Chief Information Security Officer (CISO)

Description

Navina is a fast-growing digital health SaaS company that aims to enhance the primary care experience by transforming how physicians interact with patient data. Our proprietary AI models are specifically designed to understand the language of primary care, transforming complex and fragmented patient data into a concise “patient portrait" and actionable clinical insights at the point of care. This allows physicians to get the full picture of their patients and act on their health status instantly and accurately. Built by physicians for physicians, our AI platform reduces physician burnout, while helping healthcare organizations thrive in value-based care. Thousands of clinicians across the United States use Navina’s AI-powered clinical intelligence solution to improve preventative care, reduce missed diagnoses, and reclaim time with their patients.

Navina has been named one of the Top 100 AI companies globally by CB Insights and made the list of the Top 50 Digital Health startups. We are already working with industry-leading health systems and value-based organizations including Privia Health and Agilon.

As the Chief Information Security Officer (CISO) at Navina, you will be responsible for developing and implementing a comprehensive cybersecurity strategy that safeguards our digital assets, ensures regulatory compliance, and fortifies our defenses against evolving cyber threats. You will also be in charge of our IT team and infrastructure.

You will collaborate closely with leadership, engineering, legal, and compliance teams to establish a security and privacy-first culture across the organization. Your expertise in healthcare security, risk management, and compliance will be instrumental in maintaining trust with our customers, partners, and stakeholders.

Responsibilities

• Develop and execute a security strategy: Align information security programs with business objectives, regulatory requirements, and industry best practices.
• Support the sales teams and talk to our customers, assuring the compliance and security of our company and products.
• Ensure compliance with industry standards such as SOC2, ISO, HITRUST. Oversee and manage compliance efforts, including risk assessments, audits, PTs, and certifications.
• Lead risk management initiatives: Conduct regular risk and vulnerability assessments to identify, assess, and mitigate privacy and cybersecurity threats.
• Implement security policies and controls: Develop and maintain security policies, standards, procedures, and guidelines to protect sensitive healthcare data.
• Monitor and respond to security incidents: Oversee security event monitoring, incident response, and forensic investigations, ensuring swift and effective mitigation of threats.
• Secure cloud environments: Work closely with DevOps and engineering teams to implement security controls for on-premises and cloud-based infrastructures (AWS, Azure, etc.).
• Enhance security awareness: Conduct training programs to educate employees on cybersecurity best practices and data protection requirements.
• Collaborate with external partners: Manage relationships with regulatory agencies, auditors, and third-party security vendors.
• Report security risks to leadership: Provide regular updates on the organization’s security posture to executive leadership and the board.
• Develop and mentor IT and security teams: Build and lead a high-performing IT/Helpdesk and cybersecurity team to support the company’s security objectives.

Requirements

• Deep expertise in cybersecurity frameworks, risk management methodologies, and regulatory requirements, particularly SOC2, ISO, HIPAA, and HITRUST.
• Proven experience implementing and maintaining security programs, preferably in healthcare or other highly regulated industries.
• Strong understanding of cloud security, identity and access management, encryption, and network security technologies.
• Hands-on experience with SIEM, IDS/IPS, endpoint protection, vulnerability management, and incident response solutions.
• Ability to assess and manage third-party risks, ensuring vendor security compliance.
• Exceptional leadership, communication, and stakeholder management skills.
• Ability to translate technical security concepts into business language for non-technical stakeholders and business needs to technical requirements.

Qualifications

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• Professional certifications such as CISSP, CISM, CISA, or HITRUST CCSFP are highly desirable.
• 8-10 years of experience in information security, with at least 3 years in a leadership role.
• Demonstrated success in managing security compliance initiatives in healthcare or similar regulated environments.
• Must have excellent oral and written communication skills in both Hebrew and English.

Why Join Navina?

At Navina, you will have the opportunity to shape and lead the company’s security vision in a rapidly growing healthcare technology startup. Your work will directly impact the safety and integrity of critical healthcare data, contributing to our mission of improving patient care through technology. If you are a strategic leader passionate about cybersecurity and compliance in healthcare, we want to hear from you!

Join us in safeguarding the future of healthcare technology!