Included Health is hiring a
Chief Information Security Officer

Summary

Join us as the Chief Information Security Officer, leading the Information Security team at Included Health and safeguarding patient, employee, customer, and third-party vendor data. This exciting opportunity requires strong technical competency, a proven managerial track record, and transformational leadership to continue the evolution of our enterprise security program for the future.

Requirements

• Previous security leadership experience, ideally leading a Security function
• Excellent communication skills at an executive level and the ability to dive deeper and document and explain technical details clearly and concisely
• Previous experience leading Product Security, Governance Risk & Compliance, and Security Engineering
• Operating expertise in cloud-based service offerings such as AWS, GCP, and Azure
• Experience in building and scaling a well-rounded security program, including benching to SOC2 / HITRUST / HIPAA standards using NIST controls
• Thorough understanding of the current threat and attack landscape, latest security trends, and principles
• Security certifications such as CISSP, OSCP, or CISM are preferred
• Ability to work collaboratively and cross-functionally across the Enterprise required
• B.S. / B.A. degree or relevant work experience

Responsibilities

• Set the mission, vision, and strategy for the Information Security organization and execute to keep our members’ data safe
• Build trust, whether working cross-functionally with internal stakeholders (like Engineering or Legal) and collaborating externally with our customers, including CISOs and other Security professionals at Fortune 100 companies
• Collaborate in a consultative manner with clear focus on our company’s objectives delivering on our mission for our members and clients
• Provide thought leadership and guidance while ensuring teams are engaged and focused on short-term priorities while establishing the long-term strategy
• Evangelize information security internally and externally, both with employees and company leadership as well as investors, clients & prospects, as well as board-level committees
• Continuously expand on the information security roadmap with the respective leaders in the Infosec organization
• Execute leadership and oversight for the implementation and automation of security capabilities, systems, and services - drive and evangelize the different functions within Information Security to business units and critical stakeholders across the Enterprise, including but not limited to IDS/IPS, SIEM, Vulnerability Management, Architecture Review, SAST/DAST, WAF, Incident Response, and Third Party Risk Management
• Manage internal and external security/risk assessments, programs, penetration testing, bug bounty, vulnerability management, etc
• Set the strategy and provide oversight to maintain existing security certifications (SOC2 Type 2 and HITRUST), and keep an eye on the future (e.g., FedRAMP and PCI ROC)
• Collaborate with audit, compliance, and privacy departments to maintain and enhance shared capabilities within the business, product, and services that Included Health provides
• Manage capacity, budget, and resource allocation to meet growth initiatives and to ensure alignment with high-value projects to revenue generation, cost reduction, and business objectives
• Engage with Senior Leadership to create visibility into relevant Security topics, provide updates on the threat landscape, and discuss mitigation strategies
• Set the direction for creating and/or maintaining documentation of relevant standard operating policies and procedures and incorporating OKRs and KPIs to drive and measure the success of the Information Security program

Benefits

• Remote-first culture
• 401(k) savings plan through Fidelity
• Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)
• Full suite of Included Health telemedicine (e.g. behavioral health, urgent care, etc.) and health care navigation products and services offered at no cost for employees and dependents
• Generous Paid Time Off (
• 12 weeks of 100% Paid Parental leave
• Up to $25,000 Fertility and Family Building Benefit Compassionate Leave (paid leave for employees who experience a failed pregnancy, surrogacy, adoption or fertility treatment)
• 11 Holidays Paid with one Floating Paid Holiday
• Work-From-Home reimbursement to support team collaboration and effective home office work
• 24 hours of Paid Volunteer Time Off (“VTO”) Per Year to Volunteer with Charitable Organizations