Why Vim?

At Vim, we use novel technology to seamlessly connect data, reduce burden, and drive performance at healthcare delivery’s last mile: clinical and operational workflow at the point of care. Our products address critical cost, quality, and experience levers for care improvement, and our differentiated technology enables dramatically faster, more flexible, and more powerful deployments for our payer, provider, and risk-enabling partners. 
Vim’s core R&D team is in Tel Aviv, while our market-facing teams are in the US. We are backed by leading investors, including Sequoia Capital, Great Point Ventures, Anthem, Walgreens, UnitedHealth Group, and Florida Blue. Our customers include some of the largest and most prominent players in US Healthcare as well as over 1,400 physician-led healthcare organizations and medical groups.

What you will do:

We are seeking an experienced individual to join our information and cyber security team and take the lead in the security GRC and Awareness domains. Take ownership of your domain and oversee information security through the development of policies, training initiatives, establishment of vendor security assurance, advancement of company awareness, and the development of Vim's security and privacy compliance certificates and audits. 

Manage Vim's GRC program, ensuring compliance with HIPAA, SOC2, SOC1, and HITRUST, while enhancing process efficiency through the implementation of automation
To make security processes efficient, quick and less time consuming 
Review, update, and create policies and procedures to ensure alignment with customer requirements, certifications, and regulations
Respond to security questions and questionnaires from company prospects and customers, providing support for company operations 
Conduct routine internal security reviews
Manage information security risk activities, including conducting annual risk assessments, performing root cause analysis, and overseeing remediation activities
Lead the vendor security program - Assess the security and compliance of Vim's vendors
Responsible for the security awareness program, conducting training sessions, quizzes, and drills
Be a part of the Cyber & Information Security team, playing an active role in the security operations of the company 

What we are looking for :

3 years of experience in an Information Security position within healthcare/ technology/ consulting companies
Background and experience in information technology, engineering, or other technological roles at least 5+
Proven project management capabilities in GRC & Awareness domains, including planning and execution
Experience in improving process efficiency through the development of automations
Ability to independently lead risk remediations across the organization with minimal supervision
Ability to effectively communicate security needs and business requirements to stakeholders

Nice to have:

Experience in Cloud Security (AWS, Azure, GCP, etc.) 
Industry security certifications, relevant security education, or courses 
Exceptional organizational skills and attention to detail
Excellent interpersonal, writing and communication skills