Triplemoon delivers seamless, evidence-based behavioral health support to families—at every age and stage.
Virtual Chief Information Security Officer – vCISO
Location
United States
Posted
3 days ago
Salary
0
Seniority
Lead
Job Description
Virtual Chief Information Security Officer – vCISO
Triplemoon
• Own the strategy, design, implementation, and continuous improvement of Triplemoon's information security and compliance program. • Ensure ongoing compliance with HIPAA and healthcare security best practices. • Lead readiness efforts for future SOC 2 certification and other security frameworks as needed. • Develop, maintain, and document security policies, procedures, and controls. • Coordinate security incident response, investigation, remediation, and post-incident reviews. • Support customer security questionnaires, audits, and compliance requests. • Partner with leadership to identify, assess, and mitigate information security risks. • Manage and oversee an IT MSP or MSSP who can implement security controls and compliance within SaaS vendors and IT systems. • Provide tiered end-user support for hardware, software, and SaaS application issues. • Provide device and asset management. • Manage identity and access, including systems for onboarding and offboarding. • Maintain system documentation, operating procedures, and technology standards. • Recommend and implement improvements to strengthen security, scalability, and user experience. • Conduct security reviews of third-party vendors and software platforms. • Maintain required security documentation, including BAAs, DPAs, SOC reports, and related compliance artifacts. • Monitor vendor compliance and support periodic risk assessments.
Job Requirements
- 7+ years of experience in information security, IT administration, compliance, or related roles.
- Experience serving as a vCISO, security leader, or senior security consultant.
- Strong knowledge of HIPAA Security Rule requirements and healthcare security best practices.
- Experience preparing organizations for SOC 2 audits and other compliance frameworks.
- Experience supporting early-stage startups or high-growth healthcare organizations.
- Hands-on experience administering Google Workspace, identity management platforms, endpoint management tools, and SaaS environments.
- Familiarity with remote workforce security and cloud-first technology environments.
- Excellent documentation, communication, and stakeholder management skills.
- Ability to operate independently while serving as a strategic advisor to company leadership.
Benefits
- Competitive, based on experience and scope
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Support security design and installation projects throughout North America • Manage all aspects of the project from initial engagement through project completion • Identify project schedule, scope parameters, and oversee security design and implementation • Prepare, issue, and manage Request for Proposal (RFP) documents • Perform security site evaluations of potential client properties • Accountable for keeping clients informed of project status
Senior Security Engineer
PaltaHealth & well-being tech company led by entrepreneurs on a mission to create a positive impact globally.
• Own and improve application security across the SDLC, including secure design reviews, threat modeling, security-focused code review, and CI/CD-integrated SAST, SCA, and secrets scanning. • Harden our AWS and Kubernetes/EKS environment, including IAM, network segmentation, workload identity, secrets management, admission control, and runtime security controls. • Secure and improve our Istio service mesh, including mTLS, authorization policies, ingress/egress controls, and service-to-service security patterns. • Build security guardrails as code, including policy-as-code, paved-road patterns, reusable templates, and self-service tooling that helps developers move quickly and safely. • Improve software supply-chain security through controls such as image signing, SBOMs, dependency visibility, artifact provenance, and secure build/release practices. • Drive vulnerability management end to end: triage, exploitability-based prioritization, remediation coordination with SRE and product engineering, and follow-through on penetration test findings. • Build and operate technical controls that support HIPAA and SOC 2, including access control, encryption, audit logging, evidence automation, and secure handling of sensitive health data. • Help shape the full lifecycle of security services, from design and deployment to operation, measurement, and continuous improvement.
• Du berätst und bewertest intern entwickelte sowie externe KI-Systeme, Generative-AI-Anwendungen, LLM-basierte Workflows und Agentensysteme aus Security-Perspektive • Du führst AI Threat Modeling, Risikoanalysen, Security Assessments und Architektur-Reviews für Software-, Cloud- und KI-Lösungen durch • Du entwickelst und etablierst Secure AI-by-Design- sowie Security-by-Default-Prinzipien und definierst Sicherheitsanforderungen für KI-gestützte Systeme • Du identifizierst und bewertest Risiken wie Prompt Injection, Jailbreaking, Data Leakage, Model Poisoning, Adversarial Attacks oder unsichere Agenten-Integrationen und entwickelst geeignete Schutzmaßnahmen • Du führst AI Red Teaming, technische Sicherheitsanalysen und Security Reviews durch und unterstützt die Absicherung von LLM-Plattformen, Agentic-AI-Lösungen und AI-Service-Integrationen • Du entwickelst automatisierte Security-Kontrollen und integrierst AI-Security-Prüfungen in DevSecOps-, CI/CD- und MLOps-Prozesse • Du etablierst Monitoring- und Detection-Mechanismen für KI-Anwendungen und analysierst Sicherheitsereignisse gemeinsam mit Security Operations Teams • Du berätst Entwicklungs-, Produkt- und Fachbereiche zur sicheren Nutzung von KI und unterstützt bei der Einführung neuer AI-Lösungen durch Schulungen, Standards und Best Practices
• You advise on and assess internally developed and externally sourced AI systems, Generative AI applications, LLM-based workflows, and agentic AI solutions from a security perspective • You conduct AI threat modeling, risk assessments, security reviews, and architecture assessments for software, cloud, and AI environments • You develop and implement Secure AI-by-Design and Security-by-Default principles and define security requirements for AI-powered systems • You identify and assess risks such as prompt injection, jailbreaking, data leakage, model poisoning, adversarial attacks, and insecure agent integrations, and develop appropriate mitigation strategies • You perform AI red teaming, technical security assessments, and reviews to strengthen the security of LLM platforms, agentic AI solutions, and AI service integrations • You build automated security controls and integrate AI security checks into DevSecOps, CI/CD, and MLOps processes • You establish monitoring and detection capabilities for AI applications and collaborate with Security Operations teams to investigate security events and abuse patterns • You advise engineering, product, and business teams on the secure use of AI and support the rollout of new AI solutions through training, standards, and best practices
