Vice President, Information Security (CISO)

Curology is a technology company building the future of skincare through personalized prescription treatment. We believe that dermatology should be accessible to everyone—great skin shouldn't be a luxury, but a fact of life. To make this possible, we're building tech to power an entire in-house medical ecosystem, covering everything from medical care to provider licensing and pharmacy fulfillment operations.
We're hiring an experienced VP of Information Security to own Information Security, Application Security, and IT functions at Curology. You will be responsible for the company's overall security strategy, program oversight, and architecture development for the organization. You will establish and lead the company's Security Steering Committee to constantly improve all aspects of security at Curology. You will also be a key contributor to privacy and compliance initiatives. This is a critical, high-visibility role that reports directly to the CTO and will collaborate with Curology's executive leadership team.
In this role, you will:- Build Curology’s Information & Application Security Engineering function in partnership with Engineering to secure our production and data infrastructures.- Be responsible for Curology's IT Organization including Help Desk, End User Engineering, Security, and SAAS Operations.- Identify relevant security frameworks and own execution of associated strategy and roadmaps.- Conduct regular third-party independent audits of our security posture and ensure any resulting actions to address gaps or weaknesses are appropriately assigned and completed.- Build a proactive security practice that identifies and remediates issues through white hat activities, game days, and research.- Manage our response to security incidents and ensure that they are appropriately addressed, documented, and reported.- Create and lead an Internal Security Steering Committee in collaboration with Curology's Executive Leadership.- Be a key stakeholder in Curology's Governance, Risk, and Compliance (GRC) activities.- Serve as a key member of the Technology Organization's Senior Leadership Team.- Own compensation, team design, hiring, and retention plan for the Security group.
You will be successful if you have:- Public Company Experience: Experience taking a company public in a security leadership role or extensive experience leading security at a public company.- Technical Expertise: Demonstrated experience with Application Security, DevOps, or Cloud Security functions including experience with cloud computing technologies, with security commitments to customers and partners.- Regulatory Experience: Knowledge and understanding of relevant legal and regulatory requirements, such as HIPAA (Health Insurance Portability and Accountability Act), Sarbanes-Oxley Act (SOX) and Payment Card Industry/Data Security Standard Personally Identifiable Information (PII), Service Organization Control (SOC), and California Consumer Privacy Act (CCPA).- Security Leadership Experience: 7+ years of experience in a combination of risk management, information security, and application security engineering roles, with 3+ years in a senior leadership role (Director, VP, or CISO).- Security Certifications: CISSP, CISM, CRISC, GSEC, CISA, or ability to be certified.- Excellent Communicator: Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
You will love working at Curology because:- Amazing team culture and environment- Awarded Great Place To Work & Inc.’s Best Workplace- Competitive salary and equity options- Unlimited, flexible PTO for exempt employees- Comprehensive benefits: Medical, dental and vision insurance are covered 90%+ for employees; flexible spending account; 401k- Paid maternity and paternity leave- Free subscription to Curology!- Company-sponsored happy hours and outingsCurology encourages applications from people of all races, religions, national origins, genders, sexual orientations, gender identities, gender expressions and ages, as well as veterans and individuals with disabilities. Notice to Applicants under the CCPA.