Tonal

Director, IT & Security

Tonal$130K — $180K *
Healthcare
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years in IT and security leadership with full functional oversight.
  • Hands-on experience with HIPAA compliance implementation beyond policy writing.
  • Proven track record of building a security program from inception to execution.
  • Broad expertise in identity and access management, endpoint security, and network infrastructure.
  • Skilled in balancing technical system configuration with executive-level risk presentations.
  • Experience managing a comprehensive SaaS portfolio, including vendor negotiations.

Responsibilities

  • Own and manage complete IT operations including onboarding and device lifecycle.
  • Lead HIPAA compliance efforts implementing required technical safeguards.
  • Drive Tonal’s security program functions, from policy creation to incident response.
  • Oversee governance of Tonal's AI tools, including compliance and best practices.
  • Administer the SaaS portfolio, focusing on contract and vendor management.
  • Enhance automation and identity governance frameworks including RBAC.
  • Lead the IT & Security team, managing resources and budget effectively.
  • Maintain and improve IT documentation and processes for operational efficiency.

Benefits

  • Opportunities for professional development and growth.
  • Collaborative work environment valuing diverse perspectives.
  • Chance to work in a fast-paced, dynamic startup setting.
Full Job Description
Overview

We9re looking for a Director of IT & Security to own this function end-to-end. This role carries the highest privileges across our most sensitive systems and direct accountability for IT and security outcomes company-wide. You9ll report to the VP of Business Technology and work closely with senior leadership. The ideal candidate has a start-up mentality - comfortable moving fast in a lean, resource-constrained environment, while never losing sight of the security and compliance discipline a healthcare-adjacent company requires.

What You Will Do
  • Own end-to-end IT operations, including device lifecycle, onboarding/offboarding, SaaS administration, identity and access management, help desk, and office infrastructure across all locations.
  • Lead the technical controls side of Tonal9s HIPAA compliance program, implementing the safeguards required by the HIPAA Security Rule and HITECH Act - encryption, SIEM, MDM/EDR, and role-based access.
  • Own and execute Tonal9s security program: penetration testing remediation, security policy, tabletop exercises, vendor security reviews, and incident response.
  • Govern Tonal9s AI tool ecosystem, including licensing, spend, API key governance, corporate AI policy, and DLP and prompt injection protections. Drive AI training and best practices across the organization.
  • Administer Tonal9s SaaS portfolio, owning contract renewals, license optimization, and vendor negotiations across critical platforms.
  • Drive automation and identity governance maturity, including Okta Identity Governance, expanding SCIM-based provisioning, building & enforcing RBAC frameworks, and driving workflow automation and system integration.
  • Lead and grow the IT & Security team, managing engineers and administrators, overseeing the virtual CISO engagement, owning the budget and aligning org structure to Tonal9s needs.
  • Own IT documentation and process improvement, maintaining runbooks and closing gaps in onboarding, offboarding, and incident response, and driving overall automation.
  • Manage global physical infrastructure - networking, Wi-Fi, AV, and physical access - across a distributed, multi-office footprint.
  • Serve as a trusted operator on Tonal9s most sensitive matters, from executive access provisioning to security incidents and legal holds.
  • Report regularly to senior leadership and the C-suite, translating IT & Security roadmap priorities, progress, technical risk and incident management into clear, actionable narratives.


Who You Are
  • 10+ years in IT and security leadership, with full functional ownership and experience across identity and access management, endpoint security, SaaS administration, network infrastructure, and security program management.
  • Hands-on HIPAA compliance implementation experience, beyond writing policies
  • Track record of building a security program from the ground up: policy, penetration testing, and real incident response
  • Broad expertise across identity and access management, endpoint security, SaaS administration, and network infrastructure
  • Equally comfortable configuring technical systems and presenting security risk to executive leadership
  • A start-up mindset: thrives in fast-moving, resource-constrained environments without cutting corners on security
  • Proven ability to prioritize with a lean team and limited budget, with outcomes to show for it.
  • Experience managing a large SaaS portfolio, including contract renewals, vendor negotiation, and license governance
  • Strong people leadership skills, setting clear expectations and developing team members
  • High standards of trust, integrity, and discretion, given access to the company9s most sensitive systems


Extra Credit
  • HIPAA compliance roll-out and execution, owning the technical controls end-to-end.
  • Experience with SOC 2 Type II, NIST CSF, or HITRUST in a hands-on implementation capacity
  • Background in healthcare technology, digital health, or clinical-grade software environments

At Tonal, we believe that the unique and varied lived experiences of our teammates contribute to our overall strength. We don9t just appreciate differences, we celebrate them, and we always seek people that represent a wide variety of backgrounds. We9re dedicated to adding new perspectives to the team and designing employee experiences that contribute to your growth as much as you do to ours. If your experience aligns with what we9re looking for (even if you don9t check every single box), send us your application. We would love to hear from you!

About Tonal

Tonal is a fitness technology company that has created an intelligent fitness system that uses digital weights and personalized coaching to help people achieve their fitness goals. The company was founded in 2015 by Aly Orady and has since raised over $450 million in funding. Tonal's system uses machine learning algorithms to create personalized workout plans for users based on their fitness level, goals, and preferences. The system also provides real-time feedback and coaching to help users improve their form and technique. Tonal's technology has been praised for its ability to provide a full-body workout in a compact and convenient package.
Learn more about Tonal
Size
500 employees
Industry
Net Income
-$10 million
Founded
2015
Revenue
$200 million
NASDAQ

Similar Jobs

More Jobs at Tonal

More Healthcare Jobs

Find similar Director, IT & Security jobs: