Brightside Health

VP, Information Security

Brightside Health

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

Cloud

About the role

  • Lead and develop a high-performing, lean InfoSec and IT team
  • Act as a trusted advisor to executive leadership on security, risk, and compliance strategy
  • Enable business growth by embedding security as a business enabler, not a blocker
  • Translate complex technical risks into clear business impact and decisions
  • Maintain and mature HITRUST certification (MyCSF) and SOC 2 Type II attestation
  • Own and evolve the organization’s risk management program
  • Lead security incident response and continuous improvement of response capabilities
  • Oversee vulnerability management, threat detection, and remediation efforts
  • Drive vendor risk management and third-party security oversight
  • Ensure compliance with HIPAA and other applicable regulatory requirements
  • Oversee application, infrastructure, and data security across a cloud-first environment
  • Manage and optimize SIEM and security monitoring capabilities
  • Guide secure architecture decisions in partnership with engineering and product teams
  • Support secure scaling of systems during rapid organizational growth
  • Oversee IT operations to ensure reliable, secure, and high-quality support for employees and clinicians
  • Deliver a seamless IT experience for a fully remote workforce and distributed clinician network
  • Establish metrics and reporting on security posture, compliance health, and IT performance
  • Partner with Legal, Compliance, Engineering, Product, and Clinical teams to ensure alignment
  • Drive a culture of shared responsibility for security and privacy
  • Support innovation initiatives while maintaining appropriate risk controls

Requirements

  • Experience leading Information Security in a HIPAA-compliant, high-growth tech environment (100+ employees)
  • Proven success guiding organizations through HITRUST (MyCSF) certification and SOC 2 Type II attestation
  • Experience scaling a company through significant growth (e.g., 50 → 250+ employees)
  • Background in telehealth, digital healthcare required
  • Experience managing and mentoring small, high-impact teams
  • Comfortable operating as a player-coach—balancing strategy with hands-on execution
  • Ability to influence without authority and drive alignment across diverse stakeholders
  • Strong hands-on experience with:
  • Cloud environments
  • SIEM and security monitoring tools
  • Vulnerability management programs
  • Incident response leadership
  • Vendor risk management
  • Deep understanding of security architecture, infrastructure, and application security
  • CISSP preferred
  • CRISC or strong risk management background is a plus
Benefits
  • A competitive salary
  • Stock options so you have equity
  • Fully paid for comprehensive health care (medical, dental, vision)
  • Pet Insurance
  • Life Insurance & Short / Long Term Disability
  • 401k Plan
  • Unlimited PTO and sick leave
  • Parental Leave
  • Work remotely and whatever schedule works best for you
  • Additional memberships and perks
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Information SecurityHITRUST certificationSOC 2 Type II attestationvulnerability managementincident responsesecurity architecturecloud environmentsrisk managementsecurity monitoringtelehealth
Soft Skills
leadershipmentoringinfluence without authoritystrategic thinkinghands-on executioncollaborationcommunicationproblem-solvingadaptabilityteam building
Certifications
CISSPCRISC