Job Description

OUR MISSION

We exist to create a more connected, compassionate, and confident experience for people with cancer and those who care for them. We make it easier to get answers, access high-quality care quickly, and feel supported throughout treatment and beyond.

Today, Thyme Care is a market-leading value-based oncology care enabler, partnering with national and regional health plans, providers, and employers to deliver better outcomes and lower costs for thousands of people across the country. Our model combines high-touch human support with powerful technology and AI to bring together everyone involved in a person’s cancer journey: caregivers, oncologists, health plans, and employers.

As a tech-native organization, we believe technology should strengthen the human connection at the center of care. Through data science, automation, and AI, we simplify complexity, improve collaboration, and help care teams focus on what matters most: supporting people through cancer.

Looking ahead, our vision is bold: to become a household name in cancer care, where every person diagnosed asks for Thyme Care by name. If you’re inspired to make cancer care more human and to help reimagine what’s possible, we’d love to meet you. Together, we can build a future where every person with cancer feels truly cared for, in every moment that matters.

WHAT YOU’LL DO

As the VP of Security, you will report to our SVP of Engineering and lead the security function of the organization. You will define and execute a long-term security strategy that protects sensitive health data, enables AI innovation, and supports enterprise growth. In this role, you will operate as both executive leader and hands-on technical partner—remaining close to architecture, risk decisions, and engineering workflows while building a security organization designed to scale.

• Build and lead a high-impact security organization, including future GRC, SecOps, and AI-focused security capabilities
• Design and evolve a security architecture that protects sensitive health data while enabling rapid product development
• Partner deeply with Engineering and Data Science teams to embed secure-by-design principles into architecture and the SDLC
• Establish clear ownership, accountability, and measurable security outcomes across the organization.
• Lead the implementation of strong identity, access, and data protection strategies grounded in least-privilege and thoughtful segmentation
• Oversee cloud security (AWS), infrastructure hardening, and corporate device management strategy, including logging, monitoring, and incident response capabilities.
• Partner closely with our Head of AI to strengthen governance and proactively address emerging risks across LLM-powered workflows and AI-enabled products
• Lead SOC 2 Type 2 efforts and guide the organization toward HITRUST certification
• Support enterprise sales through security diligence, security and AI questionnaires, and customer conversations
• Serve as a trusted advisor to executive leadership and, as needed, the Board of Directors on security strategy and risk

WHAT YOU’VE DONE

• Built and scaled security programs in healthcare or other regulated, sensitive-data environments, establishing clear accountability and measurable risk reduction
• Developed and implemented modern cloud security architectures, particularly within AWS
• Strengthened identity and access management practices, data protection strategies, and secure SDLC processes
• Led or owned SOC 2 programs (HITRUST exposure is a plus, but not required)
• Influenced engineering leadership and product strategy to reduce meaningful risk without slowing product velocity
• Navigated ambiguity in high-growth startup environments and built systems designed to scale
• Established credibility as both a strategic leader and hands-on technical contributor

WHAT LEADS TO SUCCESS

A patient-first approach. You understand that protecting sensitive health data is a fundamental responsibility tied directly to our mission
Technical depth. You bring strong expertise in cloud security, IAM, secure architecture, and modern AI risk landscapes - engineers trust your judgment and seek your input early
Cross-functional leader. You collaborate well across departments, aligning security decisions with company priorities and shared goals
Balanced risk judgement. You create clarity around tradeoffs, reduce meaningful risk without creating unnecessary friction, and help the organization move forward towards improving patient care with cutting edge technology
Builder mindset. You’ve built teams and systems from the ground up and know how to scale them thoughtfully
Comfort with ambiguity. You thrive in fast-paced, evolving environments where priorities shift quickly
Executive presence. You communicate clearly and confidently with executives, customers, and Board members

OUR VALUES

At Thyme Care, our core values guide us in everything we do: Act with our members in mind, Move with purpose, and Seek diverse perspectives. They anchor our business decisions, including how we grow, the products we make, and the paths we choose—or don’t choose.

Our salary ranges are based on paying competitively for our size and industry, and are one part of the total compensation package that also includes equity, benefits, and other opportunities at Thyme Care. Individual pay decisions are based on several factors, including qualifications, experience level, skillset, and balancing internal equity relative to other Thyme Care employees. The base salary for this role is $272,000-$320,000.The salary range could be lower or higher than this if the role is hired at another level. This position is also bonus-eligible.

We recognize a history of inequality in healthcare. We’re here to challenge the status quo and create a culture of inclusion through the care we give and the company we build. We embrace and celebrate a diversity of perspectives in reflection of our members and the members we serve. We are an equal-opportunity employer.

Be cautious of recruitment fraud, and always confirm that communications are coming from an official Thyme Care email.