Summary:

Emme is looking for a highly motivated Security Engineer to join our mission of putting women’s health in women’s hands. At Emme, we are committed to ensuring that all of our member’s data is protected and that our work complies with data protection legislation. We’re seeking a Security Engineer to help us improve our data management, refine our risk management policy and framework, carry out regular internal security audits, and act as the main point of contact between Emme, data protection authorities, and our healthcare partners. Our ideal team member will have excellent organizational, communication, and management skills, and the ability to lead training sessions and workshops with members of staff related to data security. This senior position will interface directly with other team members and there will be a high degree of both freedom and responsibility as we all problem-solve together to create empowering solutions.

Company Overview:

We are a group of ambitious engineers, passionate feminists, and fierce advocates, working together to make healthcare what it should be for millions of women — seamless, connected, and decided by her. At Emme, we combine our strengths to create physical, digital, and user-centered experiences that close the loop on women’s health.

At Emme, we are proud to foster a workplace free from discrimination. We strongly believe that diversity of experience, perspectives, and background is critical for creating a positive environment for all employees and leads to stronger outcomes and better products for our customers.

The Job:

  • Establish a path towards achieving HITRUST compliance
  • Develop a formalized enterprise risk management program and a risk governance assessment framework.
  • Collaborate with the development team to develop a security policy.
  • Complete and confirm all multi-factor authentication levers internally and externally.
  • Create an Incident and Event Response Plan, which includes 24/7/365 monitoring, process development, and team training. ICRP also needs to include breach notification requirements, testing, and a formal incident management policy.
  • Develop a plan and process for unused services on devices storing scoped data.
  • Publish a network security policy that includes network security requirements.
  • Set up security and hardening standards for network devices. To include firewall, switches, and routers. Also to include an intrusion prevention and detection system.
  • Publish a plan that details unauthorized acquisition and use of disclosure for client PHI.
  • Develop and schedule network vulnerability assessments and penetration tests on web-facing applications.
  • Develop a data loss prevention program and plan for team training.
  • Review WAF solutions and determine the best solutions for protecting web applications.
  • Create and nurture a culture of high performance, continuous improvement, and ongoing individual, team, and company growth.
  • Positively contribute to company culture by bringing a dynamic, adaptive, energetic personality, and be ready to change the world in a high-paced startup environment.
  • Passionate about creating a better future for women’s health with deep care for customers and a commitment to having a strong, positive impact on their lives.

Required Experience:

  • Minimum of 5+ years experience working in data protection compliance or a related field.
  • B. Sc. in computer science or equivalent.

Desired Qualifications:

  • Experience with developing data protection programs and policies.
  • Experience within a legal, audit, and/or risk function department.
  • Experience with security audits and compliance requirements in the US.
  • Experience with Android and iOS and with the particularities of developing for both (nice to have).
  • Experience with privacy-focused apps, websites, and services.
  • Experience in team training programs.
  • Strong project management skills.
  • Embraces ambiguity, prioritizes efficiently, communicates early, and ultimately gets it done.
  • Excellent verbal and written communication skills, with strong attention to detail.
  • Ability to seek and give well-intentioned, real-time feedback with a constructive mindset in order for us all to improve.