HealthEquity, Inc.

Returning Candidate?

Chief Information Security Officer

Chief Information Security Officer

Job Locations 

More information about this job


About HealthEquity


HealthEquity empowers Americans to build health savings for life through Health Savings Accounts (HSAs). Established in 2002 with the aim of transforming healthcare by helping Americans better save and spend their health care dollars, HealthEquity’s 3.5 million members at the end of its most recent fiscal quarter make it the largest independent HSA custodian nationwide. HealthEquity is headquartered in Draper, Utah, in the Salt Lake Valley. It is a public company with stock traded under the symbol HQY. HealthEquity has established an enviable record of shareholder value creation since its initial public offering in 2014 by consistently delivering on its commitments to rapid growth, rising profitability and demonstrable competitive advantage.


Vision and Mission


With consumers shouldering more first-dollar responsibility for their medical costs, our mission is to give every American family an HSA and the support to spend and save wisely, and in doing so, to save American healthcare, by giving the healthcare system the incentive to deliver affordable, quality, consumer centered care. We measure incremental progress towards that vision based on the growth of our members' assets under HealthEquity's management, which has accelerated rapidly, from $10 million in 2006, to $100 million in 2009, to $1 billion in 2011 and more than $5 billion today.

Still, we believe these are early days. Today, Americans have just $34 billion in HSA assets market-wide, according to Devenir Research. We believe that figure will rise to between $600 billion and $1 trillion at market maturity, transforming how Americans consume healthcare and save for retirement. HealthEquity intends to lead that change in a positive direction.




HealthEquity’s more than 1,000 team members embrace a unique culture symbolized by the purple in the Company’s logo and branding. Being “purple” means being remarkable, standing out from the crowd by going above and beyond to help others, including customers, fellow team members, business partners, and our community. To keep its culture strong in the context of rapid growth, HealthEquity has a deliberate strategy to develop talented team members for promotion. About 40% of new positions at HealthEquity are filled by existing team members and another 30% from team member referrals.


Job Summary


This executive position will report directly to the Chief Executive Officer.  The Chief Information Security Officer, (CISO) will be an influential, collaborative, and passionate leader, serving as a central point of strategic planning, coordination and execution of cyber and information security activities across the company. This role will directly manage our information security team focused on physical security, application and software development security, identity and access management, infrastructure security, cloud computing security, contracting, sales support including presentations to potential customers, compliance, and incident response.  The CISO will work across multiple departments to bring a holistic approach to the company’s information security initiatives.


As a member of the executive team, the CISO will have previous hands-on experience with complex Information Security solutions and business applications, communicate clearly, and juggle multiple priorities in a fast-paced environment. This role supports and provides critical analyses and insights to help drive business decisions in a dynamic and fluid organization. This role focuses on staying abreast of the latest thought leadership, technology, and industry developments around cybersecurity, is the primary liaison to peers, partners, and law enforcement as it relates to security activities and incident response.


Job Duties

  • Define the InfoSec vision, strategy and lead the team to execute on that strategy.
  • Develop the InfoSec program and implement the associated cross functional working processes.
  • Cross organization communication, reports related to InfoSec status and associated risk levels.
  • Strong leadership and process development skills
  • Excellent organization and decision-making skills
  • Drive process for security assessments, initiative prioritization, and scoping.
  • Establish recurring and long-range security and compliance goals and KPIs.
  • Further develop, maintain, and run the Information Security Management System (ISMS) and related enterprise-wide policies and programs to ensure information assets are protected, technology systems are secure, and security and business continuity risk/reward decisions are balanced and comply with external regulatory requirements while maintaining an understanding of the challenges facing the business.
  • Define metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
  • Coordinate with the Privacy and Product Teams to ensure security and privacy by default and design practices are followed in product lifecycle.
  • Recruit and retain high-performing cybersecurity talent. Mentor and directly manage the team towards its core mission.
  • Participate and contribute to internal and external audits, including partner assessments, relevant to information security and compliance.
  • Create education and awareness programs and advise teams at all levels on security issues, best practices, and vulnerabilities.
  • Keep abreast of security incidents and act as primary control point during significant information security incidents.
  • Enhance an incident response program and protocol. Convene the Security Incident Response Team as needed to address and investigate security incidences that arise as well as review changes that have the opportunity to introduce greater risk to the organization.
  • Perform special projects and other duties as assigned.


  • BS or MS (preferred) in an Information Technology related field, or equivalent relevant experience.
  • 12 years of professional experience in technical environments, with at least 4 of those years focused on cybersecurity and at least 10 years of management experience.
  • Experience in a complex financial services and/or healthcare environment.
  • Deep knowledge of regulatory/compliance requirements.
  • An active and engaging thought leader who can plan, manage and execute on deliverables. Graceful and controlled under pressure.
  • Experience leading teams and leading projects with the highest level of integrity and management of confidential information.
  • A collaborative team player – concerned with the team’s success as well as individual performance.
  • Curious and energetic. Avid student of changing industry requirements and the technologies that drive results.
  • Ability to manage multiple priorities and meet deadlines in a fast-paced environment with attention to detail to ensure highest level of quality in reports and analysis.
  • Excellent problem solving, critical thinking, and analytical abilities. High tolerance for ambiguity and complexity, and efficient with limited resources. Intellectual curiosity and passion to drive results. Enthusiastic advocate of security.
  • Strong Knowledge of following technologies and standards:
    • Identity Management
    • LAN/WAN Network security, VPNs and firewalls
    • Endpoint protection, device and mobile security
    • Cloud security & Data encryption
    • Intrusion Detection and Prevention
    • ISO, ANSI, and NIST standards around cybersecurity
    • ISO / IEC 27002, ISACA and COBIT
    • State and Federal laws governing public companies as related to Information Security


HealthEquity, Inc. is a proud promoter of equal opportunities for training, compensation, transfer, promotion, and other aspects of employment for all qualified applicants and employees. HealthEquity, Inc. support Equal Employment Opportunities without regard to sex, race, color, religion, national origin, age, disability, sexual orientation or veteran status when hiring – under federal, state and local laws.   Active supporters of the Corporate and Individual Parity Pledge™ for gender parity at the highest levels of business.