I am...

About BHI:

​

BHI is a pioneering healthcare analytics company at the forefront of AI innovation in healthcare. We are the analytics partner for Blue Cross Blue Shield plans nationwide, and our transformative solutions impact cost, quality, and outcomes from tens of millions of Americans. Our unparalleled data gives us the opportunity to drive insights into healthcare delivery.

​

Our team is comprised of passionate healthcare, analytics, and data engineering experts who have invested years solving the problem of turning healthcare data into insights that can drive value. We partner with BCBS Plans both nationally and locally to use these insights to drive solutions that create measurable value across the healthcare continuum. Working with these plans, we’re uniquely positioned to deploy AI solutions at a scale across the nation’s largest healthcare system. Join us as we help improve healthcare for all

​

Position Summary

​

The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO leads efforts to develop and enforce security policies, manage risk, ensure regulatory compliance, and implement best practices in cybersecurity across the organization. The CISO will also be responsible for providing strategic leadership for our on-premises, hybrid, and cloud-based infrastructure, ensuring alignment with industry best practices and regulatory requirements.

​

CISO will be directly reporting to the Chief Technology officer and works closely with the BHI’s executive leadership and CEO, as well as BCBSA and BHI’s customers, to ensure security and our infrastructure initiatives align with business objectives and regulatory requirements while proactively addressing emerging threats.

• Oversee our security engineering and compliance functions within our technology division
• Develop and implement cloud security strategies to ensure secure deployment, monitoring, and management of cloud-based infrastructure (AWS, Azure, GCP).
• Collaborate with IT infrastructure teams to ensure network security, endpoint security, and data protection controls are effectively implemented.
• Manage cloud identity and access management (IAM) policies, ensuring least privilege access principles are enforced.
• Implement, and manage an enterprise-wide information security strategy and roadmap aligned with business objectives.
• Provide leadership and direction to the cybersecurity team and collaborate with business units to embed security best practices across the organization.
• Lead the development and enforcement of policies, procedures, and standards to ensure compliance with regulatory requirements (e.g., HIPAA, HITRUST, ISO 27001, NIST, PCI-DSS, SOC 2).
• Conduct regular security risk assessments and oversee remediation efforts to address vulnerabilities and compliance gaps.
• Ensure responsible AI governance by implementing ethical guidelines and compliance measures for AI-driven security solutions.
• Manage security audits and assessments, ensuring proper governance models are in place to meet industry standards.
• Establish metrics and reporting frameworks to communicate risk posture and security performance to the board of directors and executive leadership.
• Establish a Security Operations Center (SOC) to monitor, detect, and respond to security threats in real-time.
• Lead the organization's incident response strategy, including investigation, containment, and recovery from security breaches.
• Collaborate with legal, HR, and other business units to support forensic investigations and legal proceedings related to security incidents.
• Oversee security evaluations of third-party vendors, partners, and service providers to ensure adherence to security policies and compliance requirements.
• Manage contracts and service-level agreements with Managed Security Service Providers (MSSPs) and other security vendors.
• Oversee out SRE, Infrastructure, Application Administration, and desktop/system support functions within our technology division
• Lead the design, implementation, and maintenance of a highly available, scalable, and resilient infrastructure.
• Develop and execute an infrastructure roadmap that aligns with business and technology goals.
• Oversee cloud and on-premises infrastructure, ensuring cost optimization, performance, and reliability.
• Partner with development teams to drive best practices in infrastructure design and cloud-native architecture.
• Maintain and improve Infrastructure as Code (IaC) practices using Terraform, CloudFormation, or similar tools.
• Work closely with engineering teams to embed AI models into application workflows for improved performance, scalability, and cost
• Define and implement SRE best practices to ensure system reliability, observability, and performance.
• Own the developer experience agenda and partner with engineering leaders to implement best practices and tool like DevOps, CI/CD, and other Gen/AI tools along with implementation of DORA metrics
• Establish Service Level Objectives (SLOs) and Service Level Indicators (SLIs) to measure and improve system health.
• Develop automated monitoring, alerting, and incident response processes to reduce Mean Time to Detect (MTTD) and Mean Time to Resolve (MTTR).
• Enhance system performance and capacity planning through proactive scaling and resource optimization.

