Vice President, Security

Summary

Join Carrot Fertility as their VP of Security (CISO) and lead their security function to the next level of maturity, preparing for a successful exit event like an IPO. You will oversee all areas of security, implement a comprehensive security strategy, and collaborate with executive leadership. This role requires managing and coaching a security team, collaborating with engineering, and prioritizing risk assessments. You will ensure the security and privacy of sensitive member data while adhering to international laws and frameworks. The position demands extensive experience in information security, healthcare, and compliance with various security frameworks. Carrot offers a competitive compensation package and a holistic total rewards program.

Requirements

• Bachelor’s degree in a relevant field (e.g., Computer Science, Software Engineering, Information Technology)
• Minimum 10+ years of Information Technology experience, including 5+ years in Information Security
• CISSP, CISM, or other relevant security certification
• Senior leadership experience overseeing Security at a late-stage startup or public company
• Exceptional communication abilities for collaboration with executive leadership
• Experience engaging with strategic customers in sales, emphasizing Carrot’s security standards
• Deep experience in the healthcare industry and understanding of global data protection frameworks (HIPAA, GDPR, CCPA/CPRA)
• Experience overseeing implementation and compliance of enterprise security frameworks (SOC 2 Type II, HITRUST, PCI DSS, ISO 27001)
• Experience with and understanding of application security frameworks (NIST CSF and OWASP)
• Understanding of and experience with application security, network security, and cloud hosting providers (AWS and Azure)
• Experience running Security initiatives (Incident Response, Risk Management, Data Privacy, Audits, Security Operations, Vulnerability Management, Penetration Testing, Security Awareness Training, Phishing Awareness Campaigns, and Bug Bounties)
• Experience in budget management and resource allocation

Responsibilities

• Oversee all areas of Security at Carrot, including Corporate Security (GRC, Incident Management, Security Awareness) and Product Security (Application Security, Infrastructure Security, SDLC)
• Implement and execute a comprehensive Security strategy, leveraging a robust maturity model (e.g., C2M2) to prioritize strategic initiatives
• Collaborate with executive leadership (CTO, CLO, CIO) to align on and drive top-level business objectives related to Security
• Be accountable for delivering prioritized strategic initiatives for the Security organization
• Assess Carrot's Security needs and grow the Security team as the company scales
• Manage and coach a team of security professionals
• Collaborate with Engineering (Internal Platform team) to improve Security Engineering practices, exceeding compliance requirements
• Prioritize internal risk assessments (Application Security, Cloud Security, Cyber Security) and use these to prioritize technical changes and safeguards
• Tailor security recommendations to align with industry standards for both remote-first and in-office work environments
• Take an active role in all Security functions, balancing hands-on execution and strategic delegation

Preferred Qualifications

• Experience leading Security through a company exit event (M&A or IPO)
• Experience at an early-stage startup

Benefits

• Health and wellness benefits
• Retirement savings plans
• Short- and long-term incentives
• Parental leave
• Family-forming assistance
• Competitive compensation package
• Base salary ranging from $200,000.00 - $225,000.00