About League
Founded in 2014, and with a total funding currently at $220 million; League is
a platform technology company powering next-generation healthcare consumer
experiences. Payers, providers, consumer health partners and employers build on
League’s platform to deliver high-engagement, personalized healthcare
experiences consumers love. Millions of people use solutions powered by League
to access, navigate and pay for care.
The Role:
The Director of Security is a senior leadership role responsible for
establishing and maintaining a comprehensive information security program for
League. This includes direct oversight of Security Operations (SecOps) and
Product/Application Security teams. The successful candidate will be a strategic
thinker with a strong technical background, capable of influencing without
direct authority and working collaboratively across all departments to implement
security measures that are proportionate to League's evolving needs and risk
landscape. This role is pivotal in protecting League's assets, data, and
reputation while enabling business objectives.
What you will do:
- Build relationships with stakeholders in customer, engineering, and company
organizations to influence decision making and manage expectations and
escalations
- Collaborate closely with product leaders to influence product strategy,
roadmap, and process
- Work with your teams to set clear and measurable objectives, and drive them
to completion
- Build a high performing team through the ongoing development of current team
members and leaders
- Develop and lead inclusive, welcoming, and effective recruiting processes
- Maintain relationships with senior leaders and colleagues throughout the
company and our external partners, and represent engineering in
cross-functional projects and to the company and partners.
- Proactively identify areas of improvement where engineering teams can make a
difference and work with other teams to make those improvements happen
- Develop, implement, and maintain a strategic, comprehensive enterprise
information security and risk management program to ensure the integrity,
confidentiality, and availability of information.
- Lead and mentor the Security teams across operations and product security,
ensuring effective incident detection, response, and recovery capabilities,
including managing security monitoring tools and processes.
- Oversee the Product/Application Security program, embedding security best
practices into the software development lifecycle (SDLC) from design to
deployment, including code reviews, vulnerability assessments, and
penetration testing.
- Collaborate with engineering, product, legal, IT, and other business units to
ensure security is integrated into their processes and initiatives.
- Champion a culture of security awareness and responsibility throughout the
organization.
- Develop and implement security policies, standards, and procedures that are
practical, effective, and proportionate to League's business objectives and
risk tolerance.
- Conduct regular risk assessments and security audits to identify
vulnerabilities and ensure compliance with relevant regulations and
standards.
- Manage security budgets and vendor relationships.
- Stay current with the latest security threats, technologies, and industry
best practices.
- Provide regular reporting on the current status of the information security
program to executive leadership and relevant stakeholders.
- Effectively influence stakeholders at all levels of the organization to adopt
and support security initiatives, even without direct reporting lines.
- Foster a collaborative environment to achieve shared security objectives
across the company.
What you bring:
- Bachelor's degree in Computer Science, Information Security, or a related
field. A Master's degree is a plus.
- Minimum of 10 years of experience in information security, with at least 5
years in a leadership or management role.
- Demonstrated experience in leading, managing, and delivering Security
Operations (e.g., SIEM, incident response, threat intelligence) and
Product/Application Security (e.g., secure SDLC, SAST/DAST, DevSecOps),
Enterprise Security, and Identity Management functions.
- Proven experience in developing and implementing security strategies,
policies, and programs.
- Strong understanding of common security frameworks and standards (e.g.,
HITRUST, NIST CSF, ISO 27001, SOC 2, PCI DSS).
- Relevant professional certifications are highly desirable (e.g., CISSP, CISM,
CRISC, GIAC certifications).
- Experience working in a dynamic, fast-growing technology company is
preferred.
- Deep understanding of cloud security principles and practices (e.g., AWS,
Azure, GCP).
- Experience in influencing cross-functional teams and driving change in a
collaborative manner.
What We Offer:
- Comprehensive Health Benefits: We prioritize your well-being with complete
medical, dental, and vision coverage
- Bonus Program: Be rewarded for your contributions with our performance-based
bonus program
- Employee Stock Option Program: Become an owner and share in our success
through our stock option program
- Unlimited Paid Time Off: Take the time you need to recharge and maintain a
healthy work-life balance
- Spending Accounts: Manage your healthcare and dependent care expenses with
tax-advantaged spending accounts
- Wellness Days: Prioritize your mental and physical health with dedicated
wellness days throughout the year
- Growth Opportunities: We invest in your future with abundant opportunities
for professional development and advancement
- Mentorship Program: Benefit from guidance and support from experienced
leaders in your field
- Flexible Ways of Working: Enjoy the freedom to work in a way that suits your
life and boosts your productivity
Security-Related Responsibilities
- Responsibility and accountability for executing League's policies and
procedures within the department/ team
- Notification of HR, Legal, Compliance & Security of any incidents, breaches
or policy violations
- Compliance with Information Security Policies
CANADA APPLICANTS ONLY: The Canada-specific compensation range below for this
full-time position is exclusive of bonus, equity and benefits. This range
reflects the minimum and maximum target for base salaries for the position
across all Canadian locations. The salary range is intentional to account for
the performance and career progressions a Leaguer will experience in the role
throughout their time at League. Where in the band you may land is determined by
job-related skills/experience. Your recruiter can share more about the specific
salary range specific to your skills and experience during the hiring process.
Compensation range for Canada applicants only
$210,100—$262,000 CAD
Our employees come from different backgrounds, and we celebrate those
differences. We are looking for the best candidates for our open roles, but do
not expect applicants to meet every qualification in order to be considered. If
you are excited about what you could accomplish at League and believe you can
add value to our team, we would love to hear from you.
We are committed to equal employment opportunity regardless of race, color,
ancestry, religion, sex, national origin, sexual orientation, age, citizenship,
marital status, disability, gender identity or Veteran status. If you are an
individual in need of assistance at any time during our recruitment process,
please contact us at recruitinginfo@league.com [recruitinginfo@league.com].
Our Application Process:
Applying to a role you love can be exhausting, and understanding the next steps
can feel vague and uncertain. You have done the hard part of submitting your
application; let's do ours by sharing potential next steps
- You should receive a confirmation email after submitting your application.
- A recruiter (not a computer) reviews all applications at League.
- If we see alignment with League's needs, a recruiter will reach out to learn
more about your goals. The recruiter will also share the team-specific
interview process depending on the roles you are exploring.
- The final step is an offer, which we hope you will accept!
- Prior to joining us, we conduct reference and background checks. Additional
checks could be required for US Candidates, depending on the role you are
exploring.
Here are some additional resources to learn more about League:
Recognize and Avoid Employment scams. Practice safe job searching.
Scammers are getting craftier and leveraging fake job postings to get personal
information. Know the warning signs and protect yourself from scammers. Learn
more here [https://go.league.com/phishing-guidelines].
Use of AI Notice
We are committed to ensuring fairness and transparency throughout our hiring
process. League may use Artificial Intelligence (AI) tools to assist in the
screening of applicants for this position. Please check out our stance on using
AI in recruitment here [https://league.com/ai-policy-hiring/].
Privacy Policy
Review our Privacy Policy [https://league.com/applicant-privacy-notice/] for
information on how League is protecting personal data.
