Kodiak Senior Manager Leader

Your Journey at Crowe Starts Here:

At Crowe, you have the opportunity to deliver innovative solutions to today's complex business issues. Crowe's accounting, consulting, and technology personnel are widely recognized for their in-depth expertise and understanding of sophisticated process frameworks and enabling technologies, along with their commitment to delivering measurable results that help clients build business value. Our focus on emerging technology solutions along with our commitment to internal career growth and exceptional client value has resulted in a firm that is routinely recognized as a "Best Place to Work." We are 75 years strong and still growing. Come grow with us!

Job Description:

About the opportunity

Kodiak seeks a dynamic Chief Information Security Officer to provide leadership, vision across diverse teams, and direction for information security, security initiatives, regulations, compliance, and privacy. This role will report to the General Counsel + Chief Risk Officer and work closely to reduce the risk and impact of cyber-attacks as well as increasing product security.

The CISO is expected to be a master communicator who is confident but humble, and capable of interfacing effectively with other C-level executives, as well as members of the board of directors and audit committees. Additionally, the CISO must possess a strong, hands-on technical and security practitioner background and the ability to effectively collaborate with technical staff, understand threats, risk mitigation and technical controls. The ideal CISO is a people person who focuses on building a synergistic team where employees are valued, challenged to achieve excellence, and enjoy working for the company. As the leader of the information security program, the CISO establishes highly effective policies, corporate protocols, and appropriate collaboration among teams.

About Kodiak

Kodiak Solutions ("Kodiak") provides software and tech-enabled services to the Office of the CFO within health systems, provider groups, and other healthcare organizations. The Company's flagship software product Revenue Cycle Analytics ("RCA") is the only outsourced solution that automates accrual-based net revenue analysis, standardizing the month-end close process for 1,800+ hospitals and 200K+ practice-based physicians.

Headquartered in Indianapolis, IN, Kodiak was founded in 2005 by the current CEO, Derek Bang, as the healthcare division of multinational accounting firm Crowe LLP. Leveraging the direct access to the CFO and the strong customer advocacy of the RCA product, the Company has expanded to offer a suite of software and services across finance, revenue cycle, and risk and compliance, driving a 15%+ organic revenue growth CAGR over the past three years.

Kodiak was recently acquired by TPG Growth. TPG Growth's longstanding health system relationships provided differentiated insight into the mission- critical nature of Kodiak's solutions and allowed them to gain conviction in our underwriting. While the business has seen strong traction in its Office of the CFO product portfolio over the last decade, the leadership team believes they can inflect growth as a standalone Company and with TPG as a strategic partner.

About TPG Growth

TPG Growth has been actively investing in high quality companies since 2007. The Firm specializes in growth equity and middle-market buyout opportunities. TPG Growth works in partnership with its management teams and its network of operating executives and strategic advisors to transform its portfolio companies into industry-leading businesses.

TPG Growth currently manages over $24B in assets across the globe focused in media, software, business services, and healthcare industries. TPG Growth

assists at all stages of a company's growth, from its inception to its international expansion. They have become

the partner of choice for companies and executives and a highly regarded private equity firm in North America.

Team

Who you'll work with

Reports to: Chief Operating Officer

Where you'll be based

Location: Open for ideal candidate

How you'll make an impact

Key Responsibilities:

Cybersecurity Strategy

• Stand-up, build and develop a cohesive information security strategy, as well as a roadmap for strategy implementation that is integrated and tied into technology and aligned to business strategy.
• Develop, implement, and monitor a strategic, comprehensive enterprise information security and cyber risk management program to ensure the integrity, confidentiality and availability of information owned, controlled, or processed by the organization while balancing risk tolerance and financial budget.
• Partner closely with and guide technology business owners across all functions to leverage the right mix of security controls and capabilities into the tools and technologies they directly oversee.
• Provide technical leadership for all information security platforms. Serve as the escalation point for technical issues related to information security platforms.
• Develop a participatory culture that promotes principles and adopts practices of information security into the work habits and work products of each business unit.

Governance and Risk Measurement

• Establish and oversee the development of a framework-oriented risk measurement, reporting, and communication practice that continuously assesses various levels of cyber risk and its impact to business operations, regulatory obligations, and customer commitments.
• Develop a risk management process that derives the appropriate investment plans and strategies and drive transparency and accountability for offsetting risk across all functional areas and executive management.
• Establish a process to assess, measure, and manage 3rd party vendor risk in close partnership with business owners and legal office to ensure that baselines are developed and requirements are included in contracts.
• Conduct regular technical risk assessments/audits of Kodiak and its key IT suppliers' systems and infrastructure.
• Communicate routinely with business unit leaders and TPG cyber field operations as required to build bridges and create risk awareness, including overseeing periodic audits, and risk-focused reporting as required.
• Establish an industry and (as required - i.e.: HIPAA, CCPA, etc.) regulatory certification capability aligned to business strategy that includes audit requirements, plans, investments, and audit engagement execution.
• Conduct cyber diligence while evaluating potential M&A targets and help the management team understand potential security problems that might arise from acquisitions or other strategic business moves.

