Vice President, Information Security

🔥 12 hours ago

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of Spring Health

Spring Health

501 - 1000 employees

⚕️ Healthcare Insurance

🧘 Wellness

☁️ SaaS

Healthcare Insurance • Wellness • SaaS

Spring Health is a comprehensive mental health solution designed for employers and health plans. It utilizes Precision Mental Healthcare to deliver personalized mental health support by matching individuals with the right care, whether it's digital support, meditation exercises, coaching, therapy, or medication. By partnering with leading organizations, Spring Health aims to improve mental health accessibility and outcomes, reduce employee turnover, and enhance productivity. Trusted by over 4,500 organizations, the company provides an evidence-based approach that has been proven to deliver positive clinical and financial results.

📋 Description

• Develop and execute the enterprise information security vision, strategy, and multi-year roadmap. • Serve as a trusted advisor to executive leadership and the Board on cybersecurity risks, trends, and investments. • Establish security objectives, metrics, and reporting mechanisms aligned with business priorities. • Drive a security culture across the organization that enables innovation while maintaining appropriate risk controls, including effectively communicating risks and changes in the risk landscape to leadership, the Board, and key stakeholders in clear, business-relevant terms. • Own the enterprise information security risk management program, including formal risk assessments, risk registers, and risk treatment plans. • Ensure compliance with applicable frameworks and regulations, including SOC 2, ISO 27001, HIPAA, HITRUST, PCI DSS, GDPR, and CCPA. • Oversee security audits, risk assessments, policy development, and remediation initiatives. • Manage the Business Associate Agreement (BAA) program across the customer and vendor ecosystem. • Maintain and test the enterprise Incident Response and Business Continuity programs. • Drive continuous improvement of security controls and risk management practices. • Oversee security operations, threat detection, vulnerability management, and incident response functions. • Own the security operations center (SOC) function, including SIEM strategy, threat intelligence, and endpoint detection and response. • Lead the organization's response to security incidents, including executive communication, regulatory notification obligations, and post-incident review. • Direct penetration testing, security assessments, and resilience exercises. • Partner with Engineering and Product leadership to embed security throughout the software development lifecycle (SDLC), including threat modeling, secure code review, and automated security testing. • Provide strategic direction for the design and implementation of secure enterprise and cloud infrastructure, ensuring security architecture principles are embedded in platform design, data flows, and technology decisions across the organization. • Provide security architecture review and guidance for new products, features, and third-party integrations. • Oversee vulnerability management, penetration testing, and remediation programs across the platform and infrastructure. • Build, mentor, and develop high-performing security teams. • Manage security budgets, technology investments, and vendor relationships. • Lead third-party risk management and vendor security assessment programs. • Demonstrated ability to work closely with leadership across the organization, including Engineering, Legal, Privacy, Product, Sales, IT, HR, and others, serving as a trusted partner who enables the business rather than a barrier to it. • Serve as the executive point of contact for cyber insurance underwriters, external auditors, and regulatory examiners.

🎯 Requirements

• 12+ years of progressive experience in Information Security, with at least 5 years in a senior leadership role. • Demonstrated experience building and leading multi-functional security teams, including risk/compliance, application security, and/or security operations disciplines. • Demonstrated ability to communicate security risk to executive and board-level audiences, translating technical issues into business and financial impact. • Deep working knowledge of HIPAA and hands-on experience managing compliance programs in a covered entity or business associate environment. • Experience with HITRUST CSF, SOC 2, ISO 27001, and other comparable third-party security certification programs. • One or more recognized industry certifications relevant to a role at this level (CISSP, CISM, CCISO, CRISC, or CISA). • Experience building partnerships across the organization, enabling innovation in a safe and risk-aware way — a track record of being a business enabler, not a gatekeeper. • Experience managing client-facing security responsibilities, including enterprise security reviews, vendor assessments, and RFP responses. • Experience owning or contributing to incident response programs, including regulatory breach notification obligations. • Strong working knowledge of cloud security principles and modern SaaS architecture security requirements. • Track record of partnering effectively with executive leadership, boards, auditors, regulators, and customers. • Deep knowledge of security operations, threat management, vulnerability management, and incident response. • Strong expertise in cloud security, application security, identity and access management, and security architecture. • Strategic mindset with strong business and risk management acumen. • Ability to balance security requirements with customer experience, innovation, and business objectives.

🏖️ Benefits

• Health, Dental, Vision benefits start on your first day at Spring. You and your dependents also receive access to One Medical accounts HSA and FSA plans are also available, with Spring contributing up to $1K for HSAs, depending on your plan type. • Employer sponsored 401(k) match of up to 2% for retirement planning • A yearly allotment of no cost visits to the Spring Health network of therapists, coaches, and medication management providers for you and your dependents. • We offer competitive paid time off policies including vacation, sick leave and company holidays. • At 6 months tenure with Spring, we offer parental leave of 18 weeks for birthing parents and 16 weeks for non-birthing parents. • Access to Noom, a weight management program—based in psychology, that’s tailored to your unique needs and goals. • Access to fertility care support through Carrot, in addition to $4,000 reimbursement for related fertility expenses. • Access to Wellhub, which connects employees to the best options for fitness, mindfulness, nutrition, and sleep in one subscription • Access to BrightHorizons, which provides sponsored child care, back-up care, and elder care • Up to $1,000 Professional Development Reimbursement a year. • $200 per year donation matching to support your favorite causes.

Apply Now

Similar Jobs

🕒 Yesterday

Cisco

10,000+ employees

🔧 Hardware

🔐 Security

🏢 Enterprise

Cybersecurity Account Executive responsible for enhancing security resilience and driving sales. Develops strategies for client accounts within Cisco's comprehensive security portfolio.

🕒 Yesterday

Cisco

10,000+ employees

🔧 Hardware

🔐 Security

🏢 Enterprise

Security Account Executive driving Cisco Security growth across federal and local government agencies. Collaborating with agency leadership to adopt cybersecurity solutions.

Cyber Security

🕒 4 days ago

Switzerland Global Enterprise

51 - 200

🤝 B2B

🛍️ eCommerce

Principal Cybersecurity Regulatory Advisor serving as the primary expert on commercial product cybersecurity regulation at GE Vernova. Translating complex regulations into actionable business guidance.

Cyber Security

🕒 4 days ago

Switzerland Global Enterprise

51 - 200

🤝 B2B

🛍️ eCommerce

Product Cybersecurity Architect designing security architectures for GE Vernova power sectors. Leading secure development support, threat modeling, and recommendations for product lifecycle.

Cyber Security

🕒 4 days ago

Switzerland Global Enterprise

51 - 200

🤝 B2B

🛍️ eCommerce

Staff Digital Auditor performing security assessments and information security audits in the technology and cybersecurity sector at GE Vernova. Engaging with Third Parties and enabling improved security posture through risk assessment and remediation.