• Head of Data Security, Privacy and Regulatory Compliance (CISO)

    Job Location(s) US-AZ-Phoenix
    Job ID
    Job Post Information* : External Company URL
  • Overview

    EXOS helps people perform at a high level so they can achieve what matters most to them. Since our founding in 1999, we’ve become a leader in proactive health and performance, trusted by more than 150 clients, including corporations, academic institutions, health systems, sports organizations, the U.S. military, community centers, and residential communities. With award-winning facilities and spaces, technology, equipment, and services, EXOS connects people to the solutions they need and provides individualized plans based on time-tested fundamentals and research in order to help people take control of their health and performance.


    EXOS has been leading the way in workplace wellness for over two decades, creating evidence-based employee wellness programs for global companies across a number of industries. Our employer solutions come to life through a combination of wellness services, technology, fitness facilities, and performance staff, and are always within reach — online, via mobile apps, and through in-person coaching. Company leaders, including many from fortune 500 companies, trust our solutions and services to improve the health and happiness of their workforce, as well as their return on investment.


    Head of Data Security, Privacy and Regulatory Compliance (CISO)


    At EXOS we are serious about Human Performance.  As we work towards our mission to upgrade lives we encounter and are responsible not only for the protection of our clients/user data, but we also operate in increasingly regulated industries and compliance is essential to our sustained future.  As such we need a strong leader to help us manage, enhance and revolutionize our existing approach to security, privacy and regulatory compliance.

    As our Head of Data Security, Privacy and Regulatory Compliance (CISO) you would be responsible for protecting the business from security threats by developing, implementing continuously improving our security / regulatory strategies and practices. You will lead the development and implementation of company strategy for Information Security, Cybersecurity, and Data Privacy Protection, including risk-based control objectives and technical architecture framework. You will collaborate with business leaders on all aspects of information security and compliance. The scope of this position spans the organization’s solutions and is not limited to technology, but does include software applications, infrastructure, data management, data integration and external vendor solutions. 


    EXOS believes that a strong cultural fit and passion for what you do is critical to our mission and is the key to your success. Would you be successful as our Head of Data Security, Privacy and Regulatory Compliance? We believe the answer is “yes” if the attributes below describe you at your best.


    • Aware of and supportive of business realities
    • Enjoy managing complexity and learning something new daily
    • Excited about managing and implementing change
    • Enjoy multitasking
    • Seeing yourself and your department as supportive to the business and not a roadblock
    • Excited to dive-in and get your hands dirty
    • Passionate about helping others
    • Enjoys and is eager to read and negotiate contracts both with vendors and clients alike

    Overall - you and your team will be responsible for:

    • Creating and implementing a strategy for the deployment of information security, data privacy and compliance practices and procedures including HIPAA and other regulatory matters
    • Managing complex GDPR compliance
    • Performing security risk assessments and reporting on ways to minimize threats
    • Monitoring security vulnerabilities and hacking threats in network and host systems
    • Tracking latest IT security innovations and keeping abreast of latest cyber security technologies
    • Implementing an effective process for the reporting of security incidents
    • Conducting investigations of reported security breaches
    • Developing strategies to handle security incidents and trigger investigations
    • Complying with the latest regulations and compliance requirements
    • Championing and educating the organization about the latest security strategies and technologies
    • Oversee the administration of all information security technology platforms, ensuring that technologies are optimally configured and maintained to provide maximum uptime and protection to the organizations’ information systems
    • Play a primary role in the selection of new information technologies
    • Oversee and directly participate in the installation, configuration, and monitoring of new information security technologies
    • Driving change projects and building new capabilities
    • Developing and implementing business continuity plans to ensure service is continuous when a change is introduced or a security breach occurs
    • Protecting the intellectual property of the organization at all times



    Professional Experience/Background to be successful in this role:

    • 7+ years proven experience having owned and/or influenced a company’s (or ideally multiple companies’) security, privacy and regulatory process and approach
    • Some experience with healthcare-specific information security policies, provisions, and definitions (e.g. HIPAA, PHI, Health Information Technology for Economic and Clinical Health (HITECH) Act, California’s Healthcare Data Privacy Laws)
    • Ability to build strong business relationships within those companies (the best reference checks will be P&L owners that you have partnered with!)
    • Experience in leading multiple significant implementations of policies, processes and associated audits related to privacy, security and regulatory requirements
    • Have strong security/privacy/regulatory connections within the industry and are ready to call upon them as needed
    • Strong awareness and knowledge regulations including, but not limited to the below is preferred:
      • HIPPA
      • GDPR
      • CAN-SPAM
      • PCI
    • Experience in international security, privacy and compliance
    • Understanding of not just the policy side but also the technical aspects of security, having implemented (or supported implementation) of security pipeline development processes and secure network implementations
    • Successfully have built, supported and managed vendor compliance management programs
    • Experience leading teams of two or more team members
    • Have worked with sales teams on positioning of security to encourage sales and/or adoption
    • Experience collaborating with legal organizations to support external inquiries and contracting needs
    • Creative thinking – able to look at alternatives and consider new ways of thinking to problem solve
    • Multi-tasking – can manage several concurrent projects and priorities demands
    • Strong customer focus – able to meet the demands of internal and external customers
    • A passion for technology and security safeguarding with a desire to deliver
    • Thrives on change, showing an impressive ability to drive the IT security strategy forward


    Our expectations of the person filling this role:

    • A true business partner
    • Can do / lean forward attitude to supporting the business, not ‘road blocking’
    • Thinking as a consultant - we do lots of things different ways
    • Practical and methodical approach to development and implementation of policies, procedures and safeguards
    • Communicate in a fashion that is respectful, clear and well understood
    • Strong ability to communicate clearly with senior management
    • Strong prioritization skills / great management and reporting skills
    • Flexible and adaptable to changing priorities while keeping your eye on the prize


    Additional Preferred Experience: 

    • In domain, consulting experience for multiple companies in multiple industries with multiple operating models
    • Industry recognized certifications (CISSP, GIAC etc.)
    • Strong familiarity with the OWASP top 10
    • Know how to prevent SQL injection in 2 or more server-side languages
    • Know the various SAQ’s and have implemented SAQ C-VT, C and/ or P2PE


    We are an equal opportunity employer

    EXOS is proud to be an affirmative action / equal opportunity employer. All qualified applicants will receive consideration without regard to race, creed, gender, marital status, sexual orientation, citizenship status, color, religion, national origin, age, disability, veteran status, or any other status protected under local, state, or federal laws. EXOS provides reasonable accommodation to employees and applicants for employment who have disabilities. You may request reasonable accommodation, in writing, by reaching out to our People Operations department at  : 


    Attention : People Operations, Accommodations

    2629 E. Rose Garden Ln. 

    Phoenix, AZ 85050


    Learn more here:


    EEO is the Law

    EEO is the Law Supplement


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Join our Talent Network

    Don’t see an opening in your area or for your skill set? Join our Talent Network! Submit your resume and area of interest for general consideration and information from our EXOS Scouts.