Information Security Officer

  • Full-time

Company Description

At Spear, our mission is to help dentists and their teams pursue and achieve “Great Dentistry.” Spear drives dental practice growth by advancing our clients clinical skills, improving their practice management capabilities and enhancing the patient experience by leveraging both our deep dental expertise and our technology forward solutions. We offer holistic solutions that include a full learning management system, a practice consulting service supported by a robust analytics platform and industry experts, and patient engagement tools that complement the normal workflows within a dental practice. In addition, we deliver live, collaborative education led by the brightest clinical and business minds in dentistry through virtual seminars and events, as well as through hands on learning opportunities at our state-of-the-art campus in scenic North Scottsdale. Discover how you can join our diverse and talented team and make an impact at one of the most dynamic companies in Arizona.

Job Description

The Security Officer is responsible for developing and executing Spear’s security strategy and road map, ensuring all tools, policies and procedures are in adherence to industry best practices for information governance and controls.  

Role Summary: 

Policy and Procedure 

  • Design and oversee information security program 
  • Ensure appropriate IT operational standards and controls are in place to guarantee the confidentiality, integrity, and availability of all information technology assets  
  • Create and maintain Mobile Device Management (MDM) policy and monitor for compliance 
  • Create and maintain secure code review policy and monitor for compliance 
  • Create and maintain Data Loss Prevention (DLP) policy and monitor for compliance 
  • Create change management policy and monitor for compliance 
  • Develop and maintain disaster recovery and business continuity strategies 
  • Works with business owners to create Business Impact Analysis, establishing Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for each application in scope 
  • Establish Business Continuity Plan to ensure continuous operation in the event of a technology or facility failure 

Security 

  • Protect network infrastructure and critical applications through the implementation of security controls and countermeasures 
  • Perform annual penetration testing, remediating all critical and high findings 
  • Run periodic vulnerability scans, remediating all critical and high findings 
  • Strengthen data loss protection (DLP) and fraud prevention. 
  • Create and operationalize a cyber incident response plan 
  • Perform forensic investigations on incidents 
  • Further develop cyber intelligence capabilities to raise awareness of attacks 
  • Ensure highly capable intrusion detection and prevention 
  • Provide strong endpoint security 
  • Work with Human Resources to maintain compliance with security training program and a strong “human firewall” 
  • In coordination with Director of Enterprise Applications and Architecture, develop and enforce a security architecture and process that ensures consistent application of protections across technology assets. 

Governance Regulatory and Compliance (GRC)  

  • Ensure compliance with industry regulations within Spear’s scope such as HIPAA, PCI-DSS. 
  • Select and implement an information security management standard such as NIST or ISO 27001. 
  • Ensure a high standard for data privacy such as SOC 2, CCPA and GDPR is met  

Qualifications

  • 5+ years in an IT Security role in an organization of similar size and scope as Spear Education 
  • Bachelor’s Degree required
  • Proven ability to create an information security program almost from scratch
  • Highly skilled in assessment of existing security features and posture, gap identification, gap closure planning and execution
  • Experience working with Amazon Web Services and SaaS technologies in an environment that is heavy on cloud solutions and distributed workforce required
  • Familiarity with an information security framework, such as ISO27001 or NIST
  • Experience with PCI-DSS, HIPAA and working with Firewall and Identity Access Management technology 
  • Proven ability to assess cybersecurity posture and work with partners to identify issues
  • Familiarity with Intrusion Detection and Incident Response
  • Strong ability to work as a sole contributor, working through other departments to make necessarily changes to systems and software
  • Experience with Meraki preferred 

Additional Information

What Spear Offers

  • Beautiful Facility
  • Company Sponsored Events (Think costume contests, holiday parties and 5k’s!)
  • 24 Hour Onsite Gym
  • The Most Amazing Coworkers Around
  • Spear Cares
  • Final 30 (A great way to wrap up a productive week!)
  • Great work/life balance
  • Regular Townhalls and CEO Lunches
  • Career Development Pathways
  • Flexible Time Off plus Spear Holidays
  • And much more!

All your information will be kept confidential according to EEO guidelines.