Information Security Lead

Click Therapeutics, Inc., develops, validates, and commercializes software as prescription medical treatments for people with unmet medical needs. As a leading innovator of Digital Therapeutics™, Click delivers accessible, clinically proven, FDA-regulated prescription treatments to the smartphone in your hand. Click’s treatments are defined by a commitment to applying technical and scientific rigor and patient-centric design to the development process. This results in uniquely engaging experiences that achieve compelling clinical outcomes for patients seeking new treatment options.

Click Therapeutics continuously expands and refines its platform with novel cognitive, behavioral and neuromodulatory mechanisms of action and advanced data-driven tools such as artificial intelligence and machine learning. The digital therapeutics under development on Click’s platform address diverse areas of therapeutic need, including indications in psychiatry, neurology, oncology, immunology, and cardiometabolic diseases. Consistently named a best place to work, Click fosters an inclusive, diverse workforce of innovators, clinicians, scientists, researchers, designers, technologists, engineers and more, united in a common mission to provide patients everywhere access to safe and effective prescription digital therapeutics.

For more information, visit  and connect with us on Linked In.

As Information Security Lead, you'll be at the forefront of safeguarding our groundbreaking digital therapeutics. We're seeking an individual with deep technical expertise in information security in the healthcare sector, ready to tackle complex challenges and pioneer innovative solutions. This isn't just a role; it's an opportunity to build, mentor, and inspire a high-performing team, while strategically collaborating across diverse departments to embed security into the very fabric of our revolutionary products.

Your ability to swiftly master new technologies and meticulously adhere to processes in a highly regulated environment will be crucial as you champion information security across every facet of our company and with all our valued partners.

This position is based out of Click’s headquarters located in Tribeca, NYC, at the center of one of the fastest-growing digital health communities. We have a hybrid working model that consists of at least 4 days in office each week.

• Maintain, and continually improve the Information Security Management System (ISMS) to maintain relevant certifications (e.g., ISO 27001, SOC 2, IEC 81001-5-1 and UK Cyber Essentials Plus).
• Lead the technical security aspects of data privacy to ensure compliance with GDPR, CCPA, and HIPAA.
• Lead and mature the company's Security Operations Center (SOC) capabilities, including threat intelligence, monitoring, detection, and analysis.
• Responsible for collecting, analyzing, escalating, and responding to cybersecurity vulnerabilities, threats, and attacks using SIEM and EDR technologies.
• Collaborate with Engineering to ensure Secure Development Lifecycle (SDLC) practices are followed, integrating threat modeling, static/dynamic analysis, fuzz testing, and formal verification into the development process.
• Develop and maintain reporting of Key Performance Indicators (KPIs) of threats and incidents, including incident response timeliness and general observability metrics.
• Oversee security testing activities, including penetration testing and vulnerability scanning.
• Conduct security training and awareness programs for employees to promote a culture of security.
• Oversee all third-party and vendor risk management activities.
• Collaborate with Quality and Regulatory on cybersecurity processes.
• Support regulatory submissions by generating Cybersecurity Quality Management System (QMS) documentation, ensuring compliance with FDA Cybersecurity Guidance (2025), EU MDR, NIST 800-53, IMDRF, and AAMI TIR
  57.

• Experience with in a highly regulated industry such as medical devices, pharmaceuticals, biotechnology, or healthcare.
• Understanding of common security frameworks and standards, including NIST Cybersecurity Framework (CSF), ISO…