About the Company:

Octave is a modern behavioral health practice creating a new standard for care delivery that’s both high-quality and accessible. With in-person and virtual clinics in multiple states, the company offers evidence-based individual, couples, and family therapy, while pioneering relationships with payers to make care more affordable through insurance. By raising the bar on how care is delivered and how providers are supported, we are building a sustainable system that values equity, affordability, and effectiveness.

Job Summary:

As the Director of IT & Security, you are the primary architect of the company’s technological resilience and security posture. You provide the strategic vision for a scalable, secure corporate infrastructure that enables rapid business growth while maintaining rigorous compliance. You are not just managing systems; you are owning the overall strategy for risk mitigation, technical governance, and the evolution of the modern workplace.

Management Responsibilities:

• Develops, coordinates, and implements systems, policies, procedures, and productivity standards.
• Foster a positive and collaborative work environment.
• Oversee the planning, execution, and completion of projects and initiatives within the team.
• Establish and monitor operational processes and workflows to enhance efficiency and productivity.
• Implement best practices, monitor key performance indicators (KPIs), and develop strategies to achieve operational excellence.
• Ensures a safe, secure, and compliant work environment.
• Build and manage a high-performing team, including hiring, training, and development.
• Provide leadership to the team, including setting goals/objectives, providing guidance/feedback, and ensuring the team's overall success.
• Identify skill gaps within the team and develop strategies for filling those gaps. Support employee development through training, mentoring, and coaching. Identify high-potential employees and create succession plans.

Duties & Responsibilities:

• Define and own the company IT and security strategy, aligning infrastructure, systems, and risk posture with company growth, product evolution, and regulatory requirements.
• Build, lead, and scale a high-performing IT and Security organization, establishing clear operating models, priorities, and accountability across IT and security operations.
• Oversee end-to-end IT operations and employee technology experience, including onboarding/offboarding, identity and access management, device lifecycle, and enterprise tooling.
• Own and mature the security program, including governance, risk management, security architecture, vulnerability management, and threat detection and response (SOC).
• Drive the management —in partnership with our compliance committee — of risk, compliance, and audit, leading HIPAA and SOC 2 readiness, managing audits, and ensuring continuous compliance through strong policies, controls, and documentation.
• Partner cross-functionally with Engineering, Product, Data, Legal, and People teams to embed security and IT best practices into systems, development lifecycles, and business operations.
• Drive company initiatives to enhance system reliability, scalability, security, and business continuity, including disaster recovery planning and resilience of critical systems.
• Own the IT vendor and partner strategy, including selection, negotiation, performance management, and cost optimization while maintaining high security and service standards.
• Establish and report on KPIs and metrics for IT performance, security posture, and risk, providing actionable insights to executive leadership.
• Act as a trusted advisor to leadership, guiding decisions on technology investments, emerging threats, and trade-offs between risk, cost, and speed.
• Own the company's AI governance framework, including acceptable use policies, tool evaluation processes, and an enterprise-wide AI inventory and risk register.
• Define standards for embedding AI tools into workflows and business processes, ensuring integration architecture, data flows, and security controls align with compliance obligations.
• Own data classification standards and data loss prevention strategy, ensuring sensitive data — including PHI — is identified, categorized, and protected in alignment with HIPAA and other regulatory requirements.

Required Skills:

• Deep expertise across enterprise security, cloud infrastructure, networking, and IT systems.
• Strong background in security governance, risk management, and compliance frameworks (HIPAA, SOC 2, or similar).
• Proven ability to set strategy and influence executive stakeholders, translating technical concepts into business impact.
• Demonstrated success building and leading high-performing, multi-functional teams.
• Strong cross-functional leadership and systems thinking in complex environments.
• Experience developing AI governance frameworks, acceptable use policies, or responsible AI programs.
• Excellent communication skills, including experience with executive-level presentations and company-wide initiatives.
• Expertise in identity and access management and enterprise tooling (Google Workspace, JAMF/MDM, Okta/OneLogin, Slack, etc.).
• Experience defining and operationalizing metrics and performance frameworks.

Education & Experience:

• Minimum 10 years of IT or technical security experience, with at least 6 years in a leadership role.
• Proven track record of scaling enterprise IT and security programs in high-growth startup environments.
• Experience partnering with executive teams on strategic technology decisions.
• Hands-on experience managing enterprise security operations, cloud environments, and IT infrastructure.
• Proven track record of leading security audits, risk assessments, and compliance initiatives.
• Experience with scripting, automation, and system integrations to streamline IT operations.

Preferred Qualifications:

• IT or security certifications (CISSP, CISM, CompTIA Security+, or equivalent).
• Prior experience in healthcare or HIPAA-regulated environments.
• Experience leading remote or hybrid IT teams.
• Advanced knowledge of security automation, threat detection, and response tools.

Octave's Company Values:

The below values drive our day-to-day operations.

• We’re human beings first. We operate with empathy and kindness – with our clients, with our collaborators, and with ourselves.
• People deserve better than status quo. We’re willing to tackle the intractable problems, no matter how big, because someone should. We ask big questions, we craft big solutions, and we challenge ourselves and others to make it happen.
• No bystanders. No stars. No tourists. Each person has been selected to be here, and with that comes a responsibility to bring your expertise, share your ideas, and help make this company better.
• Partnership paves the path ahead. We don’t operate in a silo, internally or externally. To transform the system, we believe in working with others to create something bigger, better, and stronger.
• Quality is crucial at scale. Quality is core to our business, and we refuse to sacrifice it as we grow.
• Progress is a process. In the pursuit of progress, we iterate, reflect, learn, adjust – and always leave things better than we found them.
• There are people behind every data point. We recognize that numbers tell only one part of the story, and we also do the work to understand impacts at the individual level.

Physical Requirements:

• Prolonged periods sitting at a desk and working on a computer.
• Must be able to frequently communicate with others through virtual meeting applications such as Zoom and Google Meet.
• Must be able to observe and communicate information on company provided laptop.
• Move up to 10 pounds on occasion.
• Must be eligible to work in the United States without sponsorship now or in the future.

Compensation:

Octave is committed to pay equity. To maintain our commitment to pay equity, Octave will follow Pay Transparency regulations on all open job postings. Current Pay Transparency laws require companies to include a position's salary or hourly wage range (not including bonuses or equity-based compensation) in any internal or external job posting. This requirement extends to job postings published by a third party at an employer's request.

Octave will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with Octave’s legal duty to furnish information.

Starting pay for qualified applicants will depend on a combination of job-related factors, which may include education, training, experience, location, business needs, or market demands. The expected salary range for this role is set forth below and this range may be modified in the future.

The salary range for zone 1 (all states, excluding those in Zone 2 or Zone 3 [AK, CA, CT, MA, NJ, NY, WA], and D.C.) is $190,200 - $206,500.

The salary range for zone 2 (CO, HI, MD, RI) is $209,200 - $220,000.

All zones are eligible for equity in the form of stock options, plus target bonus incentives based on performance.

Additionally, this position is eligible for the following benefits: company sponsored life insurance, disability and AD&D plans. Voluntary benefits such as 401k retirement, medical, dental, vision, FSA, HSA, dependent care and commuter/parking options are also available. Octave offers generous Paid Time Off as well as paid parental leave benefits.

How We Use Technology in Hiring

As part of our hiring process, we may use technology tools, including AI-supported systems, to assist with reviewing applications or documenting interviews. These tools are designed to support our team, not replace human judgment, and final hiring decisions are always made by our team.

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.