Technical Security & Compliance Program Lead (US Remote)

Octave’s mission is to create a new standard for mental healthcare delivery, one that is accessible to more people and sustainable for providers. We are broadening access to high quality mental health services that are measurement-based and insurance funded. Now more than ever, we are looking to serve communities dealing with the rising public health challenge of addressing mental health needs. Octave is VC-backed and was founded in 2018 with footprints in New York and California, as well as virtually nationwide. We are expanding our beautiful practices throughout New York and California, offering telehealth and also clinic-based services. Learn more at  www.findoctave.com

We are seeking a highly skilled and experienced Technical Security and Compliance Program Lead to join Octave. As the program lead, you will play a critical role in ensuring the security and compliance of our technology infrastructure and data assets. The ideal candidate should possess a strong background in building and leading security and compliance teams in startup environments, particularly in industries dealing with highly sensitive data, such as healthcare.  

• Develop and implement a comprehensive security and compliance program to protect our technology systems, data, and infrastructure in accordance with industry standards, regulatory requirements, and best practices. 
• Collaborate closely with cross-functional teams, including engineering, operations, legal, and privacy, to drive security and compliance initiatives across the organization.
• Conduct risk assessments, identify vulnerabilities, and implement appropriate measures to mitigate security risks.
• Establish and maintain security policies, procedures, and controls, ensuring they are regularly reviewed, updated, and communicated effectively to relevant stakeholders.
• Stay up-to-date with emerging security threats, trends, and technologies, and recommend proactive measures to enhance our security posture.
• Manage security incident response and coordinate forensic investigations, ensuring timely and effective resolution.
• Oversee security awareness and training programs for employees, promoting a culture of security consciousness and compliance.
• Collaborate with external auditors and regulators to facilitate compliance assessments and audits, ensuring adherence to applicable regulations and standards.
• Provide regular reports to executive leadership on the status of security and compliance initiatives, key metrics, and areas of concern.

• Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degree or relevant certifications (e.g., CISSP, CISM) are highly desirable.
• Experience in a leadership role within a startup environment, building and managing security and compliance programs.
• Strong knowledge of relevant regulations and industry standards, such as HIPAA, GDPR, ISO 27001, NIST Cybersecurity Framework, and HITRUST.
• Experience in industries dealing with highly sensitive data, particularly healthcare, is highly preferred.
• Solid understanding of security technologies, including firewalls, intrusion detection/prevention systems, endpoint protection, vulnerability management, encryption, and secure coding practices.
• Familiarity with cloud computing platforms (e.g., AWS, Azure, Google Cloud) and associated security controls. 
• Demonstrated ability to develop and execute security strategies, policies, and procedures.
• Excellent communication skills with the ability to effectively convey complex security concepts to both technical and non-technical stakeholders. Strong leadership and team management abilities, with a collaborative and proactive approach to problem-solving.
• Attention to detail, ability to prioritize tasks, and work effectively in a fast-paced, rapidly changing environment. 
• Must be legally authorized to work in the United States without the need for employer sponsorship now or anytime in the future

• Some experiencing leading a security and compliance team, providing guidance, mentoring, and support to team members.

Octave is committed to pay equity. To maintain our commitment to pay equity, Octave will follow Pay Transparency regulations on all open job postings.  Current Pay Transparency laws require companies to include a position's salary or hourly wage range (not including bonuses or equity-based compensation) in any internal or external job posting. This requirement extends to job postings published by a third party at an employer's request.

Octave will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with Octave’s legal duty to furnish information.

Starting pay for qualified applicants will depend on a combination of job-related factors, which may include education, training, experience, location, business needs, or market demands. The expected salary range for this role is set forth below and this range may be modified in the future. 

 The salary range for this role is $173,000-$200,000.

Additionally, this position is eligible for the following benefits: company sponsored life insurance, disability and AD&D plans.  Voluntary benefits such as 401k retirement, medical, dental, vision, FSA, HSA, dependent care and commuter/parking options are also available.  Octave offers generous Paid Time Off, as well as paid parental leave benefits.

Join our passionate team and contribute to the protection of highly sensitive healthcare data. Apply now to help us build a secure and compliant technology environment that enables our mission to improve quality and access in mental healthcare while maintaining the highest standards of data privacy and security.

#LI-DNI