Director of Cybersecurity
Fully Remote Denver, CO


Connect for Health has a great opportunity for a Director of Cybersecurity.

Connect for Health Colorado is a public, non-profit entity established by the Colorado General Assembly in 2011 to create a health insurance Marketplace. Since 2013, we’ve been helping individuals, families and small employers compare plans, apply for financial help, and buy health insurance. As Colorado’s official health insurance marketplace, we are the only place to apply for financial help to lower the monthly cost of premiums. Customers can shop online; get help by phone or online chat from Customer Service Center representatives; and access expert help from a statewide network of certified Brokers and community-based Assisters. Our mission is to increase access, affordability, and choice for individuals and small employers purchasing health insurance in Colorado. For more information:


Position Summary: 

The Director of Cybersecurity will direct the development, implementation, and maintenance of the Security Program. This role will report directly to General Counsel but work closely with the CIO and CFO and can elevate issues or concerns directly to the CEO. The Director of Cybersecurity will work in concert with the Privacy Officer for the efficient administration of the Privacy & Security Program for Connect for Health Colorado. 

The Director of Cybersecurity will be the primary advisor to the organization and the primary representative on security matters to external organizations that include partners, brokers, carriers, assistance sites, and others. As such, the Director of Cybersecurity is expected to stay informed of evolving regulations, statues, threats, risks, technology, and recognized best practices and to regularly coordinate with counterparts at CMS, IRS, NIST, and other security authorities.

Position Responsibilities:

  • Develop strategic plans linked to business objectives and oversee the implementation of the Security Program. 
  • Develop and establish policies and approaches for Security and train affected staff on policy or process changes and/or enhancements. 
  • Establish controls to support security policies and oversee their implementation. 
  • Provide vendor management and oversight. 
  • Evaluate overall Security functions and recommend enhancements or changes. 
  • Prepare the enterprise objectives and budgets to facilitate the necessary and compliant protection of information within the enterprise. 
  • Interact and propose solutions to managers on operations and processes that are impacted by the privacy and security of information. 
  • Monitor business processes to ensure compliance with established policies. 
  • Review and make recommendations for major contracts for security services and equipment. 
  • Facilitate development, design, and implementation of proposed updates, enhancements, and new functionality so that enterprise security is maintained. 
  • Identify emerging security practices and technologies to be assimilated, integrated, and introduced within the organization. 
  • Assess new technologies to determine potential value for the organization in the areas of security. 
  • Oversee ongoing improvements and the feasibility of system enhancements. 
  • Support the establishment of infrastructure to support and guide individual divisions/departments/sites in IT efforts. 
  • Ensure the timely preparation and submission of documents to meet federal reporting requirements and respond to information inquiries from federal and state sponsors. 
  • Investigate security issues and complaints and work towards resolution. 
  • Participate in the C4HCO Technology Change Management process, helping to review and approve changes. 
  • Assess new security threats and vulnerabilities and make recommendations on appropriate avoidance and mitigation strategies. 
  • Establish a communications strategy to ensure requirements and policies are known and understood. 


Position Requirements:

  • Colorado resident.
  • BA/BS in a Business-related field and/or equivalent years of experience working with and understanding the health insurance market. 
  • Current certification: CISSP, CISA, CISM, or similar preferred. 
  • Five or more years CISO, Enterprise IT operations, or privacy/security consulting.
  • Experience with creation and implementation of FISMA or HIPAA compliant programs. 
  • Breadth of experience working in organizations across a spectrum of life-cycle stages including start-ups, established, steady-state organizations, and organizations in transition. 
  • Strong leadership, vendor management, and analytical skills. 
  • Demonstrated experience with large-scale project management. 
  • Skilled across all areas of Information Security including, but not limited to, Operations, Physical, Network, OS, and Application security. 
  • Experience with and a background in PCI compliance is advantageous. 
  • Exposure to technology landscapes like C4HCO is preferred: Oracle, WebLogic, SOA Suite, Java / J2EE. 
  • Ability to effectively communicate with board members, senior executives, vendors and partners in a way that will drive tangible alignment of activities. 
  • Ability to cultivate structure in an unstructured environment. 
  • Ability to understand and develop big picture strategies and break them down into actionable tasks. 
  • Ability to work within a very fast-paced, quickly evolving organization, manage multiple, complex priorities, and respond effectively to change.  
  • Ability to balance strict regulations with the uncertainty and ambiguity seen in fast paced operations and a start-up organization. 
  • Candidate must be a committed team player with exceptional interpersonal, problem solving and communication skills.  
  • The candidate must also have demonstrated success working with a wide range of stakeholders. 

Work Environment:

  • Currently working remotely
  • The Connect for Health Colorado office is in the North Tech Center area of Denver, near the intersection of I-25 and I-225
  • Work schedule may include some non-traditional hours, weekends, and evening events.
  • Core office hours, typically 8am-5pm with some flexibility 

Total Compensation:

Connect for Health Colorado offers a competitive benefits package. Using Connect for Health Colorado’s annual benefits allowance, employees may elect from various benefit offerings and tailor a package to best suit their individual needs. Connect for Health Colorado employees are eligible to participate in the organization’s 403(b) plan and are additionally provided with paid time off, short- and long-term disability, and life insurance.  The salary ranges from $119,800 - $159,800.

To Apply: Please apply on our Career page at

Connect for Health Colorado is an equal opportunity employer (EOE). Connect for Health Colorado may, at its discretion, conduct a background check on any workforce member and/or require job candidates to successfully complete a background check as a condition of employment.

Salary Description
$119,800 - $159,800