Cybersecurity Operations

• Implement well-aligned process, technology, and organizational controls within risk tolerance thresholds and drive user-minded adoption across the enterprise.

• Develop, maintain, and publish up-to-date security policies, standards, and guidelines, and oversee training and dissemination of security policies and practices.
• Oversee the administration of all information security technology platforms, ensuring that technologies are optimally configured and maintained to provide maximum uptime and protection to the organizations' information systems.
• Develop and own the disaster recovery plan in conjunction with technology operations leadership and partner to exercise tabletops on a periodic basis.
• Implement company-wide cybersecurity training to reduce opportunities for and impact of any cyber incidents. This training should be conducted and tested regularly.
• Collaborate across departments and communicate to ensure appropriate security processes, procedures and tools are installed, monitored, and effectively operating and alerting.
• Define, implement, & oversee vulnerability management tooling, process & remediation processes.
• Partner with IT and other technology owners to ensure a routine patch management process and approach is operationalized for all systems, applications, and infrastructure.
• Manage service levels, control effectiveness, control failure remediation, operational automation, and oversight of information security team.
• Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event. Take the lead on security incident response measures.

Product Security & Trust

• Provide guidance to ensure Kodiak products are built to be secure in our customer's environments including architectural and independent cyber reviews of products.
• In collaboration with the technology and product development leaders, build a DevSecOps function that integrates security early and routinely into the software development lifecycle.
• Establish a Trust Center that enables a process-oriented method for the company to effectively respond to cyber-related customer, public, and regulatory inquiries/audits that is both integrated into the sales process and based on reasonable and accepted practices.

About the right person

What makes you qualified:

• The ideal candidate will come from the software or data management industry and have experience with cloud security and SaaS. Prior experience in software development and/or a detailed understanding of the software development lifecycle would be very helpful, plus experience in a high growth, acquisition- heavy environment and proven experience assessing risk in such an environment.
• Several years of experience in a combination of risk management, information security or related IT leadership roles within a high growth, acquisition heavy environment. Ideally 5+ years gained in rapidly growing, fast moving, and changing environments within a software or technology company of $100M+.
• Commercially minded, with the ability to be customer facing as part of the company's communications and GTM strategy.
• Significant experience in managing MSSPs to outsource multiple security functions while maturing the program.
• The ideal candidate will have experience in handling and mitigating one or more significant cyber events.
• Hands-on leader and team player who will roll up his/her sleeves and serve as a player/coach, when necessary. Moves with agility. Team builder able to establish a strong internal following and to hire additional talent to build out the security organization and drive accountability.
• In-depth knowledge of applications, systems, network and data security, telecommunications, security operations, and associated hardware, software, and protocols.
• Professional security management certification is required, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Health Insurance Portability and Accountability Act (HIPAA), Certified Information Systems Auditor (CISA) or other similar credentials.
• Knowledge and experience initiating, implementing and/or maintaining common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800- 53 and Cybersecurity Framework.
• Strong knowledge of security implications involving a variety of security technologies.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.

What makes you extra qualified

• Proven leader in the healthcare industry with 10+ years of strong healthcare experience
• Ability to motivate by clearly communicating vision and strategy and creating a shared purpose
• Educational/experiential requirements
• Strong consensus building skills: Champions, leads and supports change; takes appropriate chances
• Achieves business results, by taking action achieving quality and focusing on the future
• Demonstrates integrity and ethics; sets a personal example
• Knowledge of budgeting processes and performance reporting

What working here offers

• Our client is offering a highly competitive compensation package with an attractive base salary as well as short and long-term incentive programs.

Our Benefits:

At Crowe, we know that great people are what makes a great firm. We value our people and offer employees a comprehensive benefits package. Learn more about what working at Crowe can mean for you!

How You Can Grow:

We will nurture your talent in an inclusive culture that values diversity. You will have the chance to meet on a consistent basis with your Career Coach that will guide you in your career goals and aspirations. Learn more about where talent can prosper!

More about Crowe:

Crowe (www.crowe.com) is one of the largest public accounting, consulting and technology firms in the United States. Crowe uses its deep industry expertise to provide audit services to public and private entities while also helping clients reach their goals with tax, advisory, risk and performance services. Crowe is recognized by many organizations as one of the country's best places to work. Crowe serves clients worldwide as an independent member of Crowe Global, one of the largest global accounting networks in the world. The network consists of more than 200 independent accounting and advisory services firms in more than 130 countries around the world.

Crowe LLP provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Crowe LLP does not accept unsolicited candidates, referrals or resumes from any staffing agency, recruiting service, sourcing entity or any other third-party paid service at any time. Any referrals, resumes or candidates submitted to Crowe, or any employee or owner of Crowe without a pre-existing agreement signed by both parties covering the submission will be considered the property of Crowe, and free of charge.