Director, Information Security

This is a fully remote position, open to applicants in United States.

📋 Description

• Assemble the team, processes, and technical safeguards necessary to protect our highly sensitive patient information while navigating the complexities of HIPAA and 42 CFR Part 2.

• Take ownership of the 12–24 month roadmap aimed at achieving HITRUST Certification, ensuring that our security practices are not only effective but also measurable, auditable, and scalable.

• Position our Information Security, Trust & Compliance practices as a competitive advantage for Bicycle Health.

⛳️ Requirements

• Proven Audit Success: Over 10 years of experience in Information Security, with direct involvement in leading at least one organization through a successful HITRUST CSF or SOC2 Type II (healthcare focus) certification.

• Healthcare Regulatory Expertise: In-depth knowledge of HIPAA and a practical understanding of 42 CFR Part 2. Experience in managing the privacy complexities associated with controlled substance prescribing is a notable advantage.

• Startup-to-Enterprise Growth: Background in a Series C+ environment, with the capability to build programs from the ground up while ensuring operational stability.

• Technical Breadth: Strong expertise in both AppSec (securing SaaS products) and SecOps (defending cloud infrastructure). Comfortable engaging in technical discussions with engineers and risk conversations with the Board.

• Leadership Persona: Outstanding communication skills, with the ability to influence remote teams and drive initiatives across departments.

• Certifications: CISSP, CISM, or CCSFP (Certified CSF Practitioner) are highly preferred.

🏝️ Benefits

• Discretionary PTO + 8.5 days of additional sick time + 10 paid holidays

• Paid parental leave

• 100% Employer Paid Employee Medical, Dental, and Vision Insurance

• Employer Paid STD & LTD

• 401k

• $50 monthly Remote Work Stipend