Senior Information Security Engineer

Who are we and why should you join us?

BetterHelp is on a mission to remove the traditional barriers to therapy and make mental health care more accessible to everyone. Founded in 2013, we are now the world’s largest online therapy service, providing affordable and convenient therapy in across the globe. Our network of over 30,000 licensed therapists has helped millions of people take ownership of their mental health and change their lives forever. And we’re not stopping there – as the unmet need for mental health services continues to grow, BetterHelp is committed to being part of the solution.

As a Senior Information Security Engineer at BetterHelp, you’ll join a diverse team of licensed clinicians, engineers, product pros, creatives, marketers, and business leaders who share a passion for expanding access to therapy. And as a mental health company, we take employee mental health just as seriously as we do our mission. We deeply invest in our team’s well-being and professional development, because we know that business and individual growth go hand-in-hand. At BetterHelp, you’ll carve your own path, make an immediate impact, and be challenged every day – with a supportive community behind you the whole way.

What are we looking for?

BetterHelp is looking for a motivated individual with experience developing a security framework and establishing compliance standards to meet emerging technology challenges and increasing regulatory requirements. This is to align with BetterHelp’s rapidly growing client base and expanding territories. This position will bridge high level strategic requirements with operational processes while interacting and engaging various BetterHelp teams, departments, and customers. This is an exciting opportunity for someone who is seeking challenges and is interested in an organization with enormous potential and accelerated growth.

What will you do?

• Establish a security framework standard and develop an Information Security Management System (ISMS).
• Create security policies, standards, and processes to meet regulatory compliance such as HIPAA.
• Develop the standards and program needed to comply with HITRUST involving the establishment of controls for BetterHelp’s Common Security Framework (CSF). This includes direct involvement in HITRUST certification processes and milestones.
• Directly assist the Head of Information Security with strategic security projects, planning, and implementation.
• Assist the BetterHelp Sales team with security related due diligence such as completing customer security questionnaires, providing requested documentation, and other pre-sales security activities. This includes creating a sales security kit or presentation.
• Work closely with Legal to perform security reviews of contracts/agreements.
• Collaborate and assist BetterHelp IT with security initiatives and compliance.
• Plan and position BetterHelp for security certifications including assessment readiness, remediation, and annual renewals. These responsibilities involve working closely with external auditors, and establishing an internal auditing program to meet certification requirements.
• Direct enforcement and monitoring of security standards including annual review of security policies and modifications needed.
• Establish a mature Business Continuity Plan and Disaster Recovery Strategy to mitigate against catastrophic events and business impacts.
• Create an effective security awareness training program for new employees and annual renewal training for existing staff. This involves continuous refresh of security training content and updated material aligned with new threats.
• Improve incident responses through the creation of new processes and the establishment of a Security Incident Response Team (SIRT). Conduct routine drills and ensure rapid responses with key responsibilities defined.
• Develop security Key Performance Indicators (KPIs) to measure security effectiveness and compliance throughout the organization.
• Evaluate new solutions and tools to improve security requirements and monitoring.

What will you NOT do?

• You will NOT worry about "runway", "cash left", or "how much time we have until the next round". We have the startup DNA but we're fully backed and funded, all the way to success.
• You will NOT be confined to your "job". You will get involved in product, marketing, business strategy, and almost everything we do.
• You will NOT be bogged down by office politics, ego, or bad attitude. Only positive, pleasure-to-work-with people are allowed here!
• You will NOT get yourself burned out. We work hard but we believe in maintaining a sustainable work/life balance. Really.

Can I work remotely?

Yes. We operate on PST and candidates in any time zone are welcome to apply. We ask employees to travel to our San Jose, CA office up to three times per year plus one company-wide offsite to collaborate in person and strengthen working relationships. Travel expenses are covered and reasonable accommodations are made for those under unique circumstances who cannot travel.

Requirements

• 5+ years of combined technical and leadership experience in an Information Technology/Information Security role and proven success through measurable impact and increasing responsibilities.
• Bachelor’s/Master’s degree or equivalent in Computer Science, Information Systems, or equivalent technical discipline. Experience in a related technical leadership position is also acceptable.
• Great communications skills particularly in writing, hosting meetings, interacting directly with customers/clients, and delivering presentations across a wide audience knowledge base.
• Experience in security certifications and regulatory compliance such as HITRUST, ISO 27001, SOC 2, FedRAMP, PCI-DSS, GDPR, CCPA, and others.
• Experience with security frameworks and creating policies, security standards, and processes.
• Ability to work and collaborate with various entities including technical, non-technical, and senior leadership team members. This includes engaging and interacting with external auditors directly and providing relevant artifacts as requested.
• Excellent organizational and leadership skills, strong attention to detail, able to work independently, and extremely motivated.
• Experience with performing risk assessments, security reviews, privacy policies, completing RFPs and security questionnaires.
• Knowledge of Atlassian Confluence for developing intranet content and policy creation.

Benefits

• Remote work with regular in-person bonding experiences sponsored by the company
• Competitive compensation 
• Holistic perks program (including free therapy, employee wellness, and more)
• Excellent health, dental, and vision coverage
• 401k benefits with employer matching contribution
• The chance to build something that changes lives – and that people love
• Any piece of hardware or software that will make you happy and productive
• An awesome community of co-workers

The base salary range for this position is $130,000 - $175,000. In addition to the base salary, this position is eligible for a performance bonus and the extensive benefits listed here (subject to eligibility requirements): Teladoc Health Benefits 2025. Total compensation is based on several factors – including, but not limited to, type of position, location, education level, work experience, and certifications. This information is applicable to all full-time positions.

At BetterHelp we thrive on difference and individuality, and as part of the Teladoc Health family, we are proud to be an Equal Opportunity Employer. We never have and never will discriminate against any job candidate or employee due to age, race, ethnicity, religion, sex, color, national origin, gender, gender identity, sexual orientation, medical condition, marital status, parental status, disability, or Veteran status.