Brook is a digital health company. Brook offers a set of products and services extending health-care-management beyond the walls of doctors’ offices and into people’s homes and their day-to-day lives. Brook provides people who are living with chronic conditions a highly personalized high-touch support via a smartphone app offering AI tools, data collection through connected devices, and real-time access to health coaches to make smart, daily decisions and to build healthy habits to achieve their long-term health goals. Brook also offers a CDC-approved preventative program for people who are at high risk for diabetes. For primary care providers, Brook offers SaaS tools for continuous remote monitoring, providing insights into their patient’s health needs, enabling a new model of care, and early preventative interventions with our own care delivery team resulting in better health outcomes.
We are seeking a highly motivated and experienced Security, Compliance, and IT Engineer to join our team. The ideal candidate will possess a strong background in information technology, information security, and regulatory compliance, particularly within the Healthcare industry. This role is critical in ensuring our company’s compliance with health-related regulations, such as HIPAA, while maintaining a robust IT infrastructure.
Key Responsibilities:
Security & Compliance:
- Implement and maintain security measures to protect sensitive health information, ensuring compliance with HIPAA and other relevant regulations.
- Develop and enforce IT security policies and procedures to ensure the confidentiality, integrity, and availability of information systems.
- Conduct regular risk assessments, audits, and penetration tests to identify vulnerabilities and implement mitigation measures.
- Manage and secure cloud infrastructure, ensuring robust cloud security practices are in place.
- Collaborate with internal teams to design and develop secure and compliant IT solutions for the company and its clients.
- Stay informed about industry trends, emerging technologies, and regulatory changes to ensure ongoing compliance and competitive advantage.
- Serve as the primary point of contact for external auditors and regulatory agencies during audits and inspections.
- Work with external partners to ensure compliance and security standards are met.
Information Technology:
- Evaluate, develop, and maintain the company’s IT infrastructure to support organizational needs.
- Manage company employees’ computers, assisting with onboarding and offboarding processes.
- Provide training and guidance to employees on information security best practices and regulatory compliance requirements.
- Assist with developing and maintaining the company’s business continuity and disaster recovery plans.
Requirements:
- Bachelor’s degree in Computer Science, Information Technology, Information Security, or a related field, or equivalent experience.
- Minimum of 3 years of experience in IT, security, and compliance, preferably in the Healthcare industry.
- In-depth knowledge of HIPAA and SOC 2 regulations and standards.
- Knowledge and hands-on experience in cloud security, including securing cloud infrastructure and services.
- Strong understanding of information security principles, best practices, and technologies.
- Experience in conducting penetration tests and analyzing results to improve security posture.
- Familiarity with IT infrastructure, including networking, server administration, and cloud computing.
- Experience in conducting risk assessments, audits, and vulnerability assessments.
- Excellent communication skills, with the ability to explain complex concepts to a diverse audience.
- Strong analytical and problem-solving skills.
- Ability to manage multiple tasks and priorities effectively and adapt to changing demands.
- Relevant certifications (e.g., CISSP, CISM, CISA, or CHPS) are a plus.
This role is not eligible for visa sponsorship or relocation. The candidate must live within a commuting distance from the office location.
#J-18808-Ljbffr