VP Information Security at Talkspace
Our mission at Talkspace is to make therapy affordable and accessible to everyone. To get there, we need exceptionally talented, bright, and driven people. Help over one million people feel better.
We are looking for an experienced VP of Information Security to join our Technology team in our NYC Headquarters. This role would be responsible for building overall security strategy for the company, assessing and implementing best practices, and monitoring KPIs around security goals. We are looking for someone who is both a strategic leader and hands-on at implementation, who wants to bring their talents into a “for purpose” space. In this role, we expect you to lead by example. We are looking for an individual to implement, guide and teach employees about security best practices in a cloud environment. Security is an important part of how we destigmatize mental health, and we are looking for a partner who wants to build To work at Talkspace, you need to be as passionate as we are about our work, and excited to partner with us to achieve our mission of bringing quality mental healthcare to all.
About This Role
- Develop and execute on both tactical and strategic goals to drive a comprehensive and mature information security program
- Lead the information security function with communication across the company to ensure consistent and high-quality information security management in support of the business goals
- Implement HIPAA and PCI compliance into all business, security, and IT processes across the company
- Regularly measure, monitor, and report on key metrics for tracking information security program goals, resource allocation, and maturity of the information security program
- Work with the Engineering Team, CTO, and the leadership to develop our information and security program to the highest standards
- Lead compliance efforts such as SOC 2, PCI, GDPR, HITRUST, etc.
- Expert-level understanding of IT threat landscape and information security architectures as well as applicable laws, regulations
- Work with business development team to support reporting and compliance efforts with our partners
- Expert with SIEM and Log management such as Syslog, Events Logs, ELK, etc.
- Conduct penetration testing and use products such as Kali, Burp, CoreImpact, Metasploit in order to perform penetration testing of networks and applications
- Resident expert in security for AWS, Firewalls, IDS, SIEM, VPN's, Encryption, endpoint protection, Proxies, SSO and access control technologies.
- Secure a deployment pipeline from local development to production ready code.
- Work collaboratively with multiple groups in a variety of settings and be able to listen, articulate positions, and advocate designs
- Conduct regular security scans of systems, report on remediation work and related upgrades and implementations
- Partner across departments and functions to coordinate implementation of incident response plans, disaster recovery, data backup systems, and physical security
- Supplement and support information security training and tests across all levels of the company
- Present to leadership risk, technical strategy, industry trends, and insights
- Minimum of 7 to 10 years of experience in a combination of risk management, information security and IT jobs (at least five must be in a senior security leadership role)
- BS Degree in Computer Science or a related field; Master's degree preferred or demonstrated comparable mastery of a domain
- Preferred Industry Certifications: Industry certifications such as CISSP, CISM, CISA, CEH
- Hands-on security professional & technologist with experience securing web services running in a public cloud environment (AWS, GPC, Arure)
- Knowledge of regulatory compliance frameworks - HIPAA, NIST, SOX, ISO, GDPR, PCI DSS
- Strong knowledge of the various security solutions, such as AV, IPS, IDS, SIEM, VPN, DNS, firewalls, proxies, etc. is required
- Knowledge of Cloud Security best practices and tools such as security group management, developer account management, secure deployment models, etc.
- Knowledge of and experience in scripting is required
- Knowledge of web applications and API is required
- The ability to translate compliance tasks meant of an “on-prem” environment into objectifiable marks for a cloud architecture.
- Project manager able to drive projects to execute, collaborate and drive the highest quality in security management
- Communicate effectively (verbal & written) and are able to sell ideas and clearly explain findings
- At ease with ambiguity and startup environment
- Experience (or strong interest) in working in a fast-paced startup environment
- Wants to save the world
Because we are on a mission to make the world a better place. Our focus to help people feel happy starts at Talkspace, where we connect, collaborate, and have fun. Monthly team outings, happy hours, in-house family-style lunches, office snacks, unlimited PTO, access to Talkspace products, ping pong table, and competitive benefits are just some of the ways we make Talkspace a great place to work. Do you want to save the world? Come join us!
EQUAL OPPORTUNITY EMPLOYER
Talkspace is an equal opportunity employer. Applicants are considered for all roles without regard to race, color, religious creed, sex, national origin, citizenship status, age, physical or mental disability, sexual orientation, marital, parental, veteran or military status, unfavorable military discharge, or any other status protected by applicable federal, state or local law.