Jobs · Information Technology

Vice President, Information Security

Spring Health · United States · 1 wk ago
RemoteRemoteInformation Technology$250k–$289k/yrFull-time

Security Strategy & Leadership

  • Develop and execute the enterprise information security vision, strategy, and multi-year roadmap.
  • Serve as a trusted advisor to executive leadership and the Board on cybersecurity risks, trends, and investments.
  • Establish security objectives, metrics, and reporting mechanisms aligned with business priorities.
  • Drive a security culture across the organization that enables innovation while maintaining appropriate risk controls, including effectively communicating risks and changes in the risk landscape to leadership, the Board, and key stakeholders in clear, business-relevant terms.

Governance, Risk & Compliance

  • Own the enterprise information security risk management program, including formal risk assessments, risk registers, and risk treatment plans.
  • Ensure compliance with applicable frameworks and regulations, including SOC 2, ISO 27001, HIPAA, HITRUST, PCI DSS, GDPR, and CCPA.
  • Oversee security audits, risk assessments, policy development, and remediation initiatives.
  • Manage the Business Associate Agreement (BAA) program across the customer and vendor ecosystem.
  • Maintain and test the enterprise Incident Response and Business Continuity programs.
  • Drive continuous improvement of security controls and risk management practices.

Security Operations & Incident Response

  • Oversee security operations, threat detection, vulnerability management, and incident response functions.
  • Own the security operations center (SOC) function, including SIEM strategy, threat intelligence, and endpoint detection and response.
  • Lead the organization's response to security incidents, including executive communication, regulatory notification obligations, and post-incident review
  • Direct penetration testing, security assessments, and resilience exercises.

Cloud, Infrastructure & Product Security

  • Partner with Engineering and Product leadership to embed security throughout the software development lifecycle (SDLC), including threat modeling, secure code review, and automated security testing.
  • Provide strategic direction for the design and implementation of secure enterprise and cloud infrastructure, ensuring security architecture principles are embedded in platform design, data flows, and technology decisions across the organization.
  • Provide security architecture review and guidance for new products, features, and third-party integrations.
  • Oversee vulnerability management, penetration testing, and remediation programs across the platform and infrastructure.

Team & Program Leadership

  • Build, mentor, and develop high-performing security teams.
  • Manage security budgets, technology investments, and vendor relationships.
  • Lead third-party risk management and vendor security assessment programs.
  • Demonstrated ability to work closely with leadership across the organization, including Engineering, Legal, Privacy, Product, Sales, IT, HR, and others, serving as a trusted partner who enables the business rather than a barrier to it.
  • Serve as the executive point of contact for cyber insurance underwriters, external auditors, and regulatory examiners.

Similar jobs