Lyra Health - VP of Information Security

• Security Strategy and Governance: • Develop, implement, and maintain a comprehensive, long-term, global information security strategy aligned with business objectives and risk tolerance. • Refine and enforce security policies, standards, and procedures across the organization. • Report on the organization's security posture and risk profile to the executive team and the Board of Directors. • Security Operations and Incident Response: • Establish and lead the security operations center (SOC) and incident response teams. • Develop and execute an incident response plan to ensure swift detection, containment, and recovery from security breaches. • Oversee the management of security technologies. • Security Architecture and Technology: • Provide strategic direction for the design and implementation of secure enterprise and cloud infrastructure. • Stay current with emerging cybersecurity threats, technologies, and best practices. • Evaluate and recommend new security technologies and services to enhance the organization's defenses. • Risk Management and Compliance: • Lead the identification, assessment, and mitigation of security risks and vulnerabilities. • Ensure the organization's compliance with relevant industry standards and regulatory frameworks (e.g., GDPR, HIPAA, ISO 27001, SOX). • Vendor and Third-Party Risk: • Manage and assess the security risks associated with third-party vendors and partners. • Continue hardening vendor risk management program to ensure supply chain security. • Leadership and Team Management: • Mentor, and lead a high-performing information security team. • Continue fostering a culture of cybersecurity awareness across all departments through training and communication programs. • Maintain strong working relationships with cross-functional teams, including DevOps, IT, Legal, Privacy, Engineering, Data and integrate security into business processes. • Bachelor's degree in Computer Science, Information Security, or a related field. • 12+ years of progressive experience in information security, with at least 5 years in a senior leadership role. • Proven experience in developing and executing an enterprise-wide, global information security program. • Demonstrated experience in managing security incidents and leading crisis response efforts. • Bonus points for experience leading one or more of HiTrust, ISO, SOC, FedRamp/GovRamp audits. • Certified Information Systems Security Professional (CISSP) • Certified Information Security Manager (CISM) • Certified in Risk and Information Systems Control (CRISC) • Certified Chief Information Security Officer (CCISO)