Chief Information Security Officer

About Us 

At SimplePractice, our team is dedicated to improving the health and wellness industry by building a suite of innovative solutions for practitioners and their clients. Our product supports practitioners on their clinical journey to becoming licensed, helps them manage their business and practice once they’re up and running, and enables new clients to discover and interact with practitioners. Taking a practitioner-first approach in everything we do makes it possible for health and wellness practitioners to devote more time to their clients while they use SimplePractice to start, grow, and maintain a successful private practice.

The Role

As the Chief Information Security Officer you will develop, implement and maintain a comprehensive cybersecurity, application security, and risk management strategy. The CISO will head our security organization, which  is responsible for all aspects of information security within the company and will lead our compliance efforts in the areas of strategy, enforcement, auditing, detection, prevention and response. 

This is a VP level role that will report to the Chief Legal Officer and will work closely with the CEO, executive team and the Board. The CISO will be ultimately responsible for ensuring that the security and privacy needs of our customers are met or exceeded while aligning the security strategy with business goals.

The ideal candidate for this role will have all of the requisite experience and skills to lead the internal efforts to secure our production and corporate environments in the heightened threat environment today. An ideal CSO candidate has the experience of building a cybersecurity program from the ground up and is a strong, execution-oriented individual. In addition, we view security and security compliance as strategically differentiated in our product offering and the CISO will be expected to demonstrate strong business acumen and a history of working with the business teams to drive commercial success.

Finally we expect our CISO to educate, evangelize, and promote a culture of security as a shared responsibility for all team members and provide the necessary tools and education to succeed.

Responsibilities:  

• Create and own execution of the long-term cybersecurity and application security vision, strategy and roadmap, aligned with SimplePractice’s growth and product roadmap
• Protect the privacy, availability, and integrity of client data
• Establish proactive security measures to detect, prevent and mitigate cyberattacks (threat intelligence) 
• Partner with teams across the organization to establish and sustain a security-conscious culture, including the development and implementation of security policies, standards, guidelines and awareness programs 
• Provide thought leadership on contemporary security operations and be a market leader in establishing trust through security
• Support GTM strategies to utilize security and compliance for commercial benefit
• Anticipate strategic and scaling-related difficulties through collaborative long-term planning with key stakeholders, including  identifying, assessing, and mitigating security risks.
• Conduct ongoing evaluations of SimplePractice’s risk profile, identifying gaps and implementing a robust risk management framework
• Oversee the management of enterprise-wide cybersecurity programs, including incident response and crisis management, 24x7 security operations, security architecture, security contingency plans and threat intelligence 
• Identify and mitigate security risks, recommending both technical and business controls to prevent vulnerabilities
• Ensure compliance with applicable security regulations (such as HIPAA, HITRUST, PCI)
• Obtain and maintain certifications that establish credibility in the marketplace. Deliver overall strategy for future certifications.

Desired Skills & Experience:

• 12-15+ years of experience building and scaling information security, risk management and compliance programs within large, complex organizations
• Previous experience as a CISO or equivalent at a SaaS company or healthcare provider.  Preference given to candidates with prior experience in digital health and/or to candidates with Product Led Growth and small business customer base
• Deep expertise in security, privacy and IT audit frameworks, such as HITRUST CSF and regulatory standards such as HIPAA and PCI
• Extensive experience with risk management, incident response, crisis management threat intelligence and developing secure business practices
• Strong experience in technical security areas including penetration testing, vulnerability management, mobile security, cloud security and network security
• Experience with secure coding practices, identity and access management and security incident response
• Strong communication skills with demonstrated ability to communicate complex surety concepts to executive leaders, to customers and other non-technical audiences
• Experience working with high velocity software deployment environments
• Demonstrated people management skills - ability to motivate, mentor and grow a small team of highly committed security professionals while balancing strategic vision and day-to-day operations
• A passion for helping private practices thrive in the mental wellness space  
• Bachelor’s degree in a related field; advanced certifications such as CISSP, CISM or CISA preferred

Base Compensation Range

$270,000 - $320,000 annually

Base salary is one component of total compensation. Employees may also be eligible for an annual bonus, equity or commission. Some roles may also be eligible for overtime pay.

The above represents the expected base compensation range for this job requisition. Ultimately, in determining your pay, we’ll consider many factors including, but not limited to, skills, experience, qualifications, geographic location, and other job-related factors.

Benefits

We offer a competitive benefits program including:

• Medical, dental, vision, life & disability insurance
• 401(k) plan with company match
• Flexible Time Off (FTO), wellbeing days, paid holidays, and summer Fridays
• Mental health resources
• Paid parental leave & Backup Care
• Tuition reimbursement
• Employee Resource Groups (ERGs)

California Job Applicant Privacy Notice

Thank you for your interest in opportunities at SimplePractice LLC (“SimplePractice” or “us” or “we” or “our”). Please note that when you submit your resume or application materials to us for employment purposes, you are subject to the SimplePractice California Job Applicant Privacy Notice. 

For more information about our privacy practices, please contact us at [email protected].