View Our Website View All Jobs

Information System Security Officer

Information System Security Officer (ISSO)

Welltok is pioneering health optimization by connecting consumers with the right programs and resources to optimize their health and reward them for healthy actions and behaviors. Its CaféWell health optimization platform empowers users with personalized activities that are designed to drive healthy habits and active lifestyles. Welltok Ranked #1 in Colorado, #278 Nationwide on Deloitte's 2017 Technology Fast 500. Be part of something big and join our smart, passionate team in changing the way consumers engage in their health.

Welltok’s ISSO is a critical role on the Welltok Security & Compliance team.  As an ISSO, you will be responsible for assisting the Director of Security & Compliance in coordinating and managing the Welltok Security & Compliance program across Welltok business units.  Successful ISSO’s must have a broad range of business management and technical security skills.  Possessing a background in the development and subsequent enforcement of security policies and procedures, security awareness programs, business continuity and disaster recovery plans, IT auditing and assessment, security incident management and response, risk management, and managing industry and governmental compliance is critical.  


  • To identify, quantify, prioritize, and manage risks against criteria for risk acceptance and objectives relevant to Welltok and its business units.
  • Assist the CISO and Director of Security & Compliance with the development, communication, and maintenance of security policies, standards, guidelines, processes, and procedures.
  • Ensure that Welltok and its business units have established policies and procedures for the classification of information and that it is in compliance with laws, regulations, statutes, state policies, and best practices.
  • Ability to conduct independent reviews and assessments to ensure the continuing suitability, adequacy, and effectiveness of Welltok’s approach to managing information security.
  • Manage enterprise vulnerability management program through continuous scanning, providing technical guidance to system owners, and reporting on vulnerability remediation activity.
  • Assist the CISO and Director of Security & Compliance with the development and enforcement of policies, standards, processes, and procedures related to personnel practices for information security management and awareness training through the established governance structure.
  • Work with management and technical teams to develop remediation plans in response to identified audit and security issues including development and oversight of project plans to verify that issues are remediated.
  • Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
  • Research, develop, implement, test, review, operate and maintain all operational security solutions, to include vendor updates and upgrades, health and performance monitoring, and configuration management for false positive/false negative reductions and new threat detection/prevention capabilities.
  • Assist with monitoring security incident and event management (SIEM) and logging environments for security events and alerts to potential (or active) threats, intrusions, and/or compromises.
  • Manage detailed operational process and procedures to appropriately analyze, escalate, and assist in remediation of critical information security incidents.
  • Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
  • Assist the CISO and Director of Security & Compliance with overseeing compliance with Welltok policies, standards, guidelines, processes, and procedures regarding network security management, documented operational procedures, change controls, proper segregation of duties, and protected production environment.
  • Ensures internal policies, standards, guidelines, processes, and procedures are in place to allow access of information to those individuals authorized to have it.
  • Recommends and participates in the selection and development of physical and environmental controls to ensure the protection of Welltok assets and evaluates the effectiveness of such controls.
  • Participate in the development and maintenance of internal policies, standards, guidelines, processes, and procedures for the collection of security requirements, approval of project-related documents, change control, technical review, independent application security testing, developer security testing, and the protection of system test data and program source code.
  • Assisting with other security and compliance duties as needs as they arise.

Required Knowledge & Skills

  • BA/BS with preferred degree in Computer Science, Information Systems, Business, or equivalent combination of education and work experience
  • Minimum of 5-7 years’ experience in information security management and operations with additional experience in other IT, engineering or software development disciplines
  • Have a working knowledge of IT infrastructure, cloud computing security practices and the ability to communicate security technical architectural and application design concepts
  • Vulnerability scanning, security assessment, and application security testing experience (i.e., nmap, Nessus, NeXpose, BurpSuite, etc.)
  • Experience with SIEM or logging products such as Splunk or LogRhythm
  • In-depth knowledge with intrusion detection/prevention tools and managing incidents per an IR Plan
  • Working knowledge with protocol analyzers (Sniffer, Ethereal/Wireshark)
  • Requires a passion for information security and data security
  • Requires experience with Linux, Windows and Network Operating Systems
  • Requires critical thinking and problem solving skills
  • Strong building trust and building rapport competencies a must
  • Strong communication and presentation skills imperative to the success of this role
  • Working knowledge of security frameworks (HITRUST CSF, COBIT, ITIL, ISO 27001)
  • Knowledge of information security related to regulatory compliance (e.g. SOX, GLBA, HIPAA/HITECG, PCI, ISO, etc.)
  • Preferred candidates will have one or more technical security certification (e.g. GSEC, GIAC, GCIH, GPEN)

or other security specific vendor/product certifications
Read More

Apply for this position

Apply with
Attach resume as .pdf, .doc, .docx, .odt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file