Information Security Lead

Who we are

Third Way Health helps medical practices across the United States improve patient experience and access while reducing the administrative burden on practices. We enable practices to enhance the experience of their patients by providing them with a leading patient engagement platform and a world-class team of service representatives. What unites us is our passion to support providers and help patients from all backgrounds to have a better healthcare experience.

About the role

We're seeking an Information Security Lead  to enhance and extend security frameworks that protect millions of patients' sensitive healthcare data. You'll architect comprehensive security programs in a highly regulated healthcare environment, ensuring our platform meets the highest standards of data protection while enabling seamless patient care experiences that leverage leading-edge AI and technology. This is a high-impact leadership role—ideal for someone eager to "own the outcome" and establish security excellence in a "high tech + high touch" healthcare environment.

What you'll do

• Design and implement a comprehensive information security strategy aligned with business objectives and stringent healthcare regulatory requirements including HIPAA, SOC 2, and HITRUST.
• Architect and maintain security policies, procedures, and controls that protect patient data while enabling operational efficiency across all platform interactions.
• Conduct regular risk assessments, security audits, and vulnerability management programs to proactively identify and mitigate threats.
• Lead incident response processes and coordinate investigations of security events, ensuring rapid containment and comprehensive remediation.
• Collaborate closely with engineering, product, and operations teams to integrate security best practices into product development and service delivery workflows.
• Develop and deliver security awareness training programs for employees and stakeholders, fostering a culture of security-first thinking.
• Lead IT and information security discussions with customers, addressing technical security requirements, compliance questions, and integration considerations to support sales and partnership initiatives.
• Stay current with emerging threats, security technologies, and regulatory changes specific to the healthcare sector, translating insights into actionable security enhancements.

Required Qualifications

• 5+ years of information security experience with 3+ years specifically in leadership roles.
• In-depth knowledge of healthcare security standards including HIPAA, SOC 2, HITRUST, and other relevant compliance frameworks.
• Proficiency in security technologies including firewalls, encryption, access controls, intrusion detection systems, and security monitoring platforms.
• Experience designing and implementing cloud security architectures, particularly in AWS environments, including containerized security and infrastructure as code.
• Excellent communication and interpersonal skills, with the ability to engage effectively with technical and non-technical stakeholders in both written and verbal forms.
• A deep interest in healthcare innovation and a commitment to building security programs that positively impact health outcomes.
• Knowledge of security frameworks, risk management methodologies, and incident response best practices.

Desired Qualifications

• Bachelor's degree in Computer Science, Information Security, Cybersecurity, or related field.
• Experience in the healthcare technology sector, including hands-on experience with healthcare regulations and audit processes.
• Experience leading large security initiatives and mentoring junior security professionals.
• Strong applied knowledge of zero-trust architectures, identity and access management systems, and data loss prevention technologies.
• Experience implementing security monitoring, SIEM platforms, and automated threat detection systems.