Back to jobs
New

Vice President, Information Security: Cloudsec, GRC & IT

Remote; San Francisco, CA

Who We Are:

SmithRx is a rapidly growing, venture-backed Health-Tech company.  Our mission is to disrupt the expensive and inefficient Pharmacy Benefit Management (PBM) sector by building a next-generation drug acquisition platform driven by cutting edge technology, innovative cost saving tools, and best-in-class customer service.  With hundreds of thousands of members onboarded since 2016, SmithRx has a solution that is resonating with clients all across the country.

We pride ourselves for our mission-driven and collaborative culture that inspires our employees to do their best work. We believe that the U.S healthcare system is in need of transformation, and we come to work each day dedicated to making that change a reality. At our core, we are guided by our company values:

  • Integrity: Our purpose guides our actions and gives us confidence in the path ahead. With unwavering honesty and dependability, we embrace the pressure of challenging the old and exemplify ethical leadership to create the new.
  • Courage: We face continuous challenges with grit and resilience. We embrace the discomfort of the unknown by balancing autonomy with empathy, and ownership with vulnerability. We boldly challenge the status quo to keep moving forward—always.
  • Together: The success of SmithRx reflects the strength of our partnerships and the commitment of our team. Our shared values bind us together and make us one. When one falls, we all fall; when one rises, we all rise.

Job Summary:

SmithRx is developing the next-generation modern pharmacy benefits management (PBM) platform that will change how companies administer and manage pharmacy benefits. Our unified technology platform provides real-time actionable insights that drive cost savings, power clinical services, and result in a brilliant customer experience. A unified technology platform exists nowhere in the pharmacy benefit ecosystem to programmatically solve widespread deficiencies. The result is a PBM delivering unmatched service quality and operational efficiency that exceeds all industry standards.

As the VP of Information Security, you will play a critical role in enabling the success of our platform and people by safeguarding the security of SmithRx’s data, systems, and infrastructure while ensuring compliance with industry regulations and standards. You will collaborate closely with business stakeholders and technology teams to implement and continuously improve a robust information security program that integrates security seamlessly into all processes and systems. This leadership role will also focus on assessing and mitigating operational, legal, regulatory, and security risks across all aspects of IT and technology.

In order to be eligible for this position applicants must be based in one of the following states: Arkansas, Arizona, California, Colorado, Florida, Georgia, Kansas, Minnesota, Missouri, Nevada, North Carolina, Ohio, Pennsylvania, South Carolina, Tennessee, Texas, Utah, Virginia, Washington, Wisconsin.

What you will do:

  • Lead and drive SmithRx's overall cybersecurity strategy, integrating robust security practices that support and enhance business operations while safeguarding sensitive data, systems, and infrastructure.
  • Identify, evaluate, and manage information security risks while ensuring compliance with industry standards, regulations, and governance frameworks.
  • Develop and execute a comprehensive risk management framework focused on auditable governance, compliance, IT security, application and product security, and cloud security.
  • Establish measurable goals and objectives to build a culture of trust, compliance, and security.
  • Develop, document, and enforce security practices and controls to secure enterprise-wide data and systems.
  • Lead cloud and product security efforts, ensuring that our cloud platforms and services align with relevant industry standards, regulations, and compliance requirements.
  • Oversee the implementation and management of advanced security monitoring, incident detection, and response tools.
  • Evaluate and manage third-party risk by assessing the security posture of cloud providers, vendors, and other third-parties.
  • Build, mentor, and lead high-performing teams of cybersecurity professionals, ensuring a collaborative and innovative work environment.
  • Spearhead security training and awareness programs to ensure all employees understand the importance of maintaining a secure environment.
  • Lead incident response efforts, conducting post-event analysis and continuously improving security processes and capabilities.

Cloud & Product Security:

  • Define and implement cloud security policies, standards, and best practices to safeguard infrastructure and data.
  • Collaborate with DevOps and engineering teams to integrate security and auditability into the software development lifecycle (SDLC), cloud infrastructure, and cloud operations.
  • Manage and optimize cloud security tools, including ICAM, encryption and key management, cloud and data security posture management, and intrusion detection and prevention systems.
  • Conduct regular vulnerability assessments and penetration testing of cloud systems and ensure timely remediation of issues.
  • Ensure continuous compliance with frameworks like NIST, HIPAA, and others while continuously enhancing security measures.

Governance, Risk & Compliance (GRC):

  • Lead efforts to ensure compliance with regulatory frameworks and manage ongoing risk assessment and risk management processes.
  • Engage with legal, compliance, and regulatory teams to meet SmithRx’s security obligations and reduce risks.
  • Oversee security-related governance, risk assessments, vendor risk management, and security awareness initiatives.
  • Lead the architecture, engineering, and management of strategic security programs that align with the company's business goals.

IT Infrastructure Management

  • Ensure the security, scalability, and reliability of the company’s IT infrastructure, including network security, endpoint protection, data protection, business continuity, and disaster recovery.
  • Oversee the design and execution of security measures for internal systems and ensure alignment with business objectives.

Budget and Resource Management

  • Manage the security budget, ensuring optimal allocation of resources for security initiatives.
  • Collaborate with cross-functional departments to ensure technology investments align with overall business priorities.

Vendor Management

  • Evaluate and manage relationships with third-party vendors, ensuring the selection of secure and compliant services.
  • Negotiate contracts and manage security performance and costs with external partners and service providers.

What you will bring to SmithRx:

  • Bachelor’s or Master’s degree in Computer Science, Information Technology, or related field.
  • 15+ years of experience in cybersecurity, IT security, and risk management across multiple functions. Experience within the healthcare vertical is required. 
  • 8+ years in a leadership role with experience managing and scaling security and engineering teams, including prior experience as Head of Information Security, or an equivalent leadership role. 
  • Strong knowledge of cloud technologies, infrastructure security, threat-informed defense, and cybersecurity best practices.
  • Proven experience with DevOps, CI/CD, and integrating security into the software development and product management lifecycle.
  • Expertise in incident response, compliance frameworks, risk management, cloud security, and application security practices.
  • Strong communication, collaboration, and interpersonal skills with a demonstrated ability to influence and lead across the organization.
  • Strategic mindset with a focus on aligning security initiatives with business goals.

If you're a visionary leader with a proven track record in managing cybersecurity programs, cloud security, and IT risk, we invite you to apply for this impactful position. Join us and help shape the future of SmithRx’s technology ecosystem with an unwavering commitment to security and trust.

What SmithRx Offers You: 

  • Highly competitive wellness benefits including Medical, Pharmacy, Dental, Vision, and Life Insurance and AD&D Insurance
  • Flexible Spending Benefits 
  • 401(k) Retirement Savings Program 
  • Short-term and long-term disability
  • Discretionary Paid Time Off 
  • 12 Paid Holidays
  • Wellness Benefits
  • Commuter Benefits 
  • Paid Parental Leave benefits
  • Employee Assistance Program (EAP)
  • Well-stocked kitchen in office locations
  • Professional development and training opportunities

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in SmithRx’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.