Director, IT & Security

About the Company:

Octave is a modern behavioral health practice creating a new standard for care delivery that’s both high-quality and accessible. With in-person and virtual clinics in multiple states, the company offers evidence-based individual, couples, and family therapy, while pioneering relationships with payers to make care more affordable through insurance. By raising the bar on how care is delivered and how providers are supported, we are building a sustainable system that values equity, affordability, and effectiveness.

Job Summary:

As the Director of IT & Security, you are the primary architect of the company’s technological resilience and security posture. You provide the strategic vision for a scalable, secure corporate infrastructure that enables rapid business growth while maintaining rigorous compliance. You are not just managing systems; you are owning the overall strategy for risk mitigation, technical governance, and the evolution of the modern workplace.

Management Responsibilities:

• Develops, coordinates, and implements systems, policies, procedures, and productivity standards.
• Foster a positive and collaborative work environment.
• Oversee the planning, execution, and completion of projects and initiatives within the team.
• Establish and monitor operational processes and workflows to enhance efficiency and productivity.
• Implement best practices, monitor key performance indicators (KPIs), and develop strategies to achieve operational excellence.
• Ensures a safe, secure, and compliant work environment.
• Build and manage a high-performing team, including hiring, training, and development.
• Provide leadership to the team, including setting goals/objectives, providing guidance/feedback, and ensuring the team's overall success.
• Identify skill gaps within the team and develop strategies for filling those gaps. Support employee development through training, mentoring, and coaching. Identify high-potential employees and create succession plans.

Duties & Responsibilities:

• Define and own the company IT and security strategy, aligning infrastructure, systems, and risk posture with company growth, product evolution, and regulatory requirements.
• Build, lead, and scale a high-performing IT and Security organization, establishing clear operating models, priorities, and accountability across IT and security operations.
• Oversee end-to-end IT operations and employee technology experience, including onboarding/offboarding, identity and access management, device lifecycle, and enterprise tooling.
• Own and mature the security program, including governance, risk management, security architecture, vulnerability management, and threat detection and response (SOC).
• Drive the management —in partnership with our compliance committee — of risk, compliance, and audit, leading HIPAA and SOC 2 readiness, managing audits, and ensuring continuous compliance through strong policies, controls, and documentation.
• Partner cross-functionally with Engineering, Product, Data, Legal, and People teams to embed security and IT best practices into systems, development lifecycles, and business operations.
• Drive company initiatives to enhance system reliability, scalability, security, and business continuity, including disaster recovery planning and resilience of critical systems.
• Own the IT vendor and partner strategy, including selection, negotiation, performance management, and cost optimization while maintaining high security and service standards.
• Establish and report on KPIs and metrics for IT performance, security posture, and risk, providing actionable insights to executive leadership.
• Act as a trusted advisor to leadership, guiding decisions on technology investments, emerging threats, and trade-offs between risk, cost, and speed.
• Own the company's AI governance framework, including acceptable use policies, tool evaluation processes, and an enterprise-wide AI inventory and risk register.
• Define standards for embedding AI tools into workflows and business processes, ensuring integration architecture, data flows, and security controls align with compliance obligations.
• Own data classification standards and data loss prevention strategy, ensuring sensitive data — including PHI — is identified, categorized, and protected in alignment with HIPAA and other regulatory requirements.
• Leverage AI tools as a core part of daily work (drafting, research, iteration) to improve efficiency, quality, and decision-making.

Required Skills:

• Deep expertise across enterprise security, cloud infrastructure, networking, and IT systems.
• Strong background in security governance, risk management, and compliance frameworks (HIPAA, SOC 2, or similar).
• Proven ability to set strategy and influence executive stakeholders, translating technical concepts into business impact.
• Demonstrated success building and leading high-performing, multi-functional teams.
• Strong cross-functional leadership and systems thinking in complex environments.
• Experience developing AI governance frameworks, acceptable use policies, or responsible AI programs.
• Excellent communication skills, including experience with executive-level presentations and company-wide initiatives.
• Expertise in identity and access management and enterprise tooling (Google Workspace, JAMF/MDM, Okta/OneLogin, Slack, etc.).
• Experience defining and operationalizing metrics and performance frameworks.
• Comfort using AI tools in day-to-day workflows, with a willingness to continuously rethink and improve how work gets done.
• Curiosity and openness to experimenting with new tools and approaches; prior experience with AI tools is a plus.

Education & Experience:

• Minimum 10 years of IT or technical security experience, with at least 6 years in a leadership role.
• Proven track record of scaling enterprise IT and security programs in high-growth startup environments.
• Experience partnering with executive teams on strategic technology decisions.
• Hands-on experience managing enterprise security operations, cloud environments, and IT infrastructure.
• Proven track record of leading security audits, risk assessments, and compliance initiatives.
• Experience with scripting, automation, and system integrations to streamline IT operations.

