Information Security Lead

Click Therapeutics•New York, NY

14h•$130,000 - $180,000•Hybrid

About The Position

As Information Security Lead, you'll be at the forefront of safeguarding our groundbreaking digital therapeutics. We're seeking an individual with deep technical expertise in information security in the healthcare sector, ready to tackle complex challenges and pioneer innovative solutions. This isn't just a role; it's an opportunity to build, mentor, and inspire a high-performing team, while strategically collaborating across diverse departments to embed security into the very fabric of our revolutionary products. Your ability to swiftly master new technologies and meticulously adhere to processes in a highly regulated environment will be crucial as you champion information security across every facet of our company and with all our valued partners. This position is based out of Click’s headquarters located in Tribeca, NYC, at the center of one of the fastest-growing digital health communities. We have a hybrid working model that consists of at least 4 days in office each week.

Requirements

Experience within a highly regulated industry such as medical devices, pharmaceuticals, biotechnology, or healthcare
Understanding of common security frameworks and standards, including NIST Cybersecurity Framework (CSF), ISO 27001/27002, and SOC 2.
Knowledge of risk assessment methodologies, threat modeling, network security, cloud security (AWS), application security, and data protection technologies.
Experience leading or participating in formal security audits.
Experience in interfacing with engineering teams and running in tiger-teams or embedded SME Scrum teams.
Leadership and communication skills, with the ability to articulate complex security concepts to technical and non-technical audiences.

Responsibilities

Maintain, and continually improve the Information Security Management System (ISMS) to maintain relevant certifications (e.g., ISO 27001, SOC 2, IEC 81001-5-1 and UK Cyber Essentials Plus).
Lead the technical security aspects of data privacy to ensure compliance with GDPR, CCPA, and HIPAA.
Lead and mature the company's Security Operations Center (SOC) capabilities, including threat intelligence, monitoring, detection, and analysis.
Responsible for collecting, analyzing, escalating, and responding to cybersecurity vulnerabilities, threats, and attacks using SIEM and EDR technologies.
Collaborate with Engineering to ensure Secure Development Lifecycle (SDLC) practices are followed, integrating threat modeling, static/dynamic analysis, fuzz testing, and formal verification into the development process.
Develop and maintain reporting of Key Performance Indicators (KPIs) of threats and incidents, including incident response timeliness and general observability metrics.
Oversee security testing activities, including penetration testing and vulnerability scanning.
Conduct security training and awareness programs for employees to promote a culture of security.
Oversee all third-party and vendor risk management activities
Collaborate with Quality and Regulatory on cybersecurity processes
Support regulatory submissions by generating Cybersecurity Quality Management System (QMS) documentation, ensuring compliance with FDA Cybersecurity Guidance (2025), EU MDR, NIST 800-53, IMDRF, and AAMI TIR57.