Director, Information Security

This is a fully remote position, open to applicants in United States.

📋 Description

• Assemble the necessary team, processes, and technical measures to safeguard our highly sensitive patient information while effectively navigating the complexities of HIPAA and 42 CFR Part 2.

• Take charge of the 12–24 month strategy aimed at obtaining HITRUST Certification, ensuring that our security practices are not only robust but also quantifiable, verifiable, and scalable.

• Position our Information Security, Trust & Compliance initiatives as a distinctive advantage for Bicycle Health.

⛳️ Requirements

• Proven Audit Success: Over 10 years of experience in Information Security, with hands-on experience guiding at least one organization through a successful HITRUST CSF or SOC2 Type II certification focused on healthcare.

• Healthcare Regulatory Expertise: In-depth knowledge of HIPAA and a solid understanding of 42 CFR Part 2. Experience managing the privacy aspects of controlled substance prescribing is a notable advantage.

• Startup-to-Enterprise Growth: Experience in a Series C+ environment, showcasing the ability to establish programs from the ground up while ensuring operational stability.

• Technical Breadth: A solid foundation in both Application Security (securing SaaS products) and Security Operations (defending cloud infrastructure). You should be adept at communicating "code" with engineers and "risk" with the Board.

• Leadership Persona: Outstanding communication abilities, capable of influencing remote teams and spearheading cross-departmental initiatives.

• Certifications: CISSP, CISM, or CCSFP (Certified CSF Practitioner) are highly sought after.

🏝️ Benefits

• Discretionary PTO + 8.5 days of additional sick time + 10 paid holidays

• Paid parental leave

• 100% Employer Paid Employee Medical, Dental, and Vision Insurance

• Employer Paid Short-Term Disability (STD) & Long-Term Disability (LTD)

• 401k

• $50 monthly Remote Work Stipend