×
Register Here to Apply for Jobs or Post Jobs. X

Vice President, Information Security

Job in Philadelphia, Philadelphia County, Pennsylvania, 19117, USA
Listing for: BBG Ventures, LLC
Full Time position
Listed on 2026-07-13
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 250000 - 288500 USD Yearly USD 250000.00 288500.00 YEAR
Job Description & How to Apply Below

Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. We're building a world where getting support is simple, personal, and built around the person, so care can continue through every job, move, health plan, and life stage.

Our AI-native platform helps us deliver personalized support across self-guided tools, coaching, therapy, medication management, and specialty care. With outcomes independently validated by JAMA Network Open and the Validation Institute, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners.

As an AI-native company, we believe technology should expand the reach, quality, and humanity of care. Every Spring Health team member is expected to use AI tools thoughtfully, apply human judgment to AI outputs, and keep building AI fluency in ways that support their role and our mission.

The Vice President, Information Security is responsible for defining, leading and advancing the organization's enterprise-wide information security strategy, ensuring the protection of company assets, customer data, and critical systems while enabling business growth and innovation. The leader provides strategic direction across cybersecurity, risk management, compliance, security operations, cloud and application security, identity and access management, third-party risk, and incident response.

The VP, Information Security partners closely with executive leadership, technology, legal, compliance, and business stakeholders to strengthen the organization's security posture, maintain regulatory compliance, and embed security into business and product decision-making. The leader will build and scale a high‑performing security organization, drive security program maturity, and ensure the company remains resilient against evolving cyber threats while supporting operational excellence and organizational objectives.

What You’ll Do
Security Strategy & Leadership
  • Develop and execute the enterprise information security vision, strategy, and multi‑year roadmap.
  • Serve as a trusted advisor to executive leadership and the Board on cybersecurity risks, trends, and investments.
  • Establish security objectives, metrics, and reporting mechanisms aligned with business priorities.
  • Drive a security culture across the organization that enables innovation while maintaining appropriate risk controls, including effectively communicating risks and changes in the risk landscape to leadership, the Board, and key stakeholders in clear, business‑relevant terms.
  • Own the enterprise information security risk management program, including formal risk assessments, risk registers, and risk treatment plans.
  • Ensure compliance with applicable frameworks and regulations, including SOC 2, ISO 27001, HIPAA, HITRUST, PCI DSS, GDPR, and CCPA.
  • Oversee security audits, risk assessments, policy development, and remediation initiatives.
  • Manage the Business Associate Agreement (BAA) program across the customer and vendor ecosystem.
  • Maintain and test the enterprise Incident Response and Business Continuity programs.
  • Drive continuous improvement of security controls and risk management practices.
Security Operations & Incident Response
  • Oversee security operations, threat detection, vulnerability management, and incident response functions.
  • Own the security operations center (SOC) function, including SIEM strategy, threat intelligence, and endpoint detection and response.
  • Lead the organization’s response to security incidents, including executive communication, regulatory notification obligations, and post‑incident review.
  • Direct penetration testing, security assessments, and resilience exercises.
Cloud, Infrastructure & Product Security
  • Partner with Engineering and Product leadership to embed security throughout the software development lifecycle (SDLC), including threat modeling, secure code review, and automated security testing.
  • Provide strategic direction for the design and implementation of secure enterprise and cloud infrastructure, ensuring security architecture principles are embedded in platform design, data flows, and technology decisions across the…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary