Chief Information Security Officer

The Chief Information Security Officer will be the leader of Information Security at Included Health. This position's primary responsibility is safeguarding patient, employee, customer, and third-party vendor data. You will be responsible for leading the team that designs, builds, implements, and maintains a world-class security program end to end. You will also be the representation for information security with our customers, prospects, investors, and board members.

Security is a strategically important pillar of our business, critical for the sustained growth of our company. This position is an exciting opportunity that requires strong technical competency, a proven managerial track record, and transformational leadership to continue the evolution of our enterprise security program for the future. Bring your best self, sense of humor included - we work hard, but we like to play hard too.

Duties and Responsibilities:

• Set the mission, vision, and strategy for the Information Security organization and execute to keep our members’ data safe
• Build trust, whether working cross-functionally with internal stakeholders (like Engineering or Legal) and collaborating externally with our customers, including CISOs and other Security professionals at Fortune 100 companies.
• Collaborate in a consultative manner with clear focus on our company’s objectives delivering on our mission for our members and clients
• Provide thought leadership and guidance while ensuring teams are engaged and focused on short-term priorities while establishing the long-term strategy
• Evangelize information security internally and externally, both with employees and company leadership as well as investors, clients & prospects, as well as board-level committees
• Continuously expand on the information security roadmap with the respective leaders in the Infosec organization
• Execute leadership and oversight for the implementation and automation of security capabilities, systems, and services - drive and evangelize the different functions within Information Security to business units and critical stakeholders across the Enterprise, including but not limited to IDS/IPS, SIEM, Vulnerability Management, Architecture Review, SAST/DAST, WAF, Incident Response, and Third Party Risk Management.
• Manage internal and external security/risk assessments, programs, penetration testing, bug bounty, vulnerability management, etc.
• Set the strategy and provide oversight to maintain existing security certifications (SOC2 Type 2 and HITRUST), and keep an eye on the future (e.g., FedRAMP and PCI ROC).
• Collaborate with audit, compliance, and privacy departments to maintain and enhance shared capabilities within the business, product, and services that Included Health provides.
• Manage capacity, budget, and resource allocation to meet growth initiatives and to ensure alignment with high-value projects to revenue generation, cost reduction, and business objectives.
• Engage with Senior Leadership to create visibility into relevant Security topics, provide updates on the threat landscape, and discuss mitigation strategies.
• Set the direction for creating and/or maintaining documentation of relevant standard operating policies and procedures and incorporating OKRs and KPIs to drive and measure the success of the Information Security program.

Qualifications:

• Previous security leadership experience, ideally leading a Security function
• Excellent communication skills at an executive level and the ability to dive deeper and document and explain technical details clearly and concisely
• Previous experience leading Product Security, Governance Risk & Compliance, and Security Engineering
• Operating expertise in cloud-based service offerings such as AWS, GCP, and Azure
• Experience in building and scaling a well-rounded security program, including benching to SOC2 / HITRUST / HIPAA standards using NIST controls
• Thorough understanding of the current threat and attack landscape, latest security trends, and principles
• Security certifications such as CISSP, OSCP, or CISM are preferred
• Ability to work collaboratively and cross-functionally across the Enterprise required
• B.S. / B.A. degree or relevant work experience

Physical/Cognitive Requirements:

• Prompt and regular attendance at assigned work location.
• Ability to work shifts of at least 8 hours, 5 days per week.
• Ability to thrive in a fast-paced, high-intensity work environment.
• Ability to remain seated in a stationary position for prolonged periods.
• Requires eye-hand coordination and manual dexterity sufficient to operate keyboard, computer and other office-related equipment.
• No heavy lifting is expected, though occasional exertion of about 20 lbs. of force (e.g., lifting a computer / laptop) may be required.
• Ability to interact with leadership, employees, and members in an appropriate manner.

The United States new hire base salary target ranges for this full-time position are:

Zone A: $203,330 - $287,210 + equity + benefits

Zone B: $233,830 - $330,292 + equity + benefits

Zone C: $254,163 - $359,013 + equity + benefits

Zone D: $264,329 - $409,708 + equity + benefits

This range reflects the minimum and maximum target for new hire salaries for candidates based on their respective Zone. Below is additional information on Included Health's commitment to maintaining transparent and equitable compensation practices across our distinct geographic zones.

Starting base salary for the successful candidate will depend on several job-related factors, unique to each candidate, which may include, but not limited to, education; training; skill set; years and depth of experience; certifications and licensure; business needs; internal peer equity; organizational considerations; and alignment with geographic and market data. Compensation structures and ranges are tailored to each zone's unique market conditions to ensure that all employees receive fair and competitive compensation based on their roles and locations. Your Recruiter can share details of your geographic alignment upon inquiry.

In addition to earning a base salary, this role is eligible for a performance-based bonus. Details of the Annual Bonus Plan, including performance metrics, target incentives, and potential earnings, will be discussed during the interview process.

Benefits & Perks:

In addition to receiving a competitive pay, the compensation package may include, depending on the role, the following: 

Remote-first culture

401(k) savings plan through FidelityComprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)

Full suite of Included Health telemedicine (e.g. behavioral health, urgent care, etc.) and health care navigation products and services offered at no cost for employees and dependents 

Generous Paid Time Off ("PTO") and Discretionary Time Off (“DTO")

12 weeks of 100% Paid Parental leave

Up to $25,000 Fertility and Family Building Benefit Compassionate Leave (paid leave for employees who experience a failed pregnancy, surrogacy, adoption or fertility treatment) 

11 Holidays Paid with one Floating Paid Holiday

Work-From-Home reimbursement to support team collaboration and effective home office work 

24 hours of Paid Volunteer Time Off (“VTO”) Per Year to Volunteer with Charitable Organizations

Your recruiter will share more about the benefits package for your role during the hiring process.

#LI-CG1