Vice President, Information Security

This is a fully remote position, open to applicants in California.

📋 Description

• Oversee all facets of enterprise information security, encompassing threat detection, incident response, vulnerability management, and ongoing monitoring.

• Develop and enhance a thorough Governance, Risk, and Compliance (GRC) framework that aligns with healthcare industry standards (e.g., NIST, HITRUST, ISO 27001).

• Regularly evaluate the enterprise risk posture, emphasizing cybersecurity risks in relation to clinical, operational, and financial risk frameworks.

• Create and execute strategies to safeguard sensitive patient information, including Protected Health Information (PHI), Personally Identifiable Information (PII), and clinical data.

• Ensure adherence to healthcare data security and privacy regulations, including HIPAA and HITECH, as well as specific state privacy laws.

• Supervise data governance, encryption, identity management, and secure data transfers across clinical systems (EHR/EMR), patient platforms, and third-party partners.

• Manage IT risk, compliance, and IT General Controls (ITGC) programs to support SOX and healthcare regulatory mandates.

• Collaborate with internal audit, compliance, legal, and finance teams to ensure audit preparedness and prompt resolution of control deficiencies.

• Uphold compliance with standards like HIPAA, HITRUST, SOC 2, PCI-DSS (as applicable), and other healthcare-specific regulatory frameworks.

• Lead security architecture across enterprise infrastructure, covering cloud, hybrid, and on-premise environments that support clinical and digital health platforms.

• Propel secure cloud transformation initiatives, ensuring suitable controls across IaaS, PaaS, and SaaS environments.

• Work alongside engineering, IT, and DevOps teams to adopt DevSecOps practices and secure software development lifecycle (SDLC).

• Direct the enterprise incident response strategy, which includes preparedness, detection, containment, and recovery from cyber incidents.

• Build, lead, and expand a high-performing information security organization, which encompasses security operations, risk, and IT compliance functions.

• Act as a principal advisor to executive leadership, the Board, and Audit/Compliance Committees regarding cybersecurity risk and strategy.

• Foster an enterprise-wide culture of security and compliance through security awareness and training programs.

⛳️ Requirements

• Over 12 years of progressive leadership experience in information security, cybersecurity, and risk management, preferably in healthcare, life sciences, or other highly regulated sectors.

• Background in operating within a publicly traded or highly regulated environment with stringent governance and compliance standards.

• Proven history of directing enterprise security programs in complex settings involving clinical systems, digital platforms, and sensitive patient information.

• Extensive knowledge of healthcare regulatory frameworks, including HIPAA, HITECH, HITRUST, and experience managing PHI/PII at scale.

• Strong grasp of ITGC, SOX compliance, and auditing processes.

• Experience securing healthcare technologies, such as EHR/EMR systems, patient engagement platforms, telehealth systems, and medical device integrations.

• Practical leadership in cloud security, infrastructure modernization, and enterprise security architecture.

• Expertise in identity and access management (IAM), zero trust frameworks, and contemporary security operations.

• Experience in implementing and managing GRC platforms and frameworks such as NIST, ISO 27001, and HITRUST.

• Proven success in incident response, cyber resilience, and mitigating enterprise risk.

• Strong executive presence with experience engaging with Boards and Audit/Compliance Committees.

• Demonstrated ability to lead cross-functional initiatives across technology, clinical, legal, and operational teams.

• Capability to operate effectively in a fast-paced, high-stakes healthcare environment where security and patient safety are critical.

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.

• Relevant certifications such as CISSP, CISM, CISA, CRISC, or HCISPP preferred.

🏝️ Benefits

• Health Care Plan (Medical, Dental & Vision)

• Retirement Plan (Roth 401k)

• Life Insurance (Basic, Voluntary & AD&D)

• Unlimited PTO Policy

• Paid Holidays

• Short Term & Long Term Disability

• Training & Development