Preferred Qualifications:

• IT or security certifications (CISSP, CISM, CompTIA Security+, or equivalent).
• Prior experience in healthcare or HIPAA-regulated environments.
• Experience leading remote or hybrid IT teams.
• Advanced knowledge of security automation, threat detection, and response tools.

Octave's Company Values:

The below values drive our day-to-day operations.

• We’re human beings first. We operate with empathy and kindness – with our clients, with our collaborators, and with ourselves.
• People deserve better than status quo. We’re willing to tackle the intractable problems, no matter how big, because someone should. We ask big questions, we craft big solutions, and we challenge ourselves and others to make it happen.
• No bystanders. No stars. No tourists. Each person has been selected to be here, and with that comes a responsibility to bring your expertise, share your ideas, and help make this company better.
• Partnership paves the path ahead. We don’t operate in a silo, internally or externally. To transform the system, we believe in working with others to create something bigger, better, and stronger.
• Quality is crucial at scale. Quality is core to our business, and we refuse to sacrifice it as we grow.
• Progress is a process. In the pursuit of progress, we iterate, reflect, learn, adjust – and always leave things better than we found them.
• There are people behind every data point. We recognize that numbers tell only one part of the story, and we also do the work to understand impacts at the individual level.

Physical Requirements:

• Prolonged periods sitting at a desk and working on a computer.
• Must be able to frequently communicate with others through virtual meeting applications such as Zoom and Google Meet.
• Must be able to observe and communicate information on company provided laptop.
• Move up to 10 pounds on occasion.
• Must be eligible to work in the United States without sponsorship now or in the future.

Compensation, Equity & Incentives:

Base Salary Range Octave is committed to pay equity and transparency. Our salary ranges are determined by role, level, and location/ zone. Final pay within the posted range will be decided based on a combination of job-related factors, including education, training, experience, and market demands.

• Geo 1 (All other states & D.C.): $190,200 - $206,500
• Geo 2 (CO, HI, MD, RI): $209,200 - $220,000
• Geo 3 (AK, CA, CT, MA, NJ, NY, WA): $218,700 - $220,000

Variable Compensation & Equity

• Performance Bonus: This role is not currently eligible for bonus incentives.
• Equity Awards: This role is eligible to participate in Octave’s equity program via Stock Options, subject to the terms of the applicable Equity Incentive Plan.
• Remote Work Stipend: New full-time employees receive a $300 equipment reimbursement to support a home office setup.
• Internet & Phone Reimbursement: Full-time employees are eligible for a monthly reimbursement of up to $75 for internet and cell phone related expenses.

Octave is committed to pay equity and transparency. Octave will not discharge or in any other manner coerce, intimidate, threaten, discriminate or retaliate against employees or applicants because they have: (i) inquired about, discussed, compared, or disclosed their own wages, benefits, or other compensation, or the wages, benefits, or other compensation of another employee or applicant; (ii) asked Octave to provide a reason for the employee's wages or lack of opportunity for advancement; or (iii) aided or encouraged others in exercising their rights to discuss wages, compensation, or benefits, or to seek pay equity.

However, except as otherwise provided by law, employees who have access to the compensation information of other employees or applicants as part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) in compliance with the company's legal duty to furnish information under applicable law .

Comprehensive Benefits:

At Octave, we believe in supporting the "human being first". Here’s a snapshot of the benefits available to eligible employees:

• Health & Wellness: Choose what works best for you with one High Deductible Health Plan (HDHP) and two PPO medical plan options, plus comprehensive Dental and Vision coverage.
• Medical Support: Enjoy access to a company-sponsored membership with One Medical for convenient, modern care.
• Retirement: Plan for your future with a 401(k) that offers both traditional and Roth options.
• Paid Time Off: Time to recharge matters. Take advantage of a generous time off policy, up to 15 paid company holidays, and accrued sick time.
• Financial Protection: We’ve got you covered with company-paid Life, AD&D, and Disability insurance, plus optional extras like Pet, Legal, and Worksite plans (Critical Illness, Hospital Indemnity, and Accident).
• Parental Leave (Bonding Time): Growing your family? Full-time employees can take paid bonding leave after 6 months, whether it’s a new baby, adoption, or foster placement. Time off increases with tenure.
• Growth: Keep learning and leveling up with professional development reimbursement for role-related growth opportunities.

How We Use Technology in Hiring:

As part of our hiring process, we may use technology tools, including AI-supported systems, to assist with reviewing applications or documenting interviews. These tools are designed to support our team, not replace human judgment, and final hiring decisions are always made by our team.

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Application Instructions:

Please complete the following application. Please note that the U.S. Equal Opportunity Employment Information questions below are used for the purposes of EEOC reporting and are optional to complete. Octave is unable to change these questions and we acknowledge that many of the U.S. Equal Opportunity Employment Information questions are not inclusive or affirming of all aspects of cultural identity. Octave is committed to an inclusive workplace environment, and this information will not inform how we approach hiring or employment.