VP, Information Security

Brightside Health delivers life-saving virtual mental healthcare to everyone who needs it. We are powered by proprietary AI, purpose-built technology, a world-class clinician network, and a care model that rivals the best of in-person treatment. When combined with precision psychiatry and leading-edge therapeutic techniques, we’re able to improve outcomes for those with mild-to-severe clinical depression, anxiety, and other mood disorders. Our innovative approach has earned recognition from leading publications such as Healthline, Fortune, and Forbes, naming us 'Most Comprehensive,' and 'Best Online Therapy for Anxiety and Depression.'

We take an action-oriented, purposeful approach with everything we do and seek out team members who value collaboration and thoughtful prioritization. As a result, our organization is looking for the brightest and most innovative talent in the industry. We can promise you that, as a member of the Brightside team, you’ll have the opportunity to collaborate alongside smart and driven people while growing your professional skills.

We are seeking an experienced and pragmatic VP of Information Security to report directly to the Chief Technology Officer. This leader will guide both our Information Security and IT functions through a high-growth phase, ensuring the organization maintains strong security, privacy, and compliance standards while continuing to scale efficiently.

This is not a purely managerial role. We are looking for a hands-on, “roll-up-your-sleeves” leader who can operate strategically while also diving into execution when needed. You will serve as a cross-functional enabler, partnering across the business to embed security and compliance into how we build, operate, and innovate.

What you’ll be doing as the VP, Information Security:

Leadership & Strategy

• Lead and develop a high-performing, lean InfoSec and IT team
• Act as a trusted advisor to executive leadership on security, risk, and compliance strategy
• Enable business growth by embedding security as a business enabler, not a blocker
• Translate complex technical risks into clear business impact and decisions

Security, Risk & Compliance

• Maintain and mature HITRUST certification (MyCSF) and SOC 2 Type II attestation
• Own and evolve the organization’s risk management program
• Lead security incident response and continuous improvement of response capabilities
• Oversee vulnerability management, threat detection, and remediation efforts
• Drive vendor risk management and third-party security oversight
• Ensure compliance with HIPAA and other applicable regulatory requirements

Technical Oversight

• Oversee application, infrastructure, and data security across a cloud-first environment
• Manage and optimize SIEM and security monitoring capabilities
• Guide secure architecture decisions in partnership with engineering and product teams
• Support secure scaling of systems during rapid organizational growth

IT & Operational Excellence

• Oversee IT operations to ensure reliable, secure, and high-quality support for employees and clinicians
• Deliver a seamless IT experience for a fully remote workforce and distributed clinician network
• Establish metrics and reporting on security posture, compliance health, and IT performance

Cross-Functional Collaboration

• Partner with Legal, Compliance, Engineering, Product, and Clinical teams to ensure alignment
• Drive a culture of shared responsibility for security and privacy
• Support innovation initiatives while maintaining appropriate risk controls

Requirements:

• Experience leading Information Security in a HIPAA-compliant, high-growth tech environment (100+ employees)
• Proven success guiding organizations through HITRUST (MyCSF) certification and SOC 2 Type II attestation
• Experience scaling a company through significant growth (e.g., 50 → 250+ employees)
• Background in telehealth, digital healthcare required
• Experience managing and mentoring small, high-impact teams
• Comfortable operating as a player-coach—balancing strategy with hands-on execution
• Ability to influence without authority and drive alignment across diverse stakeholders
• Strong hands-on experience with:
• • Cloud environments
  • SIEM and security monitoring tools
  • Vulnerability management programs
  • Incident response leadership
  • Vendor risk management
  • Deep understanding of security architecture, infrastructure, and application security
• CISSP preferred
• CRISC or strong risk management background is a plus

Benefits:

• A competitive salary
• Stock options so you have equity
• Fully paid for comprehensive health care (medical, dental, vision)
• Pet Insurance 
• Life Insurance & Short / Long Term Disability 
• 401k Plan 
• Unlimited PTO and sick leave
• Parental Leave 
• Work remotely and whatever schedule works best for you
• Additional memberships and perks

Work Environment & Culture

At Brightside Health, you’ll join a fully remote, mission-driven team that values flexibility and impact. You’ll collaborate with professionals across engineering, product, and clinical teams, all dedicated to transforming mental healthcare. Our culture fosters continuous learning, empathy, and cross-functional collaboration.

We celebrate diversity and are committed to equal employment opportunities based on merit, competence, and performance. Research shows that underrepresented groups often apply only if they meet 100% of the listed criteria—we encourage women, people of color, and LGBTQ+ job seekers to apply even if they don’t check every box.

Compensation & Hiring Commitment

Final offers are determined by multiple factors, including location, experience, and expertise. If you have questions about compensation bands, please ask your recruiter.

At Brightside, we recognize that building life-changing technology for mental health is both a responsibility and a privilege. We set high standards while ensuring every team member is valued, trusted, and empowered in an environment driven by inclusion and impact.