VP, Product Security

Job Description: The VP, Product Security will lead a group of Product and Application Security professionals to build and maintain an effective Product Security Program and Secure Development Lifecycle at NextGen Healthcare. The ideal candidate will collaborate closely with Product and R&D teams to define and partner on appropriate security controls across NextGen products and platforms, including NextGen SaaS offerings and platforms. This team will work as trusted technical and process advisors in our areas of specialty to inform strategy and the future direction of Information Security inside NextGen, in various product and services offerings, and across NextGen customer related discussions. This team will also have responsibility for selection, acquisition, design, development and implementation of new tools, solutions, functionality, and frameworks that include people, process, and technology components.

Build and lead a high performing Product Security team and drive efforts to address internal, external, and emerging application security risks throughout the organization. Develop key partnerships with executive leadership, engineering, and product teams to enhance the organization's security program, including customer MFA strategies. Assess, design, implement, automate, and document security solutions and processes for K8s, and Cloud environments. Leverage Agile methodologies to design, develop and deliver application security strategy, throughout the CI/CD lifecycle, including but not limited to the operating model, staffing and execution plans as needed. Implement "security as code" using cloud services and CI/CD components and integrations. Work with the Software Engineering teams to ensure that application security risks are effectively identified using market leading tools such as SAST, DAST, SCA etc., and appropriately with the right balance between security and operations, including security for Mobile applications. Build and run a Security Champions program to integrate security culture into the software development operational cadence. Be a product security evangelist who can translate security concepts into language that is meaningful to varying audiences, including business and technical leaders. Integrate new and existing security tools, standards, and processes into the development life cycle, including static analysis and runtime testing tools. Conduct business level security architecture assessments to evaluate existing security program and cloud application architecture, identify weaknesses and make recommendations. Ensure appropriate developer security awareness, culture, and mindset through a variety of outreach programs. In partnership with Software Engineering and Product teams, design, implement, and maintain a Secure Development Lifecycle as part of the organization's SDLC. Manage security assessments, penetration testing, and bug bounty programs to ensure the continuous security oversight of the NextGen Healthcare environment, platforms, and applications. Lead the team in the development and evolution of security roadmaps, embodiment of strategic plans, understanding controls and process gaps, providing architectural vision, and enabling the larger information security team. Working closely with business groups and the engineering manager, this role will enable the architects to define and deliver innovative architectures to support the continued maturity growth and efficiency of NextGen's information security services. Ensure applications, networks, systems and Cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC 2, ISO 27001, HITRUST requirements and the NextGen Information Security Policy. Other Key Management Responsibilities: Hire, grow and retain team members to expand the team and its capabilities within the organization. Perform assessments of security tools, vendors, and solutions to support information security roadmap initiatives Act as an advocate for mentoring and technical career growth in the information security organization Act as a liaison with other internal NextGen teams or driving new capabilities, product investments, and research to fill coverage gaps. Provide assistance and guidance to Sales and Support teams across various customer engagements. Regularly provide key performance and risk indicator metrics for management visibility into the status, health, and maturity of the Information Security Program at NextGen. Perform other duties that support the overall objective of the position. Required Experience/Skills & Education: Extensive background in Product Security management and implementation in an Agile and CI/CD environment leveraging Cloud architecture and technologies (AWS primarily but including Azure). Technical experience with design and implementation of security containers, including Kubernetes. Minimum of 8 years progressive experience in an information security management role, with an emphasis in one or more of the following areas:Security Architecture, Security Engineering, Security Product Management, Software Engineering. Demonstrated understanding of Software Engineering and Development technologies, methodologies, and implementations. Minimum of 7 year's management experience leading high visibility/impact functions, including the management of senior technologists and architects. Strong background in ensuring secure application development, from front-end sites, API layers, and data management layers. Technical experience with various authentication schemes, SAML integrations, federation of trusts, etc. Strong background in securing SaaS platforms, and other multi-tenant, Cloud-architected environments. Extensive background in information security services and operations and the people, process, and technology components that make them successful. Significant experience in fulfilling business needs through the development of solutions through well-organized processes. Experience in client-facing discussions with new and existing customers to discuss security controls and implementations. Significant Service Management and or vendor management experience. Must be able to communicate at a technical and business level and be a bridge between the two. Appropriate certifications a plus. The company has reviewed this job description to ensure that essential functions and basic duties have been included. It is intended to provide guidelines for job expectations and the employee's ability to perform the position described. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate. This document does not represent a contract of employment, and the company reserves the right to change this job description and/or assign tasks for the employee to perform, as the company may deem appropriate. NextGen Healthcare is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

#J-18808-Ljbffr