Director of Security and IT

Thalamus

Thalamus

IT
Remote
Posted on Oct 5, 2024

About Thalamus

Our mission is to help the right doctors practice at the right hospitals to treat the right patients. We leverage a passion for technology, medical education, equity, and data-driven research to optimize physician recruitment, starting with the medical residency recruitment process.

Our philosophy is that the opportunity to practice medicine in an ideal environment should be accessible to all, and ample medical research has shown that this results in patients getting better healthcare outcomes overall. We built a comprehensive interview management platform, backed by evidence-based research, to innovate, streamline, and optimize the residency recruitment process.

Our cloud-based software is used by hospital program administrators and faculty to manage all the moving pieces involved with application review, scheduling, interviewing (including virtually), scoring, and ranking. We work with ERAS (the centralized application clearinghouse) and the NRMP (where the match algorithm does its magic). Applicants use Thalamus to sign up for interviews in real time (like OpenTable) and manage their calendars.

Thalamus was born out of our founders’ first-hand experience navigating this stressful and costly process during a particularly challenging interview season disrupted by Hurricane Sandy. Since then, the company has scheduled over 4M interviews for 350K+ physicians. Over 750 academic medical centers and hospital systems in the US & Canada — representing 7,000+ residency and fellowship programs in over 150 specialties — trust Thalamus to recruit their next generation of physicians.

With Thalamus's strategic collaboration with the Association of American Medical Colleges (AAMC) announced in April 2023, nearly all academic medical centers and all medical residency and fellowship applicants will use Thalamus going forward. We are the premier solution and experts in Graduate Medical Education (GME) recruitment. The company is backed by prominent VCs in Silicon Valley.

This is the critical phase in the life of a physician dedicated to the dream of practicing medicine. Every year, approximately 50,000 medical students apply, and 35,000 match, to become medical residents at hospitals throughout the US. We’re honored to play our role in this process.

Thalamus is hiring a Director of Security and IT to secure our information systems by overseeing cloud & application security as well as managing remote workforce operations. You will successfully secure the company’s Azure infrastructure, ensure application security is integrated into the development process, and maintain strong identity and access management. With your efforts, Thalamus will have a Zero Trust Architecture, a well-established incident response plan, and will pass security audits with minimal findings so we can continue delivering a seamless, world-class product and experience that empowers med students, residents, fellows, and physicians to be in the driver's seat for their careers, and that allows programs and hospitals to optimally match candidates to their needs.

You will:

  • Security

    • Oversee the security of cloud infrastructure, ensuring Azure configurations adhere to best practices (e.g., network security, encryption, monitoring)

    • Ensure security controls are embedded in the product development process (DevSecOps), working closely with development teams

    • Regularly conduct penetration testing and application security audits to identify and improve vulnerabilities in the codebase and applications

    • Oversee Identity and Access Management (IAM) systems, including Multi-Factor Authentication (MFA) and Single Sign-On (SSO), to control access to company systems and data

    • Implement a Zero Trust Architecture to enforce continuous verification of users and devices

    • Manage relationships with external security vendors to ensure continuous improvement of the company’s security posture

    • Develop and lead regular security awareness training programs to educate employees on cybersecurity best practices, especially regarding phishing, password management, and endpoint security

  • Incident Response

    • Maintain an Incident Response Plan, a Disaster Recovery Plan, and Business Continuity Plan, ensuring that the company can recover quickly from incidents or disruptions

    • Test and refine recovery procedures periodically to ensure readiness in case of cyberattacks or infrastructure failures including implementing preventative measures

  • Compliance

    • Work closely with the Director of Privacy and Compliance to align on and create security requirements necessary for compliance frameworks (e.g. SOC2, GDPR, CCPA) as well as privacy-by-design requirements in the product development process.

  • Internal IT

    • Manage all internal IT systems and tools, including hardware and software, ensuring they are secure, reliable, and scalable for a remote workforce

You should have:

  • A bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field

  • Minimum 8 years of experience in security and IT in a product technology or SaaS environment

  • Strong experience in cloud security (Azure preferred), including configuration management, encryption, network security, and monitoring

  • Strong analytical skills and experience conducting audits, assessments, and responses

  • Demonstrated experience in managing Identity and Access Management (IAM) systems, including MFA and SSO

  • Experience with DevSecOps practices by embedding security in the software development lifecycle

  • Proven experience in incident response, disaster recovery, and business continuity planning

  • Familiarity with compliance frameworks (SOC2, GDPR, CCPA) and working with privacy and compliance teams

  • Experience in incident management and partnering with legal teams on data breaches

  • Excellent communication and interpersonal skills, with the ability to engage and influence stakeholders at all levels

Bonus:

  • Health tech or GME industry experience

  • People management experience

The salary range for this position is $185,000 - $250,000 and a grant of stock options. Final compensation will be determined based on experience, skills, and geographic location.

#LI-Remote

#LI-LH1

Our Mission, Vision, and Strategy ...

Our Mission (what we're trying to accomplish):

To help the right doctors end up in the right hospitals to treat the right patients

Our Vision (why it matters):

  • To help doctors achieve their life dream of practicing medicine
  • To help hospitals serve their mission and their community
  • To help the broader healthcare system improve patient care

Our Strategy (how we're going to do it):

To use technology to fundamentally improve the process of helping match the right doctors to the right hospitals

Our Values ...

Bravery with Purpose: We are leaders. Thalamus was founded to challenge the status quo, no matter how ingrained a process might be. We take chances while calculating risk. Even when opportunities don’t go as expected we study our results and try again.

Imagination Optimized: Imagination requires knowledge; without knowledge there are only ideas. At Thalamus, we imagine and create optimized solutions for our team, partners, and customers. We are flexible in approach, efficient in process, and nimble in scope and scale. We encourage personal and professional learning, collaboration, and growth.

Genuine Collaboration: We are passionate about our work and how we do it. We support our team, partners, and customers with respect, integrity, and sincerity. We rely on each other to achieve our goals accurately and efficiently. We are a better company when we are a better team.

We are opportunistically equitable, so diversity, inclusion, and belonging can flourish.

Our Commitment ...

Thalamus is a mission-driven organization centered on the belief that our company should model what we want of the US healthcare system, that the diversity of providers aligns with patient populations. We believe this is best achieved by building a team with a diversity of backgrounds, cultures, and experiences, including “distance traveled.” Thalamus is an equal opportunity employer. We do not discriminate based upon race, religious creed, color, national origin, ancestry, physical or mental disability, medical condition, genetic information, marital status (including registered domestic partnership status), sex and gender (including pregnancy, childbirth, lactation, and related medical conditions), gender identity and gender expression (including transgender individuals who are transitioning, have transitioned, or are perceived to be transitioning to the gender with which they identify), age, sexual orientation, Civil Air Patrol status, military and veteran status, and any other consideration protected by federal, state, or local law. We encourage those who really want to make an impact and who exemplify our core values to apply for our open positions.

*This position is based in the United States, and you must be legally authorized to work in the United States.