TalkDoc

Chief Information Security Officer

Remote$220,000 to $280,000 base salary, plus performance-based bonus and equity.full-time
Apply by Oct 8, 2026Be the first to apply

Benefits

Medical InsuranceDental InsuranceVision InsuranceFlexible PTOPaid Parental Leave401(k)Mental Health BenefitsProfessional DevelopmentHome Office StipendPerformance BonusEquity

About company

Talkdoc is a leading telehealth psychiatry platform designed exclusively for Medicaid populations, guaranteeing improved behavioral health outcomes through innovative care models. Our solutions address unpredictable inpatient cost spikes and HEDIS compliance gaps, achieving significantly reduced inpatient psychiatric admission rates. For clinicians, we alleviate administrative burdens with AI-enabled tools, offering flexible work arrangements and career growth opportunities. Patients benefit from expert, zero-cost psychiatry services without long waits, available in English and Spanish through key healthcare alliances. We stand apart as a committed partner to revolutionize behavioral healthcare with outcome-guaranteed contracts.

About the role

Talkdoc is looking for a strategic and hands-on Chief Information Security Officer to lead our information security, privacy, risk, and business continuity programs. You will protect sensitive patient and business information while helping the company scale its technology, clinical operations, and healthcare partnerships securely.

As Talkdoc’s senior security leader, you will work closely with executive leadership, engineering, product, clinical operations, legal, compliance, and external partners. You will translate technical risks into clear business decisions, build a security-conscious culture, and ensure our systems remain resilient as threats, regulations, and customer expectations evolve.

Responsibilities

  • Develop and lead Talkdoc’s company-wide information security strategy, roadmap, policies, and governance program.
  • Establish and maintain security frameworks aligned with HIPAA, HITECH, SOC 2, NIST, and applicable healthcare requirements.
  • Lead security risk assessments, vendor reviews, control testing, remediation planning, and executive risk reporting.
  • Partner with engineering and product teams to embed security into the software development lifecycle, cloud infrastructure, APIs, AI-enabled tools, and product architecture.
  • Oversee identity and access management, vulnerability management, endpoint and cloud security, data protection, monitoring, and incident response.
  • Own security incident preparedness, including response plans, tabletop exercises, breach escalation procedures, and post-incident reviews.
  • Develop and test business continuity and disaster recovery plans that support reliable clinical and business operations.
  • Coordinate security questionnaires, customer diligence, audits, penetration tests, and SOC 2 readiness and reporting.
  • Evaluate third-party vendors and healthcare partners for information security, privacy, and operational risks.
  • Create practical security awareness and training programs for employees, clinicians, contractors, and leadership.
  • Define security metrics and regularly communicate risks, priorities, and program performance to executive stakeholders.

Required Skills and Experience

  • Significant leadership experience in information security, cybersecurity, or technology risk management.
  • Proven success designing and operating an information security program in a regulated or data-sensitive environment.
  • Strong knowledge of healthcare security and privacy requirements, including HIPAA and HITECH.
  • Experience leading application, cloud, infrastructure, identity, data, and third-party security programs.
  • Experience managing security incidents, risk assessments, business continuity, and disaster recovery planning.
  • Ability to collaborate with technical and nontechnical stakeholders and communicate security risks in clear business terms.
  • Strong judgment, ownership, and the ability to balance security, usability, speed, and operational needs.
  • Bachelor’s degree in cybersecurity, information technology, computer science, or a related field, or equivalent professional experience.

Nice to Have

  • Experience in telehealth, behavioral health, health insurance, Medicaid, or another healthcare technology environment.
  • Experience leading SOC 2 audits or working with frameworks such as NIST CSF, HITRUST, ISO 27001, or CIS Controls.
  • Experience securing AI-enabled healthcare applications and managing the risks associated with third-party AI services.
  • Certifications such as CISSP, CISM, CISA, CRISC, or HCISPP.
  • Experience building or scaling a security function within a startup or high-growth company.
  • Experience working with health plans, enterprise healthcare customers, or government-sponsored healthcare programs.