VP of Information Security

VP of Information Security

United States Technology - Technology Operations Full-time Remote Apply for this job

About Lyra Health

Lyra Health is the leading provider of mental health solutions for employers supporting more than 20 million people globally. The company has delivered 13 million sessions of mental health care, published more than 20 peer-reviewed studies, and delivered unmatched outcomes in terms of access, clinical effectiveness, and cost efficiency. Extensive peer-reviewed research confirms Lyras transformative care model helps people recover twice as fast and results in a 26% annual reduction in overall healthcare claims costs. Lyra is transforming access to life-changing mental health care through Lyra Empower, the only fully integrated AI-powered platform combining the highest-quality care and technology solutions.

About the Role

We are seeking an experienced and visionary VP of Information Security to lead and manage our organizations information security strategy, program, and operations. The VP will be responsible for protecting our technology systems, intellectual property, and data from evolving cyber threats. This role requires a strategic leader with deep technical expertise, strong business acumen, and the ability to communicate complex security concepts to both technical teams and executive leadership. This role reports into our Chief Product and Technology Officer.

Security Strategy and Governance

• Develop, implement, and maintain a comprehensive, long-term global information security strategy aligned with business objectives and risk tolerance.
• Refine and enforce security policies, standards, and procedures across the organization.
• Report on the organizations security posture and risk profile to the executive team and the Board of Directors.

Security Operations and Incident Response

• Establish and lead the security operations center (SOC) and incident response teams.
• Develop and execute an incident response plan to ensure swift detection, containment, and recovery from security breaches.
• Oversee the management of security technologies.

Security Architecture and Technology

• Provide strategic direction for the design and implementation of secure enterprise and cloud infrastructure.
• Stay current with emerging cybersecurity threats, technologies, and best practices.
• Evaluate and recommend new security technologies and services to enhance the organizations defenses.

Risk Management and Compliance

• Lead the identification, assessment, and mitigation of security risks and vulnerabilities.
• Ensure the organizations compliance with relevant industry standards and regulatory frameworks, such as GDPR, HIPAA, ISO 27001, SOX.

Vendor and Third-Party Risk

• Manage and assess the security risks associated with third-party vendors and partners.
• Continue hardening the vendor risk management program to ensure supply chain security.

Leadership and Team Management

• Mentor and lead a high-performing information security team.
• Continue fostering a culture of cybersecurity awareness across all departments through training and communication programs.
• Maintain strong working relationships with cross-functional teams, including DevOps, IT, Legal, Privacy, Engineering, Data, and integrate security into business processes.

Qualifications

• Bachelors degree in Computer Science, Information Security, or a related field.
• 12 years of progressive experience in information security with at least 5 years in a senior leadership role.
• Proven experience in developing and executing an enterprise-wide global information security program.
• Demonstrated experience in managing security incidents and leading crisis response efforts.
• Bonus points for experience leading one or more of HiTrust, ISO, SOC, FedRamp, GovRamp audits.

Certifications (Preferred but not required)

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Chief Information Security Officer (CCISO)

Salary and Benefits

As a full-time VP of Information Security, you will be employed by Lyra Health Inc. The anticipated annual base salary range for this full-time position is $251,000 to $346,000. The base range is determined by role and level, and placement within the range will depend on a number of job-related factors, including but not limited to your skills, qualifications, experience, and location. This role may also be eligible for discretionary bonuses.

Annual salary is only one part of an employees total compensation package at Lyra. We also offer:

• Comprehensive healthcare coverage, including medical, dental, vision, FSA, HSA, life, and disability insurances
• Lyra for Lyrians coaching and therapy services
• Equity in the company through discretionary restricted stock units
• Competitive time off with pay policies, including vacation, sick days, and company holidays
• Paid parental leave
• 401K retirement benefits
• Monthly tech allowance
• Well-being perks and activities, surprise swag, free food, regular community celebrations, and more

We cant wait to meet you.

We are an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, sex, including pregnancy, national origin, age, disability, genetic information, or any other category protected by law.

By applying for this position, you acknowledge that your personal information will be processed as per the Lyra Health Workforce Privacy Notice. Through this application, to the extent permitted by law, we will collect personal information from you, including but not limited to your name, email address, gender identity, employment information, and phone number, for the purposes of recruiting and assessing suitability, aptitude, skills, qualifications, and interests for employment with Lyra.

We may also collect information about your race, ethnicity, and sexual orientation, which is considered sensitive personal information under the California Privacy Rights Act (CPRA) and special category data under the UK and EU GDPR. Providing this information is optional and completely voluntary, and if you provide it, you consent to Lyra processing it for the purposes as described at the point of collection, for example, for diversity and inclusion initiatives.

If you are a California resident and would like to limit how we use this information, please use the Limit the Use of My Sensitive Personal Information form. This information will only be retained for as long as needed to fulfill the purposes for which it was collected as described above. Please note that Lyra does not sell or share personal information as defined by the CPRA.

Outside of the United States, for example, in the EU, Switzerland, and the UK, you may have the right to request access to or a copy of your personal information, including in a portable format, request that we delete your information from our systems, object to or restrict processing of your information, or correct inaccurate or outdated personal information in our systems. These rights may be subject to legal limitations.

To exercise your data privacy rights outside of the United States, please contact email@lyrahealth.com.

For more information about how we use and retain your information, please see our Workforce Privacy Notice.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, summarizing interviews, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans.

If you would like more information about how your data is processed, please contact us.