Virtual Chief Information Security Officer (vCISO)Triplemoon • Remote, Oregon, United States
Cette offre d'emploi n'est plus disponible
Virtual Chief Information Security Officer (vCISO)
Triplemoon
- Remote, Oregon, United States
- Remote, Oregon, United States
À propos
Type: Fractional / Contract
Compensation: Competitive, based on experience and scope
About Triplemoon
Triplemoon is a digital health platform transforming family wellness by addressing critical gaps in mental, behavioral, and nutritional health. We partner with providers, employers and ultimately families to provide accessible, evidence-based mental health resources that improve patient outcomes, increase provider capacity, and boost clinic financials. With growing demand for tailored, mental health resources amidst a shortage of providers (with wait times exceeding 4-6 weeks), Triplemoon is uniquely positioned to solve a critical gap in care for families and clinics. As we grow our collaborative care offering we are adding to our team.
The Opportunity
Triplemoon is seeking a Virtual Chief Information Security Officer (vCISO) to oversee and continuously strengthen our information security, IT operations, and compliance posture. As a fully remote healthcare organization, we rely on secure, scalable technology systems to support our employees, patients, and provider partners.
This role combines strategic information security leadership with hands-on operational oversight. The ideal candidate will serve as Triplemoon's trusted security advisor, ensuring our systems remain secure, compliant, and audit-ready while providing responsive support to our growing remote workforce.
Responsibilities
Information Security & Compliance
Own the strategy, design, implementation, and continuous improvement of Triplemoon's information security and compliance program.
Ensure ongoing compliance with HIPAA and healthcare security best practices.
Lead readiness efforts for future SOC 2 certification and other security frameworks as needed.
Develop, maintain, and document security policies, procedures, and controls.
Coordinate security incident response, investigation, remediation, and post-incident reviews.
Support customer security questionnaires, audits, and compliance requests.
Partner with leadership to identify, assess, and mitigateinformation security risks.
IT Operational Oversight
Manage and oversee an IT MSP or MSSP who can:
Implement security controls and compliance within SaaS vendors and IT systems
Provide tiered end-user support for hardware, software, and SaaS application issues
Provide device and asset management
Manage identity and access, including systems for onboarding and offboarding
Maintain system documentation, operating procedures, and technology standards.
Recommend and implement improvements to strengthen security, scalability, and user experience.
Vendor Risk Management
Conduct security reviews of third-party vendors and software platforms.
Maintain required security documentation, including BAAs, DPAs, SOC reports, and related compliance artifacts.
Monitor vendor compliance and support periodic risk assessments.
Qualifications
7+ years of experience in information security, IT administration, compliance, or related roles.
Experience serving as a vCISO, security leader, or senior security consultant.
Strong knowledge of HIPAA Security Rule requirements and healthcare security best practices.
Experience preparing organizations for SOC 2 audits and other compliance frameworks.
Experience supporting early-stage startups or high-growth healthcare organizations.
Hands-on experience administering Google Workspace, identity management platforms, endpoint management tools, and SaaS environments.
Familiarity with remote workforce security and cloud-first technology environments.
Excellent documentation, communication, and stakeholder management skills.
Ability to operate independently while serving as a strategic advisor to company leadership.
Preferred Qualifications
Experience working with and configuring cloud-native SaaS stacks for regulatory compliance, such as Vanta, 1Password, Google Workspace, Rippling, and other cloud-based healthcare technology platforms.
Success in This Role
The successful vCISO will ensure that:
Triplemoon maintains a strong security and compliance posture.
Security controls are documented, monitored, and continuously improved.
Systems remain reliable and well-supported for a fully remote workforce.
Customer security reviews and audits are completed efficiently and confidently.
Triplemoon remains audit-ready and positioned for future compliance milestones, including SOC 2 readiness.
IT issues, including onboarding and offboarding, are handled securely and consistently.
Compétences linguistiques
- English
Avis aux utilisateurs
Cette offre a été publiée par l’un de nos partenaires. Vous pouvez consulter l’offre originale ici.