Key Facts

Remote From:

Full time

Expert & Leadership (>10 years)

English

Hard Skills

Security Operations (SecOps) Application Security Medical Privacy Enterprise Risk Management (ERM) Software Metrics Medical Privacy Cloud Computing Regulatory Compliance Auditing Compliance Management +5 more

Other Skills

•
Strategic Thinking
•
Leadership

Roles & Responsibilities

10+ years in Information Security with direct leadership of at least one HITRUST CSF or SOC 2 Type II (healthcare-focused) certification program.
Expert-level HIPAA knowledge with working understanding of 42 CFR Part 2; experience managing privacy nuances of controlled-substance prescribing is a plus.
Experience building programs in Series C+ startups to enterprise scale, capable of balancing rapid growth with operational stability.
Strong AppSec (SaaS security) and SecOps (cloud defense) background; ability to speak code with engineers and risk with the Board; relevant certifications such as CISSP, CISM, or CCSFP are desirable.

Requirements:

Architect and mature the enterprise information security posture during a pivotal growth stage, building the team, processes, and technical controls to protect highly sensitive patient data while navigating HIPAA and 42 CFR Part 2.
Own the 12-24 month roadmap to achieve HITRUST Certification, ensuring that security practices are measurable, auditable, and scalable.
Lead AppSec and SecOps initiatives and balance rigorous engineering with disciplined governance to support scalable, enterprise-grade security.
Drive cross-department collaboration and communicate security goals to remote teams and the executive board, building a culture of security and regulatory compliance.

Bicycle Health

Health Care

About Bicycle Health

There’s a moment you realize that you can’t continue like this. You want better days, better relationships, and more possibilities. When you’re in the depths of opioid use disorder (OUD), it takes strength and courage to act on that moment. At Bicycle Health, we believe that choosing to start recovery creates hope in the face of hardship. With us, your care begins as soon as you reach out. Most patients get an appointment on the same day or the day after. Our personalized care and medication plans offer professional support and suboxone to control withdrawal. On your best days and your worst days, we’re always here for you. About 95% of patients end problematic opioid use within just one week. And 88% of patients who have been in care with us for a year or more see positive outcomes including easier days, steady employment, and healthier relationships. No one does this alone. Our community of doctors, care providers, and support groups are available every day. With regular check-ins, we’ll work with you to update your care as you make progress. We know that with the right treatment, you can overcome OUD and build a life you love.

Company type: Startup

Industry: Health Care

Founded: 2018

Company size: 51 - 200

Website LinkedIn See all jobs →

Job description

The Opioid Epidemic is a public health crisis with a highly effective but underutilized clinical intervention - millions of Americans are physically dependent on Opioids but only 10% of those likely to have OUD actually access treatment. Bicycle Health addresses this gap by maximizing accessibility, affordability, and overall quality of care by enabling highly qualified clinicians to reach patients broadly and efficiently through our online platform.

As the Director, Information Security, you will be the architect of our enterprise security posture during a pivotal stage of our growth. With tens of millions of dollars in revenue and at a growth stage, we are transitioning from "startup security" to an enterprise-grade program. Ultimately the goal of this role is make our Information Security, Trust & Compliance practices a competitive differentiator for Bicycle Health

Your primary mission is to build the team, processes, and technical controls required to protect our highly sensitive patient data while navigating the intersection of HIPAA and 42 CFR Part 2. You will own the 12–24 month roadmap to achieve HITRUST Certification, ensuring that our security practices are not only effective but are measurable, auditable, and scalable. This is a role for a builder who understands that true security in healthcare requires a balance of rigorous engineering (AppSec/SecOps) and disciplined governance.

Location: Remote

Schedule: Full time (40 hrs) - Monday-Friday, normal business hours

Target Pay Range: $175,000-$200,000 + equity - Compensation to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.

Benefits:

Discretionary PTO + 8.5 days of additional sick time + 10 paid holidays
Paid parental leave
100% Employer Paid Employee Medical, Dental, and Vision Insurance
Employer Paid STD & LTD
401k
$50 monthly Remote Work Stipend

What we are looking for:

Proven Audit Success: 10+ years in Information Security, with direct experience leading at least one organization through a successful HITRUST CSF or SOC2 Type II (healthcare focus) certification.
Healthcare Regulatory Expertise: Expert-level knowledge of HIPAA and a working understanding of 42 CFR Part 2. Experience managing the privacy nuances of controlled substance prescribing is a significant plus.
Startup-to-Enterprise Growth: Experience in a Series C+ environment, with the ability to build programs from the ground up while maintaining operational stability.
Technical Breadth: A strong background in both AppSec (securing SaaS products) and SecOps (defending cloud infrastructure). You should be comfortable speaking "code" with engineers and "risk" with the Board.
Leadership Persona: Exceptional communication skills with the ability to influence remote teams and drive cross-departmental initiatives.

Certifications: CISSP, CISM, or CCSFP (Certified CSF Practitioner) are highly desirable.

This is a full-time (40hrs per week) remote position.

#LIRemote #zr #director

Recruitment Scam Notice

We are aware of fraudulent recruiting messages circulating that claim to represent our company. Please note:

All official communication from our recruiting team will come from an @bicyclehealth.com email address.
We will never ask you to pay fees, purchase equipment, or provide financial information as part of our hiring process.
We will never request your Social Security number or banking information before an offer of employment is made.
We only conduct interviews through legitimate, scheduled channels and will never make job offers via text message or chat apps.

If you believe you have been contacted by someone misrepresenting our company, please report it to careers@bicyclehealth.com.

About Bicycle Health:

Bicycle Health is a telemedicine group that specializes in the evidence-based treatment of individuals with Opioid Use Disorder using buprenorphine. We’ve grown our clinical staff of medical providers caring for patients, across 32 states, and we employ a large ancillary staff for support with technologic and administrative needs, clinical and behavioral support, and care coordination. Our innovative model has achieved clinical outcomes that exceed expectations for standard-of-care in-person treatment nationally. Our mission is to increase access to high quality, affordable, convenient and confidential Opioid Use Disorder treatment for all.

Bicycle Health is an Equal Opportunity Employer and considers applicants for employment without regard to race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or any other basis forbidden under federal, state, or local law.

Ready to apply?

APPLY

Share ·