LifeMD is seeking a Vice President, Information Security to lead the enterprise cybersecurity, data protection, and IT compliance functions. The successful candidate will have 12+ years of progressive leadership in information security, cybersecurity, and risk management, preferably within healthcare, life sciences, or other highly regulated industries.
Requirements
- Lead all aspects of enterprise information security, including threat detection, incident response, vulnerability management, and continuous monitoring.
- Establish and mature a comprehensive Governance, Risk, and Compliance (GRC) framework aligned to healthcare industry standards.
- Continuously assess enterprise risk posture, prioritizing cybersecurity risks in alignment with clinical, operational, and financial risk frameworks.
- Design and implement strategies to protect sensitive patient data, including Protected Health Information (PHI), Personally Identifiable Information (PII), and clinical data.
- Ensure compliance with healthcare data security and privacy regulations, including HIPAA and HITECH, as well as state-specific privacy laws.
- Oversee data governance, encryption, identity management, and secure data exchange across clinical systems, patient platforms, and third-party partners.
- Lead enterprise-wide data protection initiatives, including breach prevention, detection, and response.
- Own and manage IT risk, compliance, and IT General Controls (ITGC) programs in support of SOX and healthcare regulatory requirements.
- Partner with internal audit, compliance, legal, and finance teams to ensure audit readiness and timely remediation of control deficiencies.
- Maintain compliance with standards such as HIPAA, HITRUST, SOC 2, PCI-DSS (as applicable), and other healthcare-specific regulatory frameworks.
- Support regulatory audits, accreditation processes, and third-party risk management programs.
- Lead security architecture across enterprise infrastructure, including cloud, hybrid, and on-premise environments supporting clinical and digital health platforms.
- Drive secure cloud transformation initiatives, ensuring appropriate controls across IaaS, PaaS, and SaaS environments.
- Partner with engineering, IT, and DevOps teams to implement DevSecOps practices and secure software development lifecycle (SDLC).
- Oversee identity and access management (IAM), role-based access controls, and privileged access governance across clinical and enterprise systems.
- Lead enterprise incident response strategy, including preparedness, detection, containment, and recovery from cyber incidents.
- Coordinate breach investigations, root cause analysis, regulatory reporting, and post-incident remediation.
- Develop and maintain business continuity and disaster recovery plans with a strong focus on clinical and operational resilience.
- Build, lead, and scale a high-performing information security organization, including security operations, risk, IT compliance functions.
- Serve as a key advisor to executive leadership, the Board, and Audit/Compliance Committees on cybersecurity risk and strategy.
- Drive enterprise-wide security awareness and training programs to foster a culture of security and compliance.
- Align cybersecurity initiatives with business priorities, digital health innovation, and patient-centric outcomes.
Benefits
- Health Care Plan (Medical, Dental & Vision)
- Retirement Plan (Roth 401k)
- Life Insurance (Basic, Voluntary & AD&D)
- Unlimited PTO Policy
- Paid Holidays
- Short Term & Long Term Disability
