Information Security Manager
Remote - US
Big Health
Our mission is to help millions back to good mental health. Our digital therapeutics are safe and effective non-drug alternatives for mental health.In pursuit of our mission, we’ve pioneered the first at-scale digital therapeutic business model, in partnership with some of the most prominent global healthcare organizations, including CVS Health and the UK’s NHS. Through product innovation, robust clinical evaluation, and a commitment to equity at scale, we are designing the next generation of medicine and the future of mental health care.
Our VisionOver the next 5-10 years, digital therapeutics (DTx) will transform the delivery of health care worldwide, providing access to safe and effective evidence-based treatments to billions. Big Health is in a prime position to take the lead in this transformation.
Big Health is a remote-first company, and this role can be based anywhere in the US. We encourage you to apply even if you don’t meet 100% of the job requirements.
Join us.
As our Information Security Manager, you will be responsible for developing and implementing comprehensive security policies and procedures, ensuring compliance with relevant regulations, and fostering a culture of security awareness across the organization in accordance with our company strategy.
Job Responsibilities:
- Develop and execute a robust information security strategy aligned with organizational goals and industry best practices
- Be an internal security expert for partner contracting, HITRUST, GDPR, NIST, HIPAA and other state and federal privacy and security requirements
- Assess and prioritize security risks and formulate effective risk management strategies
- Implementing comprehensive security policies and procedures, ensuring compliance with relevant regulations, and fostering a culture of security awareness across the organization as directed by our company HQ cyber security strategy
- Collaborate with cross-functional teams to integrate security measures into business processes and applications
- Establish and maintain information security policies, standards, and guidelines
- Perform routine capability and maturity assessments and long-range planning, as well as evaluation of current and future-state toolsets and partnerships
- Ensure compliance with relevant data protection laws, regulations, and industry standards
- Coordinate and participate in security audits, assessments, and certification processes
- Work closely with legal to address any security-related legal and regulatory requirements
- Develop and maintain an incident response plan to address security incidents promptly and effectively
- Lead incident response efforts, including investigation, containment, and resolution
- Conduct post-incident analysis and implement corrective actions
- Evaluate the security posture of vendors and third-party partners
- Establish and maintain a robust vendor risk management program to ensure the security of third-party relationships
- Oversee the selection, implementation, and maintenance of security technologies
- Work closely with the IT and infrastructure teams to ensure that security controls are integrated seamlessly into the technology infrastructure for internal tools and systems, as well as for existing products
- Assist in security-related documentation (RFPs, PPTs, etc.)
Required Skills and Experience:
- Bachelor's or Master's degree in information security, cybersecurity, or a related field
- Industry-recognized certifications such as CISSP/HCISPP, CISM, or CISA
- Minimum of 5 years of experience in information security management
- Strong understanding of relevant data protection laws, regulations, and industry standards
- Excellent communication and leadership skills
- Ability to collaborate with diverse teams and drive a culture of security awareness
Highly Preferred Experience:
- Prior experience working in the Healthcare industry
- Experience in international security regulations (primarily UK / EU)
Life at Big Health:
- Join a diverse team of all backgrounds, we’re proud to be an equal opportunity employer
- Autonomy over your work and freedom to input
- Enjoy a clearly structured personal review and development program
- Quarterly happiness survey that we use to ensure we’re creating a healthy and happy workplace for ourselves
- Fund for spending on personal happiness
- Regular team and company events
- Generous vacation and maternity/paternity policy
- Competitive salary and equity package
More Background on Big Health:
- Backed by leading venture capital firms, Index Ventures, Octopus Ventures, and Kaiser Permanente Ventures
- With offices in London and San Francisco, Big Health’s products are used by large multinational employers and major health plans to help improve sleep and mental health. To date, more than 12 million people across 60+ countries have access to Sleepio or Daylight
Additionally, we will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance. Big Health participates in E-Verify and will provide the federal government with Form I-9 information from all new employees to confirm that they are authorized to work in the U.S. Big Health does not use E-Verify to pre-screen applicants.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISA CISM CISSP Compliance GDPR HIPAA HITRUST Incident response NIST Privacy Risk management Security strategy Strategy
Perks/benefits: Career development Competitive pay Equity Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs