Director, IT & Security

Octave is a modern behavioral health practice creating a new standard for care delivery that’s both high-quality and accessible. With in-person and virtual clinics in multiple states, the company offers evidence-based individual, couples, and family therapy, while pioneering relationships with payers to make care more affordable through insurance. By raising the bar on how care is delivered and how providers are supported, we are building a sustainable system that values equity, affordability, and effectiveness.

As the Director of IT & Security, you are the primary architect of the company’s technological resilience and security posture. You provide the strategic vision for a scalable, secure corporate infrastructure that enables rapid business growth while maintaining rigorous compliance. You are not just managing systems; you are owning the overall strategy for risk mitigation, technical governance, and the evolution of the modern workplace.

• →Develops, coordinates, and implements  systems, policies, procedures, and productivity standards.
• →Foster a positive and collaborative work environment.
• →Oversee the planning, execution, and completion of projects and initiatives within the team.
• →Establish and monitor operational processes and workflows to enhance efficiency and productivity.
• →Implement best practices, monitor key performance indicators (KPIs), and develop strategies to achieve operational excellence.
• →Ensures a safe, secure, and compliant work environment.
• →Build and manage a high-performing team, including hiring, training, and development.
• →Provide leadership to the team, including setting goals/objectives, providing guidance/feedback, and ensuring the team's overall success.
• →Identify skill gaps within the team and develop strategies for filling those gaps. Support employee development through training, mentoring, and coaching. Identify high-potential employees and create succession plans.

• →Define and own the company IT and security strategy, aligning infrastructure, systems, and risk posture with company growth, product evolution, and regulatory requirements.
• →Build, lead, and scale a high-performing IT and Security organization, establishing clear operating models, priorities, and accountability across IT and security operations.
• →Oversee end-to-end IT operations and employee technology experience, including onboarding/offboarding, identity and access management, device lifecycle, and enterprise tooling.
• →Own and mature the security program, including governance, risk management, security architecture, vulnerability management, and threat detection and response (SOC).
• →Drive the management —in partnership with our compliance committee — of risk, compliance, and audit, leading HIPAA and SOC 2 readiness, managing audits, and ensuring continuous compliance through strong policies, controls, and documentation.
• →Partner cross-functionally with Engineering, Product, Data, Legal, and People teams to embed security and IT best practices into systems, development lifecycles, and business operations.
• →Drive company initiatives to enhance system reliability, scalability, security, and business continuity, including disaster recovery planning and resilience of critical systems.
• →Own the IT vendor and partner strategy, including selection, negotiation, performance management, and cost optimization while maintaining high security and service standards.
• →Establish and report on KPIs and metrics for IT performance, security posture, and risk, providing actionable insights to executive leadership.
• →Act as a trusted advisor to leadership, guiding decisions on technology investments, emerging threats, and trade-offs between risk, cost, and speed.
• →Own the company's AI governance framework, including acceptable use policies, tool evaluation processes, and an enterprise-wide AI inventory and risk register.
• →Define standards for embedding AI tools into workflows and business processes, ensuring integration architecture, data flows, and security controls align with compliance obligations.
• →Own data classification standards and data loss prevention strategy, ensuring sensitive data — including PHI — is identified, categorized, and protected in alignment with HIPAA and other regulatory requirements.
• →Leverage AI tools as a core part of daily work (drafting, research, iteration) to improve efficiency, quality, and decision-making.

• Deep expertise across enterprise security, cloud infrastructure, networking, and IT systems.
• Strong background in security governance, risk management, and compliance frameworks (HIPAA, SOC 2, or similar).
• Proven ability to set strategy and influence executive stakeholders, translating technical concepts into business impact.
• Demonstrated success building and leading high-performing, multi-functional teams.
• Strong cross-functional leadership and systems thinking in complex environments.
• Experience developing AI governance frameworks, acceptable use policies, or responsible AI programs.
• Excellent communication skills, including experience with executive-level presentations and company-wide initiatives.
• Expertise in identity and access management and enterprise tooling (Google Workspace, JAMF/MDM, Okta/OneLogin, Slack, etc.).
• Experience defining and operationalizing metrics and performance frameworks.
• Comfort using AI tools in day-to-day workflows, with a willingness to continuously rethink and improve how work gets done.
• Curiosity and openness to experimenting with new tools and approaches; prior experience with AI tools is a plus.

• Minimum 10 years of IT or technical security experience, with at least 6 years in a leadership role.
• Proven track record of scaling enterprise IT and security programs in high-growth startup environments.
• Experience partnering with executive teams on strategic technology decisions.
• Hands-on experience managing enterprise security operations, cloud environments, and IT infrastructure.
• Proven track record of leading security audits, risk assessments, and compliance initiatives.
• Experience with scripting, automation, and system integrations to streamline IT operations.

• IT or security certifications (CISSP, CISM, CompTIA Security+, or equivalent).
• Prior experience in healthcare or HIPAA-regulated environments.
• Experience leading remote or hybrid IT teams.
• Advanced knowledge of security automation, threat detection, and response tools.

• Prolonged periods sitting at a desk and working on a computer. 
• Must be able to frequently communicate with others through virtual meeting applications such as Zoom and Google Meet. 
• Must be able to observe and communicate information on company provided laptop. 
• Move up to 10 pounds on occasion. 
• Must be eligible to work in the United States without sponsorship now or in the future.

The below values drive our day-to-day operations.

• We’re human beings first. We operate with empathy and kindness – with our clients, with our collaborators, and with ourselves.
• People deserve better than status quo. We’re willing to tackle the intractable problems, no matter how big, because someone should. We ask big questions, we craft big solutions, and we challenge ourselves and others to make it happen.
• No bystanders. No stars. No tourists. Each person has been selected to be here, and with that comes a responsibility to bring your expertise, share your ideas, and help make this company better.
• Partnership paves the path ahead. We don’t operate in a silo, internally or externally. To transform the system, we believe in working with others to create something bigger, better, and stronger.
• Quality is crucial at scale. Quality is core to our business, and we refuse to sacrifice it as we grow.
• Progress is a process. In the pursuit of progress, we iterate, reflect, learn, adjust – and always leave things better than we found them.
• There are people behind every data point. We recognize that numbers tell only one part of the story, and we also do the work to understand impacts at the individual level.

As part of our hiring process, we may use technology tools, including AI-supported systems, to assist with reviewing applications or documenting interviews. These tools are designed to support our team, not replace human judgment, and final hiring decisions are always made by our team.

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Please complete the following application. Please note that the U.S. Equal Opportunity Employment Information questions below are used for the purposes of EEOC reporting and are optional to complete. Octave is unable to change these questions and we acknowledge that many of the U.S. Equal Opportunity Employment Information questions are not inclusive or affirming of all aspects of cultural identity. Octave is committed to an inclusive workplace environment, and this information will not inform how we approach hiring or employment.