Chief Information Security Officer

Summary

Join SimplePractice as the Chief Information Security Officer (CISO) and lead our security organization, developing and implementing a comprehensive cybersecurity strategy. You will be responsible for all aspects of information security, ensuring customer data privacy and aligning security with business goals. This VP-level role reports to the Chief Legal Officer and requires extensive experience building and scaling security programs in large organizations, particularly within SaaS or healthcare. The ideal candidate possesses strong communication, leadership, and technical skills, with a passion for fostering a security-conscious culture. SimplePractice offers a competitive compensation package and benefits.

Requirements

• 12-15+ years of experience building and scaling information security, risk management and compliance programs within large, complex organizations
• Previous experience as a CISO or equivalent at a SaaS company or healthcare provider
• Deep expertise in security, privacy and IT audit frameworks, such as HITRUST CSF and regulatory standards such as HIPAA and PCI
• Extensive experience with risk management, incident response, crisis management threat intelligence and developing secure business practices
• Strong experience in technical security areas including penetration testing, vulnerability management, mobile security, cloud security and network security
• Experience with secure coding practices, identity and access management and security incident response
• Strong communication skills with demonstrated ability to communicate complex surety concepts to executive leaders, to customers and other non-technical audiences
• Experience working with high velocity software deployment environments
• Demonstrated people management skills - ability to motivate, mentor and grow a small team of highly committed security professionals while balancing strategic vision and day-to-day operations
• Bachelor’s degree in a related field

Responsibilities

• Create and own execution of the long-term cybersecurity and application security vision, strategy and roadmap, aligned with SimplePractice’s growth and product roadmap
• Protect the privacy, availability, and integrity of client data
• Establish proactive security measures to detect, prevent and mitigate cyberattacks (threat intelligence)
• Partner with teams across the organization to establish and sustain a security-conscious culture, including the development and implementation of security policies, standards, guidelines and awareness programs
• Provide thought leadership on contemporary security operations and be a market leader in establishing trust through security
• Support GTM strategies to utilize security and compliance for commercial benefit
• Anticipate strategic and scaling-related difficulties through collaborative long-term planning with key stakeholders, including identifying, assessing, and mitigating security risks
• Conduct ongoing evaluations of SimplePractice’s risk profile, identifying gaps and implementing a robust risk management framework
• Oversee the management of enterprise-wide cybersecurity programs, including incident response and crisis management, 24x7 security operations, security architecture, security contingency plans and threat intelligence
• Identify and mitigate security risks, recommending both technical and business controls to prevent vulnerabilities
• Ensure compliance with applicable security regulations (such as HIPAA, HITRUST, PCI)
• Obtain and maintain certifications that establish credibility in the marketplace. Deliver overall strategy for future certifications

Preferred Qualifications

• Preference given to candidates with prior experience in digital health and/or to candidates with Product Led Growth and small business customer base
• Advanced certifications such as CISSP, CISM or CISA
• A passion for helping private practices thrive in the mental wellness space

Benefits

• Medical, dental, vision, life & disability insurance
• 401(k) plan with company match
• Flexible Time Off (FTO), wellbeing days, paid holidays, and summer Fridays
• Mental health resources
• Paid parental leave & Backup Care
• Tuition reimbursement
• Employee Resource Groups (ERGs)
• Annual bonus
• Equity
• Commission
• Overtime pay