Relias
VP, Information Security
🇺🇸 Hybrid - Morrisville, NC
🕑 Full-Time
💰 TBD
💻 Cybersecurity
🗓️ September 7th, 2025
CCSP
CISM
CISSP
Edtech.com's Summary
Relias is hiring a VP, Information Security to lead enterprise-wide security strategy, governance, and operations. The role drives the development and management of the Information Security Management System (ISMS), ensures compliance with key security frameworks, and partners across the organization to embed security by design and reduce risk exposures.
Highlights
- Lead multi-year security strategy and manage the Bertelsmann ISMS, including risk assessments and policy frameworks.
- Ensure compliance with ISO/IEC 27001, SOC 2 Type II, HIPAA, GDPR, and advance FedRAMP/HITRUST certifications.
- Oversee mature Security Operations Center (SOC) and incident response to reduce mean time to detect/resolve (MTTD/MTTR).
- Collaborate with Engineering and IT to embed secure-by-default standards such as threat modeling, SAST/DAST, secrets management, and container hardening.
- Advance enterprise cloud security initiatives including Zero Trust identity and AWS/Azure hardening.
- Participate in AI Governance and ensure privacy-by-design compliance.
- Scale customer trust programs supporting enterprise deals and security questionnaires.
- Build and retain high-performing teams across GRC, AppSec, CloudSec, and SecOps with security training and champions network.
- Require 12+ years in information security leadership within cloud-native SaaS, experience with ISMS and compliance frameworks, and strong executive communication skills.
- Preferred certifications include CISSP, CISM, CCSP, SSCP, or HCISPP.
VP, Information Security Full Description
VP, Information Security
Are you looking for a high energy, strategic, and fast-paced position as a VP, Information Security? Join Relias, the company changing lives throughout the world by helping healthcare organizations improve their clinical and financial outcomes!
For 11,000+ health care and human service organizations, Relias helps clients deliver better clinical and financial outcomes by elevating the performance of teams. We help organizations across the continuum of care get better at maintaining compliance, developing staff and promoting consistent, high-quality care. Our platform employs assessments to reveal specific gaps in skills and addresses them with personalized and engaging learning, choosing from 7,000+ online courses that meet accrediting board, state and federal requirements. We are passionate about our products and our clients; what we deliver and the impact we have on the world is truly something you can be proud to represent. Join us and make a difference.
WHAT CAN RELIAS OFFER YOU?
- Fantastic health and wellness benefits package, including an outstanding 401k match, a flexible PTO program, and a generous and inclusive parental leave policy. Additionally, Relias pays for the employee portion of the monthly healthcare premium!
- Flexible work environment with onsite and work from home options – you choose when you want to come into the office!
- Active Employee Resource Groups open to all employees!
- Comprehensive onboarding program – a great introduction to our company, customers and culture!
- Growth and career advancement opportunities!
- 20%+ annual employee promotion and transfer rate
- Multiple development program options – leadership development, professional development curriculums, and Nanodegree options in both technology and data science
- Professional development gained from conference attendance and participation in organizations like NC Tech
- Onsite 321 Coffee Shop providing free coffee and pastries to employees
SUMMARY:
The VP of Information Security is an executive leader responsible for driving enterprise-wide security strategy, governance, and operations. This role ensures that security practices scale with the business, high-risk exposures are reduced, and compliance with ISO, SOC 2, GDPR, FedRAMP, and HITRUST is achieved and sustained.
WHERE YOU'll WORK (HYBRID)
40+ days / quarter in our Morrisville office (near the Raleigh/Durham airport)
WHAT YOU’LL BE DOING:
• Strategy & Information Security Management System ISMS: Setting the multi-year security strategy and run the Bertelsmann ISMS: risk assessment / management, policy framework, KPIs/KRIs, and management reviews with the divisional team (at least quarterly).
• Governance & Compliance: Delivering and sustaining ISO/IEC 27001, SOC 2 Type II, HIPAA, GDPR; map/advance FedRAMP/HITRUST and other frameworks.
• Security Operations & IR: Mature SOC; driving continuous reduction in MTTD/MTTR; overseeing incident reporting obligations across the security organization.
• Security by Design (with Engineering, IT & Ops): Co-owning secure-by-default standards and embedding them across products and core processes—threat modeling, SAST/DAST/SCA, secrets/vaulting, SBOM, and container/K8s hardening—driving measurable reductions in defect escape and time-to-remediate.
• Enterprise/Cloud Security: Advancing Zero Trust identity, endpoint, network segmentation; hardening AWS/Azure (CSPM/CIEM), data protection & key management
• AI Governance & Privacy: Actively participating in the AI Governance Committee; ensuring compliance with group AI thresholds, and partnering with Data Protection on privacy-by-design.
• GRC/Trust Enablement: Scaling the customer trust program (security questionnaires, artifacts, CAIQ/SIG), supporting enterprise deals, and briefing customers as exec sponsor.
• People & Culture: Building and retaining a high-performing team across GRC, AppSec, CloudSec, and SecOps; growing a security champions network and role-based training.
• Exec Communication: Translating risk to financial impact and ROI; briefing CFO/Division on posture, roadmap, and investment trade-offs.
• Partnering with engineering and operations teams to embed security by design into all products and processes.
• Ownership of Relias reporting to the Bertelsmann ISMS: risk assessment/management, quarterly (at least) management reviews with the divisional team, and incident reporting across the security organization.
YOU’VE GOT WHAT IT TAKES IF YOU HAVE/ARE:
• 12+ years in information security with meaningful time leading across GRC, AppSec, CloudSec, and SecOps in cloud-native SaaS.
