Information Security Principal Engineer

Key Skills

Python Programming, Scala Programming, C++, Java Programming, Machine learning techniques, Data science techniques, SQL, Apache Hadoop, MapReduce, TensorFlow, PyTorch, R Programming

Job Description

Who are we and why should you join us?

• We help people change their lives. BetterHelp is the world’s largest therapy service. We set out on a mission to provide everyone with easy, affordable, and private access to professional counseling: anytime, anywhere. To date, our network of over 15,000 licensed, accredited, and board-certified therapists have assisted more than 1,000,000 people. Every month, our secure website and mobile app facilitate over 5,000,000 messages, chats, voice calls, and video sessions that help people face life’s challenges.
• We’re taking mental healthcare to the next level. We combine clinical care, cutting-edge technology and data-driven product development to constantly learn, iterate, and improve. We are relentless in our pursuit of better, always questioning the status quo and discovering new ways to get things done and serve our members.
• We are a community that grows together - both professionally and personally. Even with our exponential growth, our team is kept agile and nimble, allowing you to have a huge impact and carve your own path from day one. We invest in our team’s well-being and professional development because we know that business and individual growth go hand-in-hand. You will move fast, remain flexible, and be challenged every day. Join us!

What are we looking for?

BetterHelp is looking for a motivated individual with experience developing a security framework and establishing compliance standards to meet emerging technology challenges and increasing regulatory requirements. This is to align with BetterHelp’s rapidly growing client base and expanding territories. This individual will report to the Head of Engineering and assist with fulfilling strategic goals and the security roadmap. This position will bridge high level strategic requirements with operational processes while interacting and engaging various BetterHelp teams, departments, and customers. This is an exciting opportunity for someone who is seeking challenges and is interested in an organization with enormous potential and accelerated growth.

What will you do?

• Establish a security framework standard and develop an Information Security Management System (ISMS).
• Create security policies, standards, and processes to meet regulatory compliance such as HIPAA.
• Develop the standards and program needed to comply with HITRUST involving the establishment of controls for BetterHelp’s Common Security Framework (CSF). This includes direct involvement in HITRUST certification processes and milestones.
• Directly assist the Head of Information Security with strategic security projects, planning, and implementation.
• Assist the BetterHelp Sales team with security related due diligence such as completing customer security questionnaires, providing requested documentation, and other pre-sales security activities. This includes creating a sales security kit or presentation.
• Work closely with Legal to perform security reviews of contracts/agreements.
• Collaborate and assist BetterHelp IT with security initiatives and compliance.
• Plan and position BetterHelp for security certifications including assessment readiness, remediation, and annual renewals. These responsibilities involve working closely with external auditors, and establishing an internal auditing program to meet certification requirements.
• Direct enforcement and monitoring of security standards including annual review of security policies and modifications needed.
• Establish a mature Business Continuity Plan and Disaster Recovery Strategy to mitigate against catastrophic events and business impacts.
• Create an effective security awareness training program for new employees and annual renewal training for existing staff. This involves continuous refresh of security training content and updated material aligned with new threats.
• Improve incident responses through the creation of new processes and the establishment of a Security Incident Response Team (SIRT). Conduct routine drills and ensure rapid responses with key responsibilities defined.
• Develop security Key Performance Indicators (KPIs) to measure security effectiveness and compliance throughout the organization.
• Evaluate new solutions and tools to improve security requirements and monitoring.

What will you NOT do?

• You will NOT worry about runway, cash left, or how much time we have until the next round. We have the startup DNA but we're fully backed and funded, all the way to success.
• You will NOT be confined to your job. You will get involved in development, product, marketing, sales, customer support, business strategy, and almost everything we do.
• You will NOT be bogged down by office politics, ego, or bad attitude. Only positive, pleasure-to-work-with people allowed here!
• You will NOT get yourself burned out. We work hard but we believe in maintaining sustainable work/life balance. Really.

Requirements

• 5 - 10 years + of combined technical and leadership experience in an Information Technology/Information Security role and proven success through measurable impact and increasing responsibilities.
• Bachelor’s/Master’s degree or equivalent in Computer Science, Information Systems, or equivalent technical discipline. Experience in a related technical leadership position is also acceptable.
• Great communications skills particularly in writing, hosting meetings, interacting directly with customers/clients, and delivering presentations across a wide audience knowledge base.
• Experience in security certifications and regulatory compliance such as HITRUST, ISO 27001, SOC 2, FedRAMP, PCI-DSS, GDPR, CCPA, and others.
• Experience with security frameworks and creating policies, security standards, and processes.
• Ability to work and collaborate with various entities including technical, non-technical, and senior leadership team members. This includes engaging and interacting with external auditors directly and providing relevant artifacts as requested.
• Excellent organizational and leadership skills, strong attention to detail, able to work independently, and extremely motivated.
• Experience with performing risk assessments, security reviews, privacy policies, completing RFPs and security questionnaires.
• Knowledge of Atlassian Confluence for developing intranet content and policy creation.

Bonus (great to have, but not required):

• Experience with managing department budgets, vendor management, and threat assessments.
• Security training/education or security/technical certifications are preferred.
• Experience working with a variety of High-Tech, Security, and Health Industry related companies including Startups, Mid-size, and Enterprise level organizations is preferred.
• Knowledge of Change Management, ITIL, COBIT, NIST, or other standards is a bonus.
• Cloud, SaaS, PaaS, firewalls, IDS/IPS, SIEM, monitoring, logging, and networking infrastructure knowledge and experience preferred.
• Experience in managing challenging projects to completion and on schedule is a benefit.
• A positive attitude and loves to work with others.

Benefits

• Competitive salary & equity compensation
• Excellent health, dental, and vision coverage
• 401k benefits with employer matching contribution
• Ridiculous perks program
• Office in the heart of downtown Mountain View, a three-minute walk from Caltrain
• Commuter benefits, FSA accounts, and Employee Stock Purchase Programs
• Building something that matters - loved by the people and admired by the press
• Any piece of hardware or software that will make you happy and productive
• Awesome people to work with
• Nothing to slow you down
• Helping people live a better life, every day