Vice President, Information Security

About us

LifeMD is a leading provider of virtual primary care telehealth and specialized treatment programs serving hundreds of thousands of patients nationwide. Our vertically integrated platform combines 50-state licensed providers in-house pharmacy and lab integrations and proprietary technology that enables safe high-quality and affordable care.

At the heart of this transformation is our team of developers engineers and tech innovators building state-of-the-art systems that make healthcare smarter faster and more accessible. From architecting scalable backend systems to crafting intuitive user experiences we are pushing boundaries every day.

Recognized as one of the fastest-growing healthcare tech companies (#166 on Deloitte Fast 500 in 2023) LifeMD is not just a healthcare company its a tech company revolutionizing healthcare.

If youre passionate about building impactful technology solving complex challenges and seeing your code change lives LifeMD is the place to grow innovate and make a difference.

Join us and lets build the future of healthcare together.

About the role

The Vice President Information Security will lead the enterprise cybersecurity data protection and IT compliance functions for a leading publicly-traded telehealth organization. This is a critical executive leadership role operating at the intersection of technology patient safety regulatory compliance and enterprise risk management.

Reporting directly to the Chief Technology Officer (CTO) the VP of Information Security will be responsible for defining and executing a comprehensive enterprise-wide security strategy to safeguard protected health information (PHI) ensure regulatory compliance and protect the organizations digital and clinical ecosystems. This leader will play a pivotal role in advancing secure digital transformation strengthening internal controls and ensuring adherence to healthcare regulatory frameworks and other applicable standards including HIPAA HITECH and Sarbanes Oxley IT General Controls.

This role requires a strategic yet hands-on leader capable of operating in a highly regulated mission-critical healthcare environment where security directly impacts patient trust and clinical outcomes.

Responsibilities:

Cybersecurity & Risk Management

• Lead all aspects of enterprise information security including threat detection incident response vulnerability management and continuous monitoring.
• Establish and mature a comprehensive Governance Risk and Compliance (GRC) framework aligned to healthcare industry standards (e.g. NIST HITRUST ISO 27001).
• Continuously assess enterprise risk posture prioritizing cybersecurity risks in alignment with clinical operational and financial risk frameworks.

Data Protection & Patient Privacy

• Design and implement strategies to protect sensitive patient data including Protected Health Information (PHI) Personally Identifiable Information (PII) and clinical data.
• Ensure compliance with healthcare data security and privacy regulations including HIPAA and HITECH as well as state-specific privacy laws.
• Oversee data governance encryption identity management and secure data exchange across clinical systems (EHR/EMR) patient platforms and third-party partners.
• Lead enterprise-wide data protection initiatives including breach prevention detection and response.

Compliance & Controls

• Own and manage IT risk compliance and IT General Controls (ITGC) programs in support of SOX and healthcare regulatory requirements.
• Partner with internal audit compliance legal and finance teams to ensure audit readiness and timely remediation of control deficiencies.
• Maintain compliance with standards such as HIPAA HITRUST SOC 2 PCI-DSS (as applicable) and other healthcare-specific regulatory frameworks.
• Support regulatory audits accreditation processes and third-party risk management programs.

Infrastructure Security & Digital Transformation

• Lead security architecture across enterprise infrastructure including cloud hybrid and on-premise environments supporting clinical and digital health platforms.
• Drive secure cloud transformation initiatives ensuring appropriate controls across IaaS PaaS and SaaS environments.
• Partner with engineering IT and DevOps teams to implement DevSecOps practices and secure software development lifecycle (SDLC).
• Oversee identity and access management (IAM) role-based access controls and privileged access governance across clinical and enterprise systems.

Incident Response & Cyber Resilience

• Lead enterprise incident response strategy including preparedness detection containment and recovery from cyber incidents.
• Coordinate breach investigations root cause analysis regulatory reporting and post-incident remediation.
• Develop and maintain business continuity and disaster recovery plans with a strong focus on clinical and operational resilience.

Leadership & Strategy

• Build lead and scale a high-performing information security organization including security operations risk IT compliance functions.
• Serve as a key advisor to executive leadership the Board and Audit/Compliance Committees on cybersecurity risk and strategy.
• Drive enterprise-wide security awareness and training programs to foster a culture of security and compliance.
• Align cybersecurity initiatives with business priorities digital health innovation and patient-centric outcomes.

Professional Experience

• 12 years of progressive leadership in information security cybersecurity and risk management preferably within healthcare life sciences or other highly regulated industries.
• Experience operating in a publicly traded or highly regulated environment with strong governance and compliance requirements.
• Proven track record of leading enterprise security programs in complex environments involving clinical systems digital platforms and sensitive patient data.

Domain Expertise

• Deep knowledge of healthcare regulatory frameworks including HIPAA HITECH HITRUST and experience managing PHI/PII at scale.
• Strong understanding of ITGC SOX compliance and audit processes.
• Experience securing healthcare technologies including EHR/EMR systems patient engagement platforms telehealth systems and medical device integrations.

Technical & Operational Expertise

• Hands-on leadership in cloud security infrastructure modernization and enterprise security architecture.
• Expertise in identity and access management (IAM) zero trust frameworks and modern security operations.
• Experience implementing and managing GRC platforms and frameworks such as NIST ISO 27001 and HITRUST.
• Demonstrated success in incident response cyber resilience and enterprise risk mitigation.

Leadership & Interpersonal Skills

• Strong executive presence with experience engaging Boards and Audit/Compliance Committees.
• Proven ability to lead cross-functional initiatives across technology clinical legal and operational teams.
• Ability to operate effectively in a fast-paced high-stakes healthcare environment where security and patient safety are paramount.

Education & Certifications

• Bachelors or Masters degree in Computer Science Information Security or related field.
• Relevant certifications such as CISSP CISM CISA CRISC or HCISPP preferred.

• Health Care Plan (Medical Dental & Vision)
• Retirement Plan (Roth 401k)
• Life Insurance (Basic Voluntary & AD&D)
• Unlimited PTO Policy
• Paid Holidays
• Short Term & Long Term Disability
• Training & Development

Required Experience:

Exec