Required Qualifications:

​

• BS in Computer Science, Engineering, Cybersecurity or a related field
• Minimum of 10+ years of experience in information security and infrastructure with at least 5 years in a senior leadership role.
• Minimum of 5+ years of experience in developing and implementing SRE functions to manage both On-Prem and Cloud infrastructure including FinOps Management, DevOps, CI/CD, System engineering.
• Extensive experience in cybersecurity strategy, risk management, and governance frameworks.
• In-depth knowledge of security regulations, compliance frameworks, and industry standards (HIPAA, HITRUST, NIST, ISO 27001, PCI-DSS, SOC 2).
• Strong hands-on experience in securing enterprise infrastructure, including networks, cloud platforms (primarily AWS), data centers, and endpoint security solutions.
• Expertise in security technologies, including SIEM, EDR/XDR, vulnerability management, intrusion detection/prevention systems (IDS/IPS), and next-gen firewalls.
• Proven experience designing and implementing security controls in cloud environments, containerized applications, and DevSecOps workflows.
• Knowledge of networking (TCP/IP, load balancing, DNS, VPNs) and infrastructure security best practices.
• Demonstrated ability to manage security incidents, forensic investigations, and threat intelligence programs.
• Experience leading large-scale security transformation projects and security operations center (SOC) initiatives.
• Deep understanding of IAM solutions, Zero Trust Architecture, micro-segmentation, and data loss prevention (DLP) strategies.
• Experience managing cybersecurity budgets, vendor relationships, and security investments.
• Excellent communication, leadership, and stakeholder engagement skills, with the ability to translate technical security risks into business terms.

​

Preferred Qualifications:

​

• Industry certifications such as CISSP, CISM, CISA, GIAC, CCSP, or CRISC highly desirable.

The actual salary an employee can expect to receive, plus bonus pursuant to the terms of any bonus plan if applicable, will depend on experience, seniority, geographic location, and other factors permitted by law. To review benefits, please visit https://bluehealthintelligence.com/about-bhi/careers/

​

Base salary range: 220k - 275k

​

Equal Employment Opportunity It is the policy of BHI to provide equal employment opportunity and advancement opportunities to all colleagues and qualified applicants for employment without regard to race, color, religion, national origin, sex, age, disability, sexual orientation, gender identity, or any other classification protected by the federal, state or local laws.

About Helion

​

We are a fusion power company based in Everett, WA, with the mission to build the world's first fusion power plant, enabling a future with unlimited clean electricity. Our vision is a world with clean, reliable, and affordable energy for everyone.

​

Since Helion's founding in 2013, we have raised over $1 billion from long-time investors such as Sam Altman, Mithril, and Capricorn Investment Group and new investors SoftBank and Lightspeed to propel us forward. Our last prototype, Trenta, completed 10,000 high-power pulses and reached plasma temperatures of 100 million degrees Celsius (9 keV). Now, we're turning up operations for Polaris, working towards delivering the world's first fusion power plant.

​

More than ever, it's a pivotal time to join us and have the opportunity to solve real challenges to create a better energy future. You will see first-hand how we value urgency, rigor, ownership, and hard truths, knowing it will take each to do what no one has before. Joining us, you will push the boundaries of what's possible and transform humanity for the better - because the world can't wait.

• Lead our Information Technology & Security org: Manage a team of diverse disciplines to foster a collaborative and service-oriented culture. Provide thought leadership and collaborate with our executives to craft and execute a comprehensive strategy aligned with Helion’s business objectives, budget, and priorities.
• Own IT Operations and Infrastructure: Oversee all day-to-day IT operations and projects to ensure optimal performance and reliability of all systems and services. Coordinate with external vendors and service providers to manage contracts and procurement processes. Manage and maintain our IT infrastructure, documentation, and operating procedures to optimize for quality, speed, and scalability.
• Evolve our Programs as we Scale: Consistently improve and implement procedures and best practices to ensure reliable and secure operations that adapt as Helion grows and changes over time. Design organizational structure and champion culture that balances robust reactive processes with proactive planning.
• Build out our Cybersecurity Practices: Evaluate and advise on our needs for developing and implementing a comprehensive cybersecurity program to protect company assets from internal and external threats. Apply a security-minded lens to all Helion’s technology practices and ensure compliance with relevant regulations and standards. Lead incident response efforts to plan for and manage the resolution of critical issues.

Required Skills:

​

• Bachelor’s degree in Information Technology, Computer Science, or a related field, or equivalent experience
• 10+ years of experience in Information Technology with 5+ years of experience with project management, managing direct reports, growing teams, and in-house IT operations.
• Experience with ITSM frameworks, practices, and certifications such as ITIL, CISSP, or CISM
• Strong understanding of IT infrastructure, including networks, servers, storage, and cloud technologies.
• Experience in establishing and managing cybersecurity teams and implementing security best practices, frameworks, standards, and regulations.
• Experience making data-driven decisions to build IT strategies and scale programs during times of growth.
• Prior experience working in a startup environment, demonstrating adaptability, resourcefulness, and a hands-on approach to technology management.

Compensation and Benefits

​

At Helion, we are committed to fostering a fair and equitable environment in every aspect of our operations, including compensation. We ensure all our roles are competitively benchmarked and our total compensation package includes a base salary, comprehensive benefits, and equity grants, giving you a true stake in Helion's success. Final compensation is determined through a holistic evaluation of your experience, qualifications, and our commitment to maintaining internal equity, ensuring fairness and transparency across our teams.

