Information Security Engineer
BetterHelp
Mountain View, california
Job Details
Full-time
Full Job Description
Who are we and why should you join us?
BetterHelp is on a mission to remove the traditional barriers to therapy and make mental health care more accessible to everyone. Founded in 2013, we are now the world’s largest online therapy service – providing affordable and convenient therapy in 210 countries and over 60 languages across the globe. Our network of over 30,000 licensed therapists has helped millions of people take ownership of their mental health and change their lives forever. And we’re not stopping there – as the unmet need for mental health services continues to grow, BetterHelp is committed to being part of the solution.
As an Information Security Engineer at BetterHelp, you’ll join a diverse team of licensed clinicians, engineers, product pros, creatives, marketers, and business leaders who share a passion for expanding access to therapy. And as a mental health company, we take employee mental health just as seriously as we do our mission. We seriously invest in our team’s well-being and professional development, because we know that business and individual growth go hand-in-hand.
At BetterHelp, you’ll carve your own path, make an immediate impact, and be challenged every day – with a supportive community behind you the whole way.
What are we looking for?
BetterHelp is looking for a motivated individual with experience developing a security framework and establishing compliance standards to meet emerging technology challenges and increasing regulatory requirements. This is to align with BetterHelp’s rapidly growing client base and expanding territories. This position will bridge high level strategic requirements with operational processes while interacting and engaging various BetterHelp teams, departments, and customers. This is an exciting opportunity for someone who is seeking challenges and is interested in an organization with enormous potential and accelerated growth.
What will you do?
- Establish a security framework standard and develop an Information Security Management System (ISMS).
- Create security policies, standards, and processes to meet regulatory compliance such as HIPAA.
- Develop the standards and program needed to comply with HITRUST involving the establishment of controls for BetterHelp’s Common Security Framework (CSF). This includes direct involvement in HITRUST certification processes and milestones.
- Directly assist the Head of Information Security with strategic security projects, planning, and implementation.
- Assist the BetterHelp Sales team with security related due diligence such as completing customer security questionnaires, providing requested documentation, and other pre-sales security activities. This includes creating a sales security kit or presentation.
- Work closely with Legal to perform security reviews of contracts/agreements.
- Collaborate and assist BetterHelp IT with security initiatives and compliance.
- Plan and position BetterHelp for security certifications including assessment readiness, remediation, and annual renewals. These responsibilities involve working closely with external auditors, and establishing an internal auditing program to meet certification requirements.
- Direct enforcement and monitoring of security standards including annual review of security policies and modifications needed.
- Establish a mature Business Continuity Plan and Disaster Recovery Strategy to mitigate against catastrophic events and business impacts.
- Create an effective security awareness training program for new employees and annual renewal training for existing staff. This involves continuous refresh of security training content and updated material aligned with new threats.
- Improve incident responses through the creation of new processes and the establishment of a Security Incident Response Team (SIRT). Conduct routine drills and ensure rapid responses with key responsibilities defined.
- Develop security Key Performance Indicators (KPIs) to measure security effectiveness and compliance throughout the organization.
- Evaluate new solutions and tools to improve security requirements and monitoring.
What will you NOT do?
- You will NOT worry about funding. We have startup DNA, but we're fully backed and funded by our parent company, Teladoc Health.
- You will NOT be confined to your "job". We believe in nurturing employees’ interests and passions – even if some of them lie outside of your core responsibilities.
- You will NOT be bogged down by office politics, egos, or bad attitudes. Only positive, pleasure-to-work-with people are allowed here!
- You will NOT get burned out. We work hard, but we also believe in maintaining sustainable work/life balance. Seriously.
- You will NOT have to wonder why you’re doing the work you’re doing. Our day-to-day operations translate into people getting the help they need.
Can I work remotely?
Yes. We operate in Pacific Time and candidates in any time zone are welcome to apply. We also ask our employees to travel to our Mountain View, CA office up to six times per year to collaborate in person in order to build better working relationships and experience our in-office culture. Travel expenses will be covered and reasonable accommodations will be made for those under unique circumstances who cannot travel.
Requirements
- 5-7+ years of combined technical and leadership experience in an Information Technology/Information Security role and proven success through measurable impact and increasing responsibilities.
- Bachelor’s/Master’s degree or equivalent in Computer Science, Information Systems, or equivalent technical discipline. Experience in a related technical leadership position is also acceptable.
- Great communications skills particularly in writing, hosting meetings, interacting directly with customers/clients, and delivering presentations across a wide audience knowledge base.
- Experience in security certifications and regulatory compliance such as HITRUST, ISO 27001, SOC 2, FedRAMP, PCI-DSS, GDPR, CCPA, and others.
- Experience with security frameworks and creating policies, security standards, and processes.
- Ability to work and collaborate with various entities including technical, non-technical, and senior leadership team members. This includes engaging and interacting with external auditors directly and providing relevant artifacts as requested.
- Excellent organizational and leadership skills, strong attention to detail, able to work independently, and extremely motivated.
- Experience with performing risk assessments, security reviews, privacy policies, completing RFPs and security questionnaires.
- Knowledge of Atlassian Confluence for developing intranet content and policy creation.
- Ability to work in the US, to travel to our Mountain View, California offices up to three times per year and to an additional company offsite.
Bonus (Great to have, but not required):
- Experience with managing department budgets, vendor management, and threat assessments.
- Security training/education or security/technical certifications are preferred.
- Experience working with a variety of High-Tech, Security, and Health Industry related companies including Startups, Mid-size, and Enterprise level organizations is preferred.
- Knowledge of Change Management, ITIL, COBIT, NIST, or other standards is a bonus.
- Cloud, SaaS, PaaS, firewalls, IDS/IPS, SIEM, monitoring, logging, and networking infrastructure knowledge and experience preferred.
- Experience in managing challenging projects to completion and on schedule is a benefit.
- A positive attitude and loves to work with others.
Benefits
- Competitive salary & compensation
- Excellent health, dental, and vision coverage
- 401k benefits with employer matching contribution
- Ridiculous perks program
- Office in the heart of downtown Mountain View, a three-minute walk from Caltrain
- Commuter benefits, FSA accounts, and Employee Stock Purchase Programs
- Building something that matters - loved by the people and admired by the press
- Any piece of hardware or software that will make you happy and productive
- Awesome people to work with
- Nothing to slow you down
- Helping people live a better life, every day
The base salary range for this position is $135,000-$160,000. In addition to the base salary, this position is eligible for a performance bonus and the extensive benefits listed here (subject to eligibility requirements): Teladoc Health Benefits 2023. Total compensation is based on several factors – including, but not limited to, type of position, location, education level, work experience, and certifications. This information is applicable to all full-time positions.
At BetterHelp we thrive on difference and individuality, and as part of the Teladoc Health family, we are proud to be an Equal Opportunity Employer. We never have and never will discriminate against any job candidate or employee due to age, race, ethnicity, religion, sex, color, national origin, gender, gender identity, sexual orientation, medical condition, marital status, parental status, disability, or Veteran status.