Director of Information Security
Compensation: $152,955.00 - $187,860.00 /year *
Employment Type: Full-Time
Industry: Information Technology
Our mission at Talkspace is to make therapy affordable and accessible to everyone. To get there, we need exceptionally talented, bright, and driven people. Help over one million people feel better.
We are looking for an experienced Director of Information Security to join our Technology team in our NYC Headquarters. This role would be responsible for building overall security strategy for the company, assessing and implementing best practices, and monitoring KPIs around security goals. We are looking for someone who is both a strategic leader and hands-on at implementation, who wants to bring their talents into a for purpose space. In this role, we expect you to lead by example. We are looking for an individual to implement, guide and teach employees about security best practices in a cloud environment. Security is an important part of how we destigmatize mental health, and we are looking for a partner who wants to build To work at Talkspace, you need to be as passionate as we are about our work, and excited to partner with us to achieve our mission of bringing quality mental healthcare to all.
About This Role
- Engineering, Implementing and monitoring security measure for the Talkspace platform and ecosystem
- Identifying and defining system security requirements, security by design
- Designing cloud infrastructure security architecture and developing detailed cyber security design
- Develop and execute on both tactical and strategic goals to drive a comprehensive and mature information security program
- Lead the information security function with communication across the company to ensure consistent and high-quality information security implementation in support of the business goals
- Prepare and document standard operating procedures and protocols
- Act as a lead Incident responder and forensic reviewer
- Configure and troubleshoot security infrastructure devices
- Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
- Ensure that the company knows as much as possible, as quickly as possible about security incidents
- Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
- Implement HIPAA and PCI compliance into all business, security, and IT processes across the company
- Work with the Engineering Team, CTO, and the leadership to develop our information and security program to the highest standards
- Lead compliance efforts such as SOC 2, PCI, GDPR, HITRUST, etc.
- Work with business development team to support reporting and compliance efforts with our partners
- Resident expert in security for AWS, Firewalls, IDS, SIEM, VPN's, Encryption, endpoint protection, Proxies, SSO and access control technologies.
- Secure a deployment pipeline from local development to production ready code.
- Partner across departments and functions to coordinate implementation of incident response plans, disaster recovery, data backup systems, and physical security
- Supplement and support information security training and tests across all levels of the company
- Present to leadership risk, technical strategy, industry trends, and insights
- Minimum of 5 to 7 years of experience in a combination of risk management and security enforcement in a consumer internet platform.
- BS Degree in Computer Science or a related field; Master's degree preferred or demonstrated comparable mastery of a domain
- Security Certifications: Industry certifications such as CISSP, CISM, CISA, CEH
- Hands-on security professional & technologist with experience securing web services running in a public cloud environment (AWS, GPC, Arure)
- Knowledge of regulatory compliance frameworks - HIPAA, NIST, SOX, ISO, GDPR, PCI DSS
- Strong knowledge of the various security solutions, such as AV, IPS, IDS, SIEM, VPN, DNS, firewalls, proxies, etc. is required
- Knowledge of Cloud Security best practices and tools such as security group management, developer account management, secure deployment models, etc.
- Knowledge of and experience in scripting is required
- Knowledge of web applications and API is required
- The ability to translate compliance tasks meant of an on-prem environment into objectifiable marks for a cloud architecture.
- Project manager able to drive projects to execute, collaborate and drive the highest quality in security management
- Communicate effectively (verbal & written) and are able to sell ideas and clearly explain findings
- At ease with ambiguity and startup environment
- Experience (or strong interest) in working in a fast-paced startup environment
- Wants to save the world
Because we are on a mission to make the world a better place. Our focus to help people feel happy starts at Talkspace, where we connect, collaborate, and have fun. Monthly team outings, happy hours, in-house family-style lunches, office snacks, unlimited PTO, access to Talkspace products, ping pong table, and competitive benefits are just some of the ways we make Talkspace a great place to work. Do you want to save the world? Come join us!
EQUAL OPPORTUNITY EMPLOYER
Talkspace is an equal opportunity employer. Applicants are considered for all roles without regard to race, color, religious creed, sex, national origin, citizenship status, age, physical or mental disability, sexual orientation, marital, parental, veteran or military status, unfavorable military discharge, or any other status protected by applicable federal, state or local law.
Associated topics: forensic, identity access management, idm, information assurance, information technology security, malicious, protect, security engineer, security officer, violation
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.
Loading some great jobs for you...