Vice President, Information Security: Cloudsec, GRC & IT

Who We Are:

SmithRx is a rapidly growing, venture-backed Health-Tech company.  Our mission is to disrupt the expensive and inefficient Pharmacy Benefit Management (PBM) sector by building a next-generation drug acquisition platform driven by cutting edge technology, innovative cost saving tools, and best-in-class customer service.  With hundreds of thousands of members onboarded since 2016, SmithRx has a solution that is resonating with clients all across the country.

We pride ourselves for our mission-driven and collaborative culture that inspires our employees to do their best work. We believe that the U.S healthcare system is in need of transformation, and we come to work each day dedicated to making that change a reality. At our core, we are guided by our company values:

• Integrity: Our purpose guides our actions and gives us confidence in the path ahead. With unwavering honesty and dependability, we embrace the pressure of challenging the old and exemplify ethical leadership to create the new.
• Courage: We face continuous challenges with grit and resilience. We embrace the discomfort of the unknown by balancing autonomy with empathy, and ownership with vulnerability. We boldly challenge the status quo to keep moving forward—always.
• Together: The success of SmithRx reflects the strength of our partnerships and the commitment of our team. Our shared values bind us together and make us one. When one falls, we all fall; when one rises, we all rise.

Job Summary:

SmithRx is developing the next-generation modern pharmacy benefits management (PBM) platform that will change how companies administer and manage pharmacy benefits. Our unified technology platform provides real-time actionable insights that drive cost savings, power clinical services, and result in a brilliant customer experience. A unified technology platform exists nowhere in the pharmacy benefit ecosystem to programmatically solve widespread deficiencies. The result is a PBM delivering unmatched service quality and operational efficiency that exceeds all industry standards.

As the VP of Information Security, you will play a critical role in enabling the success of our platform and people by safeguarding the security of SmithRx’s data, systems, and infrastructure while ensuring compliance with industry regulations and standards. You will collaborate closely with business stakeholders and technology teams to implement and continuously improve a robust information security program that integrates security seamlessly into all processes and systems. This leadership role will also focus on assessing and mitigating operational, legal, regulatory, and security risks across all aspects of IT and technology.
In order to be eligible for this position applicants must be based in one of the following states: Arkansas, Arizona, California, Colorado, Florida, Georgia, Kansas, Minnesota, Missouri, Nevada, North Carolina, Ohio, Pennsylvania, South Carolina, Tennessee, Texas, Utah, Virginia, Washington, Wisconsin.

What you will do:

• Lead and drive SmithRx's overall cybersecurity strategy, integrating robust security practices that support and enhance business operations while safeguarding sensitive data, systems, and infrastructure.
• Identify, evaluate, and manage information security risks while ensuring compliance with industry standards, regulations, and governance frameworks.
• Develop and execute a comprehensive risk management framework focused on auditable governance, compliance, IT security, application and product security, and cloud security.
• Establish measurable goals and objectives to build a culture of trust, compliance, and security.
• Develop, document, and enforce security practices and controls to secure enterprise-wide data and systems.
• Lead cloud and product security efforts, ensuring that our cloud platforms and services align with relevant industry standards, regulations, and compliance requirements.
• Oversee the implementation and management of advanced security monitoring, incident detection, and response tools.
• Evaluate and manage third-party risk by assessing the security posture of cloud providers, vendors, and other third-parties.
• Build, mentor, and lead high-performing teams of cybersecurity professionals, ensuring a collaborative and innovative work environment.
• Spearhead security training and awareness programs to ensure all employees understand the importance of maintaining a secure environment.
• Lead incident response efforts, conducting post-event analysis and continuously improving security processes and capabilities.

Cloud & Product Security:

• Define and implement cloud security policies, standards, and best practices to safeguard infrastructure and data.
• Collaborate with DevOps and engineering teams to integrate security and auditability into the software development lifecycle (SDLC), cloud infrastructure, and cloud operations.
• Manage and optimize cloud security tools, including ICAM, encryption and key management, cloud and data security posture management, and intrusion detection and prevention systems.
• Conduct regular vulnerability assessments and penetration testing of cloud systems and ensure timely remediation of issues.
• Ensure continuous compliance with frameworks like NIST, HIPAA, and others while continuously enhancing security measures.

Governance, Risk & Compliance (GRC):

• Lead efforts to ensure compliance with regulatory frameworks and manage ongoing risk assessment and risk management processes.
• Engage with legal, compliance, and regulatory teams to meet SmithRx’s security obligations and reduce risks.
• Oversee security-related governance, risk assessments, vendor risk management, and security awareness initiatives.
• Lead the architecture, engineering, and management of strategic security programs that align with the company's business goals.

IT Infrastructure Management

• Ensure the security, scalability, and reliability of the company’s IT infrastructure, including network security, endpoint protection, data protection, business continuity, and disaster recovery.
• Oversee the design and execution of security measures for internal systems and ensure alignment with business objectives.

Budget and Resource Management

• Manage the security budget, ensuring optimal allocation of resources for security initiatives.
• Collaborate with cross-functional departments to ensure technology investments align with overall business priorities.

Vendor Management

• Evaluate and manage relationships with third-party vendors, ensuring the selection of secure and compliant services.
• Negotiate contracts and manage security performance and costs with external partners and service providers.

What you will bring to SmithRx:

• Bachelor’s or Master’s degree in Computer Science, Information Technology, or related field.
• 15+ years of experience in cybersecurity, IT security, and risk management across multiple functions. Experience within the healthcare vertical is required. 
• 8+ years in a leadership role with experience managing and scaling security and engineering teams, including prior experience as Head of Information Security, or an equivalent leadership role. 
• Strong knowledge of cloud technologies, infrastructure security, threat-informed defense, and cybersecurity best practices.
• Proven experience with DevOps, CI/CD, and integrating security into the software development and product management lifecycle.
• Expertise in incident response, compliance frameworks, risk management, cloud security, and application security practices.
• Strong communication, collaboration, and interpersonal skills with a demonstrated ability to influence and lead across the organization.
• Strategic mindset with a focus on aligning security initiatives with business goals.

If you're a visionary leader with a proven track record in managing cybersecurity programs, cloud security, and IT risk, we invite you to apply for this impactful position. Join us and help shape the future of SmithRx’s technology ecosystem with an unwavering commitment to security and trust.

What SmithRx Offers You: 

• Highly competitive wellness benefits including Medical, Pharmacy, Dental, Vision, and Life Insurance and AD&D Insurance
• Flexible Spending Benefits 
• 401(k) Retirement Savings Program 
• Short-term and long-term disability
• Discretionary Paid Time Off 
• 12 Paid Holidays
• Wellness Benefits
• Commuter Benefits 
• Paid Parental Leave benefits
• Employee Assistance Program (EAP)
• Well-stocked kitchen in office locations
• Professional development and training opportunities