Chief Information Security Officer (CISO)

Who We Are:

At the intersection of health plans and providers, Apixio is creating a leading Connected Care platform to minimize reimbursement inaccuracies and high-quality patient care so they can thrive as the industry moves toward value-based reimbursement models.

The combination brings together healthcare expertise, AI/machine learning technology and data-driven analytics solutions to deliver innovative solutions and value to our customers and the healthcare ecosystem. We aim to accelerate the shift toward alternative payment models, while enhancing efficiency and supporting better patient outcomes.

Position Overview:

We are seeking an experienced Chief Information Security Officer (CISO) to lead our cybersecurity strategy and operations. This role is critical in ensuring compliance with HITRUST and SOC2 standards, managing threats, enforcing policy adherence, and maintaining a resilient security posture. The CISO will be responsible for developing robust security frameworks and driving continuous improvement in security operations, all while ensuring that security measures enable productivity and collaboration.

Key Responsibilities:

• Design and execute a comprehensive cybersecurity strategy that aligns with the organization's goals and regulatory requirements, including HITRUST and SOC2, with a particular focus on cloud-native environments and healthcare data.
• Partner with enterprise teams to integrate security into the design and development of platforms, AI/ML models, and client-facing applications, enabling the company to compete effectively in the market.
• Ensure the security and ethical deployment of AI and Generative AI technologies at scale, addressing potential risks and compliance challenges associated with these advanced technologies.
• Implement industry-leading security practices to protect sensitive healthcare data, including compliance with HIPAA and other relevant healthcare regulations.
• Oversee all aspects of threat management, including incident response, adversary simulation, threat intelligence, and data loss prevention, ensuring the organization is well-prepared to detect, respond to, and recover from security incidents.
• Direct the daily operations of the security function, including security monitoring, vulnerability management, and security orchestration, implementing advanced tools and processes to manage and mitigate risks effectively.
• Ensure the organization's compliance with industry standards and regulations, including HITRUST, SOC2, and HIPAA, by developing and enforcing security policies, procedures, and controls to protect sensitive information and maintain data integrity.
• Identify, assess, and mitigate cybersecurity risks across the organization, developing risk management frameworks that support business objectives while minimizing exposure to potential threats.
• Develop a framework for collaboration between the security, technology, and business teams, ensuring that security is integrated across all areas of the business.
• Mentor and develop a high-performing security team, fostering a culture of security awareness and continuous learning within the organization.
• Serve as the primary security liaison to current and prospective customers, providing transparency and assurance about the company's security program, controls, and compliance posture, and addressing customer inquiries and concerns in a timely and effective manner.
• Develop and maintain customer-facing security documentation, such as security whitepapers and data sheets, to provide clear and concise information about the company's security practices and controls.
• Participate in customer security assessments and audits, providing evidence and support to demonstrate compliance with customer security requirements and industry standards.
• Collaborate with sales and marketing teams to develop security-focused sales enablement materials and messaging, and provide security expertise to support customer engagement and sales efforts.
• Build and maintain relationships with key customer security stakeholders, including CISOs and security teams, to foster trust and confidence in the company's security program and practices.
  
  

Qualifications:

• Demonstrate success as a CISO or in a senior security leadership role, preferably in the healthcare or technology sectors, with significant experience in managing large-scale security operations and protecting healthcare data.
• Possess extensive experience with cloud-native environments and the associated security challenges and solutions.
• Have experience with securing AI/ML models and Generative AI deployments at scale, addressing associated risks and ensuring compliance.
• Hold an active Certified Information Systems Security Professional (CISSP) or equivalent certification.
• Bring strong knowledge of cybersecurity technologies, threat management, incident response, and regulatory compliance (e.g., HITRUST, SOC2, HIPAA), with experience in developing and implementing AI security frameworks as a plus.
• Exhibit proven ability to lead cross-functional teams, influence senior leadership, and communicate complex security concepts to non-technical stakeholders.
• Possess a deep understanding of risk management principles, with the ability to balance security needs with business goals, ensuring that security measures enable rather than restrict work and collaboration.
• Master's degree in Business Administration, Computer Science, Information Security, or a related field is preferred.
  
  

The salary range below is for Base Salary. Total compensation also includes benefits and variable compensation. Compensation will be determined based on several factors including, but not limited to, skill set, years of experience, and the employee's geographic location.

Base Compensation

$200,000—$300,000 USD

We recognize that people come with experience and talent beyond just the technical requirements of a job. If your experience is close to what you see listed here, please consider applying. Diversity of experience and skills combined with passion is a key to innovation and excellence. Therefore, we encourage people from all backgrounds to apply to our positions. Your skills and background may be more translatable to this role than you initially thought. Allow us the opportunity to get to know you. Please let us know if you require accommodations during the interview process.

What Apixio can offer you:

• Meaningful work to advance healthcare
• Competitive compensation
• Exceptional benefits, including medical, dental and vision, FSA
• 401k with company matching up to 4%
• Generous vacation policy
• Remote-first & hybrid work philosophies
• A hybrid work schedule (2 days in office & 3 days work from home) (Note: If the position is designated as REMOTE it will stay REMOTE)
• Modern open office in beautiful San Mateo, CA; Los Angeles, CA; San Diego, CA; Austin, TX and Dallas, TX
• Subsidized gym membership
• Catered, free lunches
• Parties, picnics, and wine-downs
• Free parking
  
  

We take your privacy very seriously. Please review our privacy policy to see exactly how we protect your information here

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.

Notice to Recruiters/Staffing Agencies

• Recruiters and staffing agencies should not contact Apixio through this page. All recruitment vendors (search firms, recruitment agencies, and staffing companies) are prohibited from contacting our hiring manager(s), executive team members, or employees
• We require that all recruiters and staffing agencies have a fully executed, formal written agreement on file
• Apixio receipt or acceptance of an unsolicited resume submitted by a vendor organization to this website or employee does not constitute an actual or implied contract between Apixio and such organization and will be considered unsolicited and Apixio will not be responsible for related fees
  
  

LI-RB1