Virtual Chief Information Security Officer (vCISO)

The Opportunity Triplemoon is seeking a Virtual Chief Information Security Officer (vCISO) to oversee and continuously strengthen our information security, IT operations, and compliance posture. As a fully remote healthcare organization, we rely on secure, scalable technology systems to support our employees, patients, and provider partners. This role combines strategic information security leadership with hands-on operational oversight. The ideal candidate will serve as Triplemoon's trusted security advisor, ensuring our systems remain secure, compliant, and audit-ready while providing responsive support to our growing remote workforce.

Responsibilities

Information Security & Compliance Own the strategy, design, implementation, and continuous improvement of Triplemoon's information security and compliance program. Ensure ongoing compliance with HIPAA and healthcare security best practices. Lead readiness efforts for future SOC 2 certification and other security frameworks as needed. Develop, maintain, and document security policies, procedures, and controls. Coordinate security incident response, investigation, remediation, and post-incident reviews. Support customer security questionnaires, audits, and compliance requests. Partner with leadership to identify, assess, and mitigateinformation security risks. IT Operational Oversight Manage and oversee an IT MSP or MSSP who can: Implement security controls and compliance within SaaS vendors and IT systems Provide tiered end-user support for hardware, software, and SaaS application issues Provide device and asset management Manage identity and access, including systems for onboarding and offboarding Maintain system documentation, operating procedures, and technology standards. Recommend and implement improvements to strengthen security, scalability, and user experience. Vendor Risk Management Conduct security reviews of third-party vendors and software platforms. Maintain required security documentation, including BAAs, DPAs, SOC reports, and related compliance artifacts. Monitor vendor compliance and support periodic risk assessments. Qualifications 7+ years of experience in information security, IT administration, compliance, or related roles. Experience serving as a vCISO, security leader, or senior security consultant. Strong knowledge of HIPAA Security Rule requirements and healthcare security best practices. Experience preparing organizations for SOC 2 audits and other compliance frameworks. Experience supporting early-stage startups or high-growth healthcare organizations. Hands-on experience administering Google Workspace, identity management platforms, endpoint management tools, and SaaS environments. Familiarity with remote workforce security and cloud-first technology environments. Excellent documentation, communication, and stakeholder management skills. Ability to operate independently while serving as a strategic advisor to company leadership.

Preferred Qualifications

Experience working with and configuring cloud-native SaaS stacks for regulatory compliance, such as Vanta, 1Password, Google Workspace, Rippling, and other cloud-based healthcare technology platforms. Success in This Role The successful vCISO will ensure that: Triplemoon maintains a strong security and compliance posture. Security controls are documented, monitored, and continuously improved. Systems remain reliable and well-supported for a fully remote workforce. Customer security reviews and audits are completed efficiently and confidently. Triplemoon remains audit-ready and positioned for future compliance milestones, including SOC 2 readiness. IT issues, including onboarding and offboarding, are handled securely and consistently.