Director, Chief Information Security Officer

Posted Jun 20

Director, Chief Information Security Officer (CISO)

Our Company:

At Cerebral, we're on a mission to democratize access to high-quality mental health care for all. We believe that everyone everywhere deserves to get the care they need, and are striving to make care convenient and accessible, while tackling the stigmas that surround mental illness.

Since launching in January of 2020, Cerebral has scaled to provide mental health services to more than 700,000 people in all fifty US states. With support from investors like SoftBank, Silver Lake, Access Industries, Bill Ackman, WestCap, and others, and impactful leaders like you, we’ll continue to democratize mental health care and double down on clinical quality and deliver exceptional client outcomes for years to come. With a heavy focus on clinical quality and safety in all that we do, we’ve accomplished excellent outcomes for hundreds of thousands of clients:

  • 82% of clients report an improvement in their anxiety symptoms after using Cerebral.  
  • 75% of clients who report improvement in their depression see improvement within 60 days.  
  • 50% of clients who initially report suicidal ideation no longer harbor suicidal thoughts after treatment with Cerebral.

This is just the beginning for Cerebral, and we won’t stop building, growing, and iterating until everyone, everywhere can access high-quality, evidence-based mental health care without high costs and/or long wait times. We’re looking for mission-driven leaders who share these values, and we need your help as we transform access to high-quality mental health care in the United States and beyond.

The Role:

As a Director, CISO you’ll bring expert knowledge in IT and application security. You’ll lead and develop a lean, high-performing team in setting up or improving incident management procedures and protocols across the organization. You’re an established player-coach who can write infrastructure code to secure our systems and manage the security and IT team. You have previous CISO experience and have built and run a security program effectively.

Who you are:

  • Demonstrate strong technical architecture and engineering skills along with the ability to switch between technology paradigms
  • Adept at prioritizing value and shipping complex products requiring coordination across multiple teams
  • Experience securing AWS and Kubernetes based applications
  • Experience with threat modeling, open-source, and commercial security tools
  • Ability to write code to solve security issues; writing security tools, or automation/management of security-sensitive environments
  • Deep knowledge of AWS; how to configure least privileged access
  • Use of tools such as Terraform, Istio for managing security in public cloud environments
  • Use of vulnerability management tools (Tenable, CrowdStrike, Prisma, etc.)
  • Hands-on experience with SIEM, IDS, IPS and WAF solutions
  • Incident and IT security management 
  • Familiarity with security and compliance frameworks such as HIPAA, HITRUST, SOC2, ISO 27001/27013, NIST 800-53
  • General understanding of common web application deployment models and components
  • Posses discretion and must be capable of conducting confidential internal investigations using Google Workspace Admin, Google Vault, and similar tools

How your skills and passion will come to life at Cerebral:

  • Partner with Infrastructure, Engineering, Compliance, and Operations to ensure Cerebral’s end-to-end technology footprint is secure, utilizing preventative measures by matrix managing a security program for the entire organization
  • Hands-on implementation of security controls including preventative threat detection and employee training meetings
  • Develop, implement, and review security guidelines and configurations for an AWS based HIPAA compliant SaaS environment and a remote IT workforce
  • Institute proactive security monitoring and alerting capabilities utilizing a combination of custom cools and strategic partners 
  • Build security automation into infrastructure deployment and CI/CD pipelines
  • Perform manual and automated compliance, vulnerability, and penetration testing
  • Demonstrate and promote security best practices
  • Constantly improve policies and procedures such as incident management while gaining buy-in across the department and organization

What we offer: 

  1. Mission-driven impact:
  2. Shape the future of the #1 largest and fastest growing online mental health care company in the world
  3. Build a platform that is improving the lives and well-being of hundreds of thousands of people (and counting)
  4. Join a community of high achievers who have a passion for promoting mental health
  5. Path to develop & grow:
  6. Bi-annual performance reviews & opportunities for promotions - as Cerebral grows, so should you. We build your goals together and forge a career path that is right for you
  7. Remote-first model: Work virtually from anywhere in the US
  8. Competitive compensation & benefits:
  9. Total compensation includes annual bonus and equity / stock options
  10. Medical, Dental, Vision, Life Insurance, HSA, Flexible Spending Accounts and 401(k)
  11. Unlimited PTO - we encourage taking the time you need to relax and recharge
  12. Wellness perks including monthly mental health days off (12 per year) in addition to holidays, and “No Meeting Wednesdays”
  13. Up to $200 reimbursement for any equipment purchased to support your work-from-home environment (video camera, ring light, headset, etc.)
  14. Access to free Cerebral therapy services (up to 7 sessions per year)
  15. Medical travel expense health reimbursement arrangement 
  16. Paid parental leave after 3 months
  17. Culture & connectivity:
  18. Monthly peer-to-peer recognition allowance via Bonusly allows team members to reward one another for values-aligned contributions 
  19. Employee Resource Groups that bring team members together in a safe space to connect with one another and advance a respectful and inclusive company culture
  20. Virtual social events enable us to build a sense of community and connect on a more personal level
  21. Optional in-person local meetups for major hub cities

The national base salary range (OR the national hourly range for nonexempt positions) offered for this position is outlined below. Cerebral is committed to equal pay for equal work; however, business reasons may dictate variations in pay that are attributed to objective factors, such as a candidate's qualifications and years of experience. Total compensation includes base salary and may include an annual performance bonus and equity/stock options.

National Base Salary Range:

$183,000—$245,000 USD

Who we are (our company values):

  • Client-first Focus - relentless focus on advancing the quality of care, clinical experience, and patient safety
  • Ethics & Integrity - do what is right and demonstrate ethical principles, even when no one is watching
  • Commitment - accountable for fully delivering on commitments to our clients and each other
  • Impact & Quality - make a positive impact and deliver high quality outcomes, based on data and evidence
  • Empathy - act compassionately, listen to seek understanding, and cultivate psychological safety with clients and colleagues
  • Collaboration - achieve our goals together as a united team, strengthened by mutual openness, trust, and diversity of thought
  • Thoughtful Innovation - continuously evolve our ability to deliver on our mission, prioritizing long-term, strategic bets over short-term gains

Cerebral is committed to bringing together humans from different backgrounds and perspectives, providing employees with a safe and welcoming work environment free of discrimination and harassment. As an equal opportunity employer, we prohibit any unlawful discrimination against a job applicant on the basis of their race, color, religion, gender, gender identity, gender expression, sexual orientation, national origin, family or parental status, disability, age, veteran status, or any other status protected by the laws or regulations in the locations where we operate. We respect the laws enforced by the EEOC and are dedicated to going above and beyond in fostering diversity across our workplace.

___________________

Cerebral, Inc. is a management services organization that provides health information technology, information management system, and non-clinical administrative support services for various medical practices, including Cerebral Medical Group, PA and its affiliated practices (CMG), who are solely responsible for providing and overseeing all clinical matters. Cerebral, Inc. does not provide healthcare services, employ any healthcare provider, own any medical practice (including CMG), or control or attempt to control any provider or the provision of any healthcare service. “Cerebral” is the brand name commonly used by Cerebral, Inc. and CMG.