We are seeking an experienced and pragmatic VP of Information Security to report directly to the Chief Technology Officer. This leader will guide both our Information Security and IT functions through a high-growth phase, ensuring the organization maintains strong security, privacy, and compliance standards while continuing to scale efficiently.
This is not a purely managerial role. We are looking for a hands-on, “roll-up-your-sleeves” leader who can operate strategically while also diving into execution when needed. You will serve as a cross-functional enabler, partnering across the business to embed security and compliance into how we build, operate, and innovate.
What you’ll be doing as the VP, Information Security:
Leadership & Strategy
- Lead and develop a high-performing, lean InfoSec and IT team
- Act as a trusted advisor to executive leadership on security, risk, and compliance strategy
- Enable business growth by embedding security as a business enabler, not a blocker
- Translate complex technical risks into clear business impact and decisions
Security, Risk & Compliance
- Maintain and mature HITRUST certification (MyCSF) and SOC 2 Type II attestation
- Own and evolve the organization’s risk management program
- Lead security incident response and continuous improvement of response capabilities
- Oversee vulnerability management, threat detection, and remediation efforts
- Drive vendor risk management and third-party security oversight
- Ensure compliance with HIPAA and other applicable regulatory requirements
Technical Oversight
- Oversee application, infrastructure, and data security across a cloud-first environment
- Manage and optimize SIEM and security monitoring capabilities
- Guide secure architecture decisions in partnership with engineering and product teams
- Support secure scaling of systems during rapid organizational growth
IT & Operational Excellence
- Oversee IT operations to ensure reliable, secure, and high-quality support for employees and clinicians
- Deliver a seamless IT experience for a fully remote workforce and distributed clinician network
- Establish metrics and reporting on security posture, compliance health, and IT performance
Cross-Functional Collaboration
- Partner with Legal, Compliance, Engineering, Product, and Clinical teams to ensure alignment
- Drive a culture of shared responsibility for security and privacy
- Support innovation initiatives while maintaining appropriate risk controls
Requirements:
- Experience leading Information Security in a HIPAA-compliant, high-growth tech environment (100+ employees)
- Proven success guiding organizations through HITRUST (MyCSF) certification and SOC 2 Type II attestation
- Experience scaling a company through significant growth (e.g., 50 → 250+ employees)
- Background in telehealth, digital healthcare required
- Experience managing and mentoring small, high-impact teams
- Comfortable operating as a player-coach—balancing strategy with hands-on execution
- Ability to influence without authority and drive alignment across diverse stakeholders
- Strong hands-on experience with:
- - Cloud environments
- SIEM and security monitoring tools
- Vulnerability management programs
- Incident response leadership
- Vendor risk management
- Deep understanding of security architecture, infrastructure, and application security
- CISSP preferred
- CRISC or strong risk management background is a plus
Benefits:
- A competitive salary
- Stock options so you have equity
- Fully paid for comprehensive health care (medical, dental, vision)
- Pet Insurance
- Life Insurance & Short / Long Term Disability
- 401k Plan
- Unlimited PTO and sick leave
- Parental Leave
- Work remotely and whatever schedule works best for you
- Additional memberships and perks
Work Environment & Culture
At Brightside Health, you’ll join a fully remote, mission-driven team that values flexibility and impact. You’ll collaborate with professionals across engineering, product, and clinical teams, all dedicated to transforming mental healthcare. Our culture fosters continuous learning, empathy, and cross-functional collaboration.
We celebrate diversity and are committed to equal employment opportunities based on merit, competence, and performance. Research shows that underrepresented groups often apply only if they meet 100% of the listed criteria—we encourage women, people of color, and LGBTQ+ job seekers to apply even if they don’t check every box.
Compensation & Hiring Commitment
Final offers are determined by multiple factors, including location, experience, and expertise. If you have questions about compensation bands, please ask your recruiter.
At Brightside, we recognize that building life-changing technology for mental health is both a responsibility and a privilege. We set high standards while ensuring every team member is valued, trusted, and empowered in an environment driven by inclusion and impact.