Capsule is a new kind of pharmacy. One that is smarter, friendlier, faster and hand-delivers your medication, same-day, for free. We have a national presence and have raised over $500MM from the best healthcare and technology investors in the world. People succeed in our culture when they are intensely focused on our customers, are energized by accomplishing ambitious goals, and push themselves and their teammates to be their best. If this excites you, we’d love to have you join us.

As a key member of our team, you will be responsible for guiding and securing Capsule's code, infrastructure, and people. You will implement robust security measures, shape our security strategies and policies, and foster a culture of security awareness to maintain the trust of our clients and stakeholders.

Core Five:

Leadership and Strategy

Develop and implement a comprehensive security policy framework, oversee annual external security audits, establish continuous control monitoring processes, create customer assurance programs, conduct bi-annual risk assessments using vetted security methodology, and develop and deliver quarterly security training sessions for all employees.

Risk Analysis trade-off assessment

Lead comprehensive risk assessments using industry-standard security frameworks by evaluating potential business impact, blast radius, and reputational exposure while balancing the tradeoffs of customer experience, velocity and cost. Develop and implement actionable mitigation strategies for critical vulnerabilities, incorporating penetration testing findings into broader risk analysis processes.

Collaborate and Communication

Collaborate with IT/SRE/DEV teams to review and update Identity, Privilege and Access Management (IAM) policies quarterly, ensure compliance with data protection and security certification SOC, PHI, PII through annual audits.

Education and Awareness

Create and execute a company-wide security awareness program, including bi-monthly training sessions, monthly reports, and annual phishing simulations, with a focus on secure coding practices and OWASP Top vulnerabilities for application security.

Develop and deliver annual secure coding training for all developers, create and maintain a secure coding practices handbook, conduct quarterly secure code reviews for critical applications, and ensure all engineers and external contributors follow the secure software development lifecycle through regular audits and gate checks.

Responsibilities

Provide vision and leadership for developing and supporting initiatives in the areas of security policy, external security audits, continuous control monitoring, customer assurance, risk assessments, and security training.
Align security initiatives with business objectives and quantify how security supports or hinders them, building partnerships with key stakeholders to ensure security is viewed as an enabler.
Consult with senior technical leaders and engineers regarding their security requirements and drive mitigation efforts to reduce risk.
Provide a consistent and successful interface between all applicable stakeholders, including Engineering, Product, Procurement / Finance, and Operations.
Evangelize Capsule Security and values to staff, communicating as necessary to customers that Capsule is secure.
Maintain and manage the security risk register, consulting with senior leaders regarding their security risks and responsibilities in minimizing those risks.
Define and plan priorities and actions for security-related activities based on risk analysis.
Ensure compliance with legal and contractual security obligations.
Manage security incidents effectively.
Build and maintain relationships with software and hardware vendors and service providers.
Work directly with IT to ensure coherent Identity and Access policies, enforce data protection programs, and support security improvements as required.
Develop, measure, and develop security metrics for functional area performance and provide key performance indicators, operational metrics, and related reports.
Drive efforts to improve security awareness through education and training, particularly in the areas of application security and secure code development.
Grow skills in team leads and team members by creating training and testing materials and ensuring engineers and contributors from the wider community follow secure software development lifecycle practices.

Requirements

Bachelor’s degree in IT, Security, Computer Science, or related field
10+ years in working with SAAS / Cloud companies and technical leadership experience
Strong understanding of Identity Management (SSO, SAML, OAuth, etc.), API integration (REST), Cloud Infrastructure
Significant application and SaaS security experience in production-level settings
Candidates should be very familiar with common security libraries, security controls, and common security flaws that apply to Python, Java/Kotlin and Frontends both Browser Javascript/React/Node frameworks based frameworks as well as mobile native.
Experience with incident management
Proficient experience with software development and engineering domains such as data engineering, machine learning, distributed systems, and security engineering
Technical credibility: Significant experience in all domains of IT/SRE/Security/Development
Ability to understand, communicate and improve the quality of multiple teams
Proficient to be successful coordinating and driving results with remote and on-site engineers.
Humble, servant leader

What We Offer

The starting anticipated earnings for this position is between $215,000 and $260,000. Compensation packages include base pay and benefits

Comprehensive benefits package including medical, dental, and vision coverage
The opportunity to work alongside some of the brightest minds in healthcare and technology
The opportunity to execute on a high-impact mission, to build a pharmacy that works for everyone, within a $425 billion pharmacy industry touching 70% of Americans once a month

Capsule is committed to hiring the best team possible to build a pharmacy that works for everyone. We have a diverse set of problems to solve, and believe that we need a diverse set of perspectives to deliver the best possible solutions to those problems. We look for talent from a wide range of backgrounds - including but not limited to - race, age, sexual orientation, gender identity and expression, national origin, religion, disability, and veteran status.