Vice President, Information Security
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Vice President of Information Security leading cybersecurity initiatives at LifeMD, a telehealth provider. Focusing on data protection and regulatory compliance in a mission-critical healthcare environment.
Responsibilities:
- Lead all aspects of enterprise information security, including threat detection, incident response, vulnerability management, and continuous monitoring.
- Establish and mature a comprehensive Governance, Risk, and Compliance (GRC) framework aligned to healthcare industry standards (e.g., NIST, HITRUST, ISO 27001).
- Continuously assess enterprise risk posture, prioritizing cybersecurity risks in alignment with clinical, operational, and financial risk frameworks.
- Design and implement strategies to protect sensitive patient data, including Protected Health Information (PHI), Personally Identifiable Information (PII), and clinical data.
- Ensure compliance with healthcare data security and privacy regulations, including HIPAA and HITECH, as well as state-specific privacy laws.
- Oversee data governance, encryption, identity management, and secure data exchange across clinical systems (EHR/EMR), patient platforms, and third-party partners.
- Own and manage IT risk, compliance, and IT General Controls (ITGC) programs in support of SOX and healthcare regulatory requirements.
- Partner with internal audit, compliance, legal, and finance teams to ensure audit readiness and timely remediation of control deficiencies.
- Maintain compliance with standards such as HIPAA, HITRUST, SOC 2, PCI-DSS (as applicable), and other healthcare-specific regulatory frameworks.
- Lead security architecture across enterprise infrastructure, including cloud, hybrid, and on-premise environments supporting clinical and digital health platforms.
- Drive secure cloud transformation initiatives, ensuring appropriate controls across IaaS, PaaS, and SaaS environments.
- Partner with engineering, IT, and DevOps teams to implement DevSecOps practices and secure software development lifecycle (SDLC).
- Lead enterprise incident response strategy, including preparedness, detection, containment, and recovery from cyber incidents.
- Build, lead, and scale a high-performing information security organization, including security operations, risk, IT compliance functions.
- Serve as a key advisor to executive leadership, the Board, and Audit/Compliance Committees on cybersecurity risk and strategy.
- Drive enterprise-wide security awareness and training programs to foster a culture of security and compliance.
Requirements:
- 12+ years of progressive leadership in information security, cybersecurity, and risk management, preferably within healthcare, life sciences, or other highly regulated industries.
- Experience operating in a publicly traded or highly regulated environment with strong governance and compliance requirements.
- Proven track record of leading enterprise security programs in complex environments involving clinical systems, digital platforms, and sensitive patient data.
- Deep knowledge of healthcare regulatory frameworks, including HIPAA, HITECH, HITRUST, and experience managing PHI/PII at scale.
- Strong understanding of ITGC, SOX compliance, and audit processes.
- Experience securing healthcare technologies, including EHR/EMR systems, patient engagement platforms, telehealth systems, and medical device integrations.
- Hands-on leadership in cloud security, infrastructure modernization, and enterprise security architecture.
- Expertise in identity and access management (IAM), zero trust frameworks, and modern security operations.
- Experience implementing and managing GRC platforms and frameworks such as NIST, ISO 27001, and HITRUST.
- Demonstrated success in incident response, cyber resilience, and enterprise risk mitigation.
- Strong executive presence with experience engaging Boards and Audit/Compliance Committees.
- Proven ability to lead cross-functional initiatives across technology, clinical, legal, and operational teams.
- Ability to operate effectively in a fast-paced, high-stakes healthcare environment where security and patient safety are paramount.
- Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.
- Relevant certifications such as CISSP, CISM, CISA, CRISC, or HCISPP preferred.
Benefits:
- Health Care Plan (Medical, Dental & Vision)
- Retirement Plan (Roth 401k)
- Life Insurance (Basic, Voluntary & AD&D)
- Unlimited PTO Policy
- Paid Holidays
- Short Term & Long Term Disability
- Training & Development
Similar Jobs
FedRAMP Security Consultant
FedRAMP Security Consultant supporting cloud service providers in readiness assessments and compliance initiatives. Collaborating with cybersecurity professionals in a remote work environment.
Cybersecurity
Cybersecurity position focused on continuous monitoring and incident management in a collaborative tech environment. Seeking individuals eager to enhance security practices.
Security and Compliance Manager
Security & Compliance Manager responsible for enhancing security and compliance at Givebutter. Leading security roadmap, certifications, and incident responses in a growth-stage fintech.
Lead Product Security Engineer
Lead Product Security Engineer responsible for application and infrastructure security at Aalyria. Reporting to Director of Security & IT while mentoring engineers on security practices.
Experienced Information Security Engineer
Information Security Engineer conducting vulnerability assessments for complex environments at Gainwell Technologies. Collaborating with IT Operations and leadership for security management and compliance.
Head of Security Engineering
Head of Security Engineering at Suno, defining and leading security strategy for an AI music platform. Building and leading a high-performing security engineering organization with collaboration across various teams.
Senior Cyber Architect – OT Security
Senior role at EY in Cyber Security developing and implementing OT Security solutions for clients. Involvement in monitoring, analysing, and responding to security alerts in OT environments.
Staff Cyber Architect – OT Security, Engineering
Join EY as a Staff in Cyber Security focusing on OT security. Conduct assessments, support vulnerability management, and assist clients in improving security posture.
Software Engineer V – Security Engineer
Software Engineer V at Mighty Acorn focusing on embedding security in product teams. Ensuring compliance and data protection across digital services for government agencies.
Software Engineer I – Salesforce Integration, Tier 2 Security Clearance
Software Engineer I providing engineering support for Salesforce integration to federal contact center program. Must have Tier 2 Security Clearance and up to 3 years of experience.
Senior Developer III – Salesforce Integration, Tier 2 Security Clearance
Senior Developer responsible for Salesforce CRM integration solutions. Providing technical guidance and leading integration architecture decisions for federal contact center projects.
Developer I – Salesforce Integration, Tier 2 Security Clearance
Developer I supporting the development and testing of Salesforce CRM integrations. Working remotely at M&S Consulting with an emphasis on technical qualifications and active clearance.
Security Consultant
Security Consultant driving production efficiency within design team at Ares Technology. Supporting design department in delivering high-quality, mission-critical projects.
Senior Functional Consultant – HCM, HCM Security, Recruiting
Senior Functional Consultant assisting customers in overcoming HR technology challenges and maximizing Workday's value. Engaging in various consulting services while collaborating with clients.
Senior Security Engineer
Senior Security Engineer focusing on security operations in software development pipelines for a sustainable infrastructure company. Collaborating with IT and DevOps teams in a remote setting.
Cybersecurity Project Manager – Contract
Cybersecurity Project Manager in Technology Program Management Office overseeing cybersecurity project delivery. Requires extensive experience in cybersecurity, risk, compliance, controls, and audits.
Data Protection & AI Security, Staff Engineer
Staff Engineer leading strategic data protection and AI security initiatives at The Hershey Company. Collaborating with cross-functional teams to protect sensitive data and manage emerging risks.
Senior Cybersecurity Engineer
Cybersecurity Engineer responsible for protecting technology environments and delivering threat detection capabilities. Collaborating with IT, OT, and operations to strengthen operational security and compliance.
Senior Cybersecurity Engineer, Threat Detection and Response
Cybersecurity Engineer managing threat detection and response within Starbucks Security Operations Center. Leveraging expertise in cybersecurity and advanced log analysis to mitigate threats and support IT security.
Head of Security
Head of Security operating the information security program at Anomaly. Focused on enabling rapid product development while maintaining security and compliance.