Chief Information Security Officer

Location: San Francisco, CA

Req #200467

The Chief Information Security Officer (CISO) is the most senior executive in Castlight Health completely dedicated to managing information security, technology disaster recovery (DR), risk and technology compliance globally.  S/he will be a member of the General Counsel’s leadership team and held accountable as the enterprise expert in cybersecurity.  The CISO will establish and execute an information security strategy, policy, standards, architecture, processes and assessments to ensure that Castlight Health’s information assets and critical processes are adequately protected with acceptable levels of controls. 

The CISO will be tasked with scaling the enterprise security organization and driving the cybersecurity program to its next level of maturity. S/he will partner closely with leaders in R&D and Compliance in implementing the framework for cybersecurity, as well as interact with broader executive leadership in communicating the evolving needs in cyber. This individual must establish a modernized and sustainable strategy for enterprise risk management, as well as the infrastructure requirements to support a cloud-based environment. In addition to maintaining information security programs, it will be required of the CISO to interact directly with Castlight’s customers and address specific security needs. This will be a highly visible role internally and externally. Given Castlight’s role as a service provider for healthcare management, it will be critical for the CISO to deliver a cybersecurity strategy that will maintain the integrity of the business and the clients they serve.


►Assess current needs; develop, implement, and monitor a strategic, comprehensive enterprise-wide information security and risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled or processed by Castlight Health.

►Lead security strategy, prioritizing client and enterprise data, and coordinate the evaluation, deployment, and management of current and future security technologies.

►Oversee critical cybersecurity areas including: incident response, disaster recovery, awareness, monitoring, remediation, and information governance.

►Oversee the development and enforcement of security policies and procedures based on industry-standard best practices.

►Monitor the design and implementation of incident recovery and business continuity plans, procedures, audits, and enhancements.

►Build strong relationships across the enterprise in order to implement appropriate security controls for a cloud transformation.

►Partner closely with senior leadership, especially infrastructure and engineering, to ensure that all applications and platforms adhere to cybersecurity requirements, as well as secure processing systems.

►Interact directly with Castlight Health’s customers and deliver customized solutions for specific security needs.

►Promote strategic relationships between internal resources and external entities, including customers, vendors, and partner organizations.

►Cultivating a high-performing team of engaged leaders who will continue to evolve to address the information security needs of the company.

►Creating energy and enthusiasm at all levels of the information security organization.

►Recruiting, training, and retaining a world class cyber team with particular focus on developing talent at the junior level, building a bench of best-in-class cybersecurity leaders for the future.

Qualifications and Experience:

►15+ years of relevant information security experience with a minimum of 5 years at VP/SVP level

►Experience communicating information security related concepts to a broad range of technical and non-technical audiences; will have to be an articulate and persuasive leader who can serve as an effective member of the senior leadership team

►Exceptional communication skills necessary to advise and influence the senior management, R&D partners, external vendors and clients

►Strategic leader who can drive a vision for cybersecurity while maintaining an execution-oriented for driving results; an entrepreneurial spirit; ability to serve as a hands-on leader

►Technical background in cyber risk management, privacy, and incident response

►Thorough understanding of IT systems and security tools, including methods, procedures, equipment and software used for delivery; deep understanding of Cloud, Internet of Things, and Database development

►A track record of assessing threat and vulnerability from a business as well as a technical perspective and the ability to develop and champion affordable, efficient and timely security architectures and solutions that support growth of the enterprise’s business

►Strong influencing skills to get things done; a collaborative approach with the ability to partner with business leaders across the enterprise

►Experience implementing cloud security technologies, including encryption, network security, intrusion detection, and digital forensics

►Proponent of continuous improvement process and the ability to challenge the status quo

Characteristics for success:

Accountable and Influential – Global accountability for providing information security assurance for the entire organization. Strong influence management skills are required to provide robust independent challenges and insights to business and senior stakeholders. High level of personal integrity, and the ability to professionally handle confidential matters and demonstrate the appropriate level of judgment and maturity in balanced risk decision making.

Intelligent and Creative – Ability to understand the complex geopolitical environment of crime, hacktivism and nation-state activity. Ability to integrate a deep knowledge of security implications of networks, systems and implications with business process and behavioral security concerns into a single risk picture.

Sense of Urgency – Ability to operate in a highly dynamic environment with the ability to respond and react decisively in a changing set of circumstances and priorities. Ability to quickly assess complex situations and take appropriate action, such as during security incidents.

Strategic – Ability to identify and plan for multi-year opportunities and is prepared to invest time and patience in order to harvest a long-term, multi-year approach.

Strong Communicator – Ability to communicate succinctly and clearly with peers, leadership, direct reports, and outside partner and stakeholders. Able to communicate at all levels up to and including the Board of Directors and external regulators. Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.

Team Leader – Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals. Project management skills; financial/budget management, scheduling and resource management.

Our Values

One team. On a mission. Making things happen.

Diversity and Inclusion

The Castlight culture values and celebrates different backgrounds, perspectives, and points of view. We believe our diversity helps drive creativity and innovation. We strive to make everyone feel included, valued, and engaged; enable them to do their best work; and build their careers here at Castlight. That is why diversity and inclusion are more than just words to us. Rather, they are a commitment to a culture where employees feel respected and empowered to share their ideas and deliver the best results.

Learn more about our continuing commitment to diversity and inclusion.

About Castlight

Castlight is on a mission to make it as easy as humanly possible to navigate healthcare and live happier, healthier, more productive lives. Our health navigation platform connects with hundreds of health vendors, benefits resources, and plan designs, giving rise to the world’s first comprehensive app for all health needs. We guide individuals—based on their unique profile—to the best resources available to them, whether they are healthy, chronically ill, or actively seeking medical care. In doing so, we help companies regain control over rising healthcare costs and get more value from their benefits investments. Castlight revolutionized the healthcare sector with the introduction of data-driven price transparency tools in 2008 and the first consumer-grade wellbeing platform in 2012. Today, Castlight serves as the health navigation platform for millions of people and is a trusted partner to many of the largest employers in the world. We are headquartered in San Francisco, and can be found online at and on the New York Stock Exchange as CSLT.

Castlight Health provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Castlight Health will provide reasonable accommodations for qualified individuals with disabilities.

Castlight Health does not accept unsolicited assistance from recruitment search firms for employment opportunities. All resumes submitted by search firms to any employee at Castlight Health via email, the Internet or in any form and/or method without a signed search agreement on Castlight’s form in place ahead of time will be deemed the sole property of Castlight Health. In such cases, no fee will be paid or payable in the event the candidate is hired by Castlight as a result of the submission.