Vice President, Information Security


San Francisco, CA, US / Remote
  • Job Type: Full-Time
  • Function: IT
  • Post Date: 04/29/2021
  • Website:
  • Company Address: 353 Sacramento St, San Francisco, California, 94111, US

About Curology

Clear skin can be life-changing, but it's not easy to see a dermatologist. At Curology, we provide prescription medications custom-formulated for each patient's skin and shipped directly to their door. We tailor the entire Curology experience specifically for patients with acne and anti-aging concerns, allowing us to provide incredibly personalized, effective and affordable care at scale.

Job Description

Curology is a technology company building the future of skincare through personalized prescription treatment. We believe that dermatology should be accessible to everyone—great skin shouldn't be a luxury, but a fact of life. To make this possible, we're building tech to power an entire in-house medical ecosystem, covering everything from medical care to provider licensing and pharmacy fulfillment operations.
We're hiring an experienced VP of Information Security to own Information and Application Security, as well as partner across the company to advise on physical, IT, and network security, risk, and compliance. This is a critical, high-visibility role that reports directly to the CTO and will collaborate with Curology's senior leadership team.
You will be responsible for the company's overall security strategy, program oversight, and architecture development for the organization. You will establish and lead the company's Security Steering Committee to constantly improve all aspects of security at Curology. You will also be a key contributor to privacy and compliance initiatives.

You Will:

    • Identify relevant security frameworks and own execution of associated strategy and roadmaps.
    • Build Curology’s Information & Application Security Engineering function to secure our production and data infrastructures.
    • Conduct regular third-party independent audits of our security posture and ensure any resulting actions to address gaps or weaknesses are appropriately assigned and completed.
    • Manage our response to security incidents and ensure that they are appropriately addressed, documented, and reported.
    • Build a proactive security practice that identifies and remediates issues through white hat activities, game days, and research.
    • Create and lead an Internal Security Steering Committee in collaboration with Curology's Executive Leadership.
    • Be a key stakeholder in Curology's Governance, Risk, and Compliance (GRC) activities.
    • Serve as a key member of the Technology Organization's Senior Leadership Team.
    • Own compensation, team design, hiring, and retention plan for the Security group.

We're Looking For:

    • Public Company Experience: Experience taking a company public in a security leadership role or extensive experience leading security at a public company.
    • Technical Expertise: Demonstrated experience with Application Security, DevOps, or Cloud Security functions including experience with cloud computing technologies, with security commitments to customers and partners.
    • Regulatory Experience: Knowledge and understanding of relevant legal and regulatory requirements, such as HIPAA (Health Insurance Portability and Accountability Act), Sarbanes-Oxley Act (SOX) and Payment Card Industry/Data Security Standard Personally Identifiable Information (PII), Service Organization Control (SOC), and California Consumer Privacy Act (CCPA).
    • Security Leadership Experience: 7+ years of experience in a combination of risk management, information security, and application security engineering roles, with 3+ years in a senior leadership role (Director, VP, or CISO).
    • Security Certifications: CISSP, CISM, CRISC, GSEC, CISA, or ability to be certified.
    • Excellent Communicator: Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
Curology encourages applications from people of all races, religions, national origins, genders, sexual orientations, gender identities, gender expressions and ages, as well as veterans and individuals with disabilities. Notice to Applicants under the CCPA.

Related Jobs

Senior Software Engineer, Product (Remote)

Curology - New York City, NY, US

Senior Software Engineer, Product (Remote)

Curology - Chicago, IL, US

Senior Software Engineer, Product (Remote)

Curology - Baltimore, MD, US

Senior Software Engineer, Product (Remote)

Curology - San Francisco, CA, USRemote

Director, People & Culture Business Partners

Curology - San Francisco, CA, US
Disclaimer: Local Candidates Only
This company does NOT accept candidates from outside recruiting firms. Agency contacts are not welcome.