Location: Remote (United States)

Type: Fractional / Contract

Compensation: Competitive, based on experience and scope

About Triplemoon

Triplemoon is a digital health platform transforming family wellness by addressing critical gaps in mental, behavioral, and nutritional health. We partner with providers, employers and ultimately families to provide accessible, evidence-based mental health resources that improve patient outcomes, increase provider capacity, and boost clinic financials. With growing demand for tailored, mental health resources amidst a shortage of providers (with wait times exceeding 4-6 weeks), Triplemoon is uniquely positioned to solve a critical gap in care for families and clinics. As we grow our collaborative care offering we are adding to our team.

The Opportunity

Triplemoon is seeking a Virtual Chief Information Security Officer (vCISO) to oversee and continuously strengthen our information security, IT operations, and compliance posture. As a fully remote healthcare organization, we rely on secure, scalable technology systems to support our employees, patients, and provider partners.

This role combines strategic information security leadership with hands-on operational oversight. The ideal candidate will serve as Triplemoon's trusted security advisor, ensuring our systems remain secure, compliant, and audit-ready while providing responsive support to our growing remote workforce.

Responsibilities

Information Security & Compliance

• Own the strategy, design, implementation, and continuous improvement of Triplemoon's information security and compliance program.
• Ensure ongoing compliance with HIPAA and healthcare security best practices.
• Lead readiness efforts for future SOC 2 certification and other security frameworks as needed.
• Develop, maintain, and document security policies, procedures, and controls.
• Coordinate security incident response, investigation, remediation, and post-incident reviews.
• Support customer security questionnaires, audits, and compliance requests.
• Partner with leadership to identify, assess, and mitigateinformation security risks.

IT Operational Oversight

• Manage and oversee an IT MSP or MSSP who can:
• • Implement security controls and compliance within SaaS vendors and IT systems
  • Provide tiered end-user support for hardware, software, and SaaS application issues
  • Provide device and asset management
  • Manage identity and access, including systems for onboarding and offboarding
• Maintain system documentation, operating procedures, and technology standards.
• Recommend and implement improvements to strengthen security, scalability, and user experience.

Vendor Risk Management

• Conduct security reviews of third-party vendors and software platforms.
• Maintain required security documentation, including BAAs, DPAs, SOC reports, and related compliance artifacts.
• Monitor vendor compliance and support periodic risk assessments.

Qualifications

• 7+ years of experience in information security, IT administration, compliance, or related roles.
• Experience serving as a vCISO, security leader, or senior security consultant.
• Strong knowledge of HIPAA Security Rule requirements and healthcare security best practices.
• Experience preparing organizations for SOC 2 audits and other compliance frameworks.
• Experience supporting early-stage startups or high-growth healthcare organizations.
• Hands-on experience administering Google Workspace, identity management platforms, endpoint management tools, and SaaS environments.
• Familiarity with remote workforce security and cloud-first technology environments.
• Excellent documentation, communication, and stakeholder management skills.
• Ability to operate independently while serving as a strategic advisor to company leadership.

Preferred Qualifications

• Experience working with and configuring cloud-native SaaS stacks for regulatory compliance, such as Vanta, 1Password, Google Workspace, Rippling, and other cloud-based healthcare technology platforms.

Success in This Role

The successful vCISO will ensure that:

• Triplemoon maintains a strong security and compliance posture.
• Security controls are documented, monitored, and continuously improved.
• Systems remain reliable and well-supported for a fully remote workforce.
• Customer security reviews and audits are completed efficiently and confidently.
• Triplemoon remains audit-ready and positioned for future compliance milestones, including SOC 2 readiness.
• IT issues, including onboarding and offboarding, are handled securely and consistently.