• Proven success running an ISMS (ISO 27001) and delivering SOC 2 Type II; HIPAA/GDPR fluency; FedRAMP/HITRUST.
• Bachelor’s degree in information security or equivalent experience in Information Security
• Executive presence and crisp communication—able to turn technical risk into business decisions and defend prioritization with data.
• Experience building teams, operating incident command, partnering with Legal, IT, Engineering, and Internal Audit.
• Knowledge of security and compliance frameworks (NIST, ISO 27001, SOC 2 (Trust Services Criteria), etc)
• Analytical and troubleshooting of issues and needs
• Strong technical background and the ability to discuss security topics at an architectural level
• Communication and presentation skills (written and oral)
• Leadership, teamwork and conflict management
• Highly adaptable to constantly changing business and technology environments
EXPERIENCE/EDUCATION PREFERRED:
Having at least one of the following certifications is a plus:
• Certified Information Systems Security Professional (CISSP) - Strongly preferred
• Certified Information Security Manager (CISM)
• Certified Cloud Security Professional (CCSP)
• Systems Security Certified Practitioner (SSCP)
• Healthcare Information Security and Privacy Practitioner (HCISPP)
The VP of Information Security is an executive leader responsible for driving enterprise-wide security strategy, governance, and operations. This role ensures that security practices scale with the business, high-risk exposures are reduced, and compliance with ISO, SOC 2, GDPR, FedRAMP, and HITRUST is achieved and sustained.
WHERE YOU'll WORK (HYBRID)
40+ days / quarter in our Morrisville office (near the Raleigh/Durham airport)
WHAT YOU’LL BE DOING:
• Strategy & Information Security Management System ISMS: Setting the multi-year security strategy and run the Bertelsmann ISMS: risk assessment / management, policy framework, KPIs/KRIs, and management reviews with the divisional team (at least quarterly).
• Governance & Compliance: Delivering and sustaining ISO/IEC 27001, SOC 2 Type II, HIPAA, GDPR; map/advance FedRAMP/HITRUST and other frameworks.
• Security Operations & IR: Mature SOC; driving continuous reduction in MTTD/MTTR; overseeing incident reporting obligations across the security organization.
• Security by Design (with Engineering, IT & Ops): Co-owning secure-by-default standards and embedding them across products and core processes—threat modeling, SAST/DAST/SCA, secrets/vaulting, SBOM, and container/K8s hardening—driving measurable reductions in defect escape and time-to-remediate.
• Enterprise/Cloud Security: Advancing Zero Trust identity, endpoint, network segmentation; hardening AWS/Azure (CSPM/CIEM), data protection & key management
• AI Governance & Privacy: Actively participating in the AI Governance Committee; ensuring compliance with group AI thresholds, and partnering with Data Protection on privacy-by-design.
• GRC/Trust Enablement: Scaling the customer trust program (security questionnaires, artifacts, CAIQ/SIG), supporting enterprise deals, and briefing customers as exec sponsor.
• People & Culture: Building and retaining a high-performing team across GRC, AppSec, CloudSec, and SecOps; growing a security champions network and role-based training.
• Exec Communication: Translating risk to financial impact and ROI; briefing CFO/Division on posture, roadmap, and investment trade-offs.
• Partnering with engineering and operations teams to embed security by design into all products and processes.
• Ownership of Relias reporting to the Bertelsmann ISMS: risk assessment/management, quarterly (at least) management reviews with the divisional team, and incident reporting across the security organization.
YOU’VE GOT WHAT IT TAKES IF YOU HAVE/ARE:
• 12+ years in information security with meaningful time leading across GRC, AppSec, CloudSec, and SecOps in cloud-native SaaS.
• Proven success running an ISMS (ISO 27001) and delivering SOC 2 Type II; HIPAA/GDPR fluency; FedRAMP/HITRUST.
• Bachelor’s degree in information security or equivalent experience in Information Security
• Executive presence and crisp communication—able to turn technical risk into business decisions and defend prioritization with data.
• Experience building teams, operating incident command, partnering with Legal, IT, Engineering, and Internal Audit.
• Knowledge of security and compliance frameworks (NIST, ISO 27001, SOC 2 (Trust Services Criteria), etc)
• Analytical and troubleshooting of issues and needs
• Strong technical background and the ability to discuss security topics at an architectural level
• Communication and presentation skills (written and oral)
• Leadership, teamwork and conflict management
• Highly adaptable to constantly changing business and technology environments
EXPERIENCE/EDUCATION PREFERRED:
Having at least one of the following certifications is a plus:
• Certified Information Systems Security Professional (CISSP) - Strongly preferred
• Certified Information Security Manager (CISM)
• Certified Cloud Security Professional (CCSP)
• Systems Security Certified Practitioner (SSCP)
• Healthcare Information Security and Privacy Practitioner (HCISPP)
Relias is an Equal Opportunity Employer and a Drug-Free workplace
IN OFFICE REQUIREMENT:
Relias values collaboration and wants to ensure that our team members have opportunities to work with their teams regularly for professional development opportunities. Our flexible hybrid work environment requires that you live in the state of North Carolina, within a commutable distance to our office (~1-hour commute). You would be expected to work in our Morrisville, NC Headquarters approximately 40 days/quarter.
Similar Jobs
Principal Security Engineer
Sylogist
🇨🇦 Remote - CA
Cloud Security Engineer
Columbia University
🇺🇸 Remote - US
Fraud Prevention Security Analyst
Virginia's Community College System
🇺🇸 Fairfax County, VA
Cybersecurity Framework Administrator
University of Florida
🇺🇸 Gainesville, FL
Information Security Compliance Analyst (12 Month Contract)
D2L
🇨🇦 Hybrid - CA
