

Qualifications:

Technical Skills:

• Deep expertise in AWS and GCP security configurations.
• Strong understanding of NIST and various security compliance frameworks.
• Experience with security monitoring tools and alert management.
• Scripting skills for automation (Python, PowerShell, or similar).

Core Competencies:

• Exceptional critical thinking and problem-solving abilities.
• Proven project management experience from conception through implementation.
• Strong skills in cross-functional collaboration and influence.
• Detail-oriented with the ability to juggle competing priorities.
• Professional judgment to focus on high-impact activities.

Experience Requirements:

• 5+ years in cybersecurity engineering or a related field.
• Experience with certified security audits (SOC 2, ISO 27001, HITRUST).
• Background in cloud security architecture and monitoring.
• Proven track record of process improvement and automation initiatives.

Preferred Qualifications:

• Security certifications (CISSP, CCSP, AWS Security, GCP Security).
• Experience with AI/ML security frameworks.
• Familiarity with vendor risk assessment processes.
• Previous experience conducting customer-facing security communications.

Physical Requirements:

• 90% desk/phone work.
• 10% standing/moving throughout the office.

Benefits:

• Competitive compensation with a base salary of $130,000 - $150,000 (exact compensation may vary based on skills and experience).
• Eligibility for the Company Performance-based Bonus Program, based on individual and company performance.
• Comprehensive medical, dental, and vision insurance.
• 401K eligibility after 3 months of employment, with a 50% company match up to the first 5% of salary contributed to the plan, featuring a 3-year vesting schedule.
• HSA for eligible employees enrolled in the HDHP, with a generous company contribution of up to $500 for individual coverage and $1000 for family coverage annually.
• 100% company-paid short and long-term disability, AD&D, and group life insurance.
• Accrued annual paid time off (PTO) of 18 days for the first 3 years of service, increasing thereafter, and 7 paid holidays.
• Employee Assistance Program.
• Continuing education funds up to $1500 annually for eligible programs after 1 year of service.
• Voluntary benefits including FSA, Hospital indemnity, Accident, and Critical Illness insurances.

DrFirst is committed to being a remote-first company, fostering a dynamic and flexible workplace where everyone can thrive, regardless of location. Check out our approach to remote work.