​

This is an exempt salaried role.

​

Annual Base Pay

​

$201,000 - $242,000 USD

​

Benefits

​

Our total compensation package includes benefits, including but not limited to:

• Medical, Dental, and Vision plans for employees and their families
• 31 Days of PTO (21 vacation days and 10 sick days)
• 10 Paid holidays, plus company-wide winter break
• Up to 5% employer 401(k) match
• Short term disability, long term disability, and life insurance
• Paid parental leave and support (up to 16 weeks)
• Annual wellness stipend

​

NOTE: Underrepresented people are less likely to apply unless they meet 100% of the job's requirements. We believe in hiring people, not checklists, and encourage you to apply even if you do not check all of the boxes. If this job isn't the one, we have many other openings that may be a fit.

​

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. If we reach out to you to begin an interview process, we will also ask if you require any reasonable accommodation at that time.

Job Summary

​

The Director of Information Security is a critical member of Vista Technology team, responsible for leadership across Security Operations, Security Engineering and Security Architecture. The Director of Information Security must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting. The Director of Information Security coordinates the IT organization's technical activities to implement and manage security infrastructure, and to provide regular status and service-level reports.

​

The Director of Information Security is a leadership role that requires an individual with a strong technical background, as well as an ability to work with the technology organization and business management to align priorities and plans with key business objectives. The Director of Information Security will also be responsible for working with business and IT stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility, and performance.

​

This individual will have a diversified background of IT & functional experience, demonstrated project management acumen and excellent vendor management skills, be a strong people leader, in addition to a holistic, service-oriented approach to information security management. In strong partnership with the Vista Technology Leadership Team, this role contributes to the development and execution of the overall technology strategy and ensures its alignment with Vista Equity’s business strategy.

​

This role will report directly into the Chief Information Security Officer (CISO).

​

This role can be located in Austin, TX or New York, NY.

• Responsible for providing information assurance for digital information, ensuring its confidentiality, integrity, and availability.
• Oversight of and hands-on involvement in various security operations domains including but not limited to: Asset Inventory, Threat Intelligence, Identity and Access Management, Threat and Vulnerability Management, Security Awareness, Data Loss Prevention, Security Monitoring and Incident Response.
• Responsible for countermeasure planning, architecture, deployment, and enhancements in accordance with the requirements of the risk analysis of individual systems/applications/processes, and data classification
• Work closely with Technology Infrastructure, Data Engineering, Application Development and other non-Technology lines of business to assist with security considerations during decision-making.
• Responsible for devising security architecture requirements, threat modeling, and performing security architecture reviews.
• Support information system life cycle activities and ensure system security measures comply with applicable policies.
• Research and analyze security event data and perform complex incident investigations to identify potential security incidents and next steps
• Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
• Conduct reviews and tech inspections to identify and mitigate potential security weaknesses, and ensure all security features applied to a system are implemented and functional
• Develop and keep up to date security KPIs and dashboards to measure the effectiveness of security programs, processes, controls and countermeasures.
• Maintain knowledge of current security trends and be able to clearly communicate them to the team and to other employees to encourage secure culture across the firm.
• Monitor public security advisories and alerts for information related to the corporate technology environment

Required Qualifications

• Bachelor's or master's degree in computer science, information systems, business administration or related field, or equivalent work experience.
• 5+ years of progressive experience as a Cybersecurity professional working within an enterprise environment (Prefer Azure Experience)
• 5+ years of hands-on experience implementing, administrating and operating information security technologies such as firewalls, IDS/IPS, SIEM, Antivirus
• 2+ years of experience managing a team
• Proficiency with scripting (PowerShell, python, etc.), automation, and APIs
• Ability to read and understand code
• Advanced knowledge of regulatory compliance including, but not limited to OWASP, ISO, PCI-DSS, and NIST
• Hands-on experience implementing, administrating and operating technologies such as network traffic analyzers and malware analysis
• Advanced knowledge of the TCP & UDP IP protocol suite and related security architectures
• Ability to show discretion and poise in all situations
• Ability to treat sensitive/confidential information appropriately
• Strong sense of urgency, adaptability, flexibility, and resourcefulness
• The ability to function professionally under pressure, while managing multiple concurrent projects and deadlines
• Must possess personal tact, discretion, and good judgment. Excellent interpersonal, written, and verbal communication skills
• Afterhours availability and travel are required on occasion
• CISSP, GSEC, CEH, Security+ or similar information security certification

​

Preferred Qualifications

• Experience practicing Cybersecurity in the Financial Industry

The annualized base pay range for this role is expected to be between $220-250K. Actual base pay could vary based on factors including but not limited to experience, subject matter expertise, geographic location where work will be performed and the applicant's skill set. The base pay is just one component of the total compensation package for employees. Other rewards may include an annual cash bonus and a comprehensive benefits package.