Job Title: Director of Security & ComplianceWe're hiring a Director of Security & Compliance to own and build our security program. This is a high-impact role where you'll define our security architecture, lead our HITRUST certification effort as technical owner, and protect the patient data at the heart of our platform. You'll work as a hands-on player-coach, partnering closely with engineering and compliance to keep us secure without slowing us down. If you enjoy high ownership, building programs rather than inheriting them, and being the senior-most security voice in a fast-growing company, this role is for you.
What You'll Achieve: A Glimpse into Your Contributions- Own and drive the company-wide security strategy and roadmap, balancing risk reduction with the speed of a Series C product organization
- Serve as the owner for HIPAA compliance and our ongoing HITRUST certification effort, implementing and operating the underlying controls
- Serve as the senior-most security voice in the company, advising executive leadership on risk posture, security investments, and tradeoffs
- Implement and operate technical security controls: vulnerability management, endpoint protection, logging and monitoring, detection and response
- Lead incident response, including playbook development, on-call structure, tabletop exercises, and post-incident reviews
- Build the security team over time, starting as a hands-on player-coach and hiring once the program scales
What You'll Bring: The Skills and Experience You'll LeverageWe believe that diverse experiences and backgrounds lead to better solutions. While we have an idea of what will help someone succeed in this role, we are open to being convinced by your unique story and skills. If you believe you can achieve the outcomes above, we encourage you to apply.
Core Skills & Experience:- 8+ years in security, compliance, or information security, with at least 2-3 years as a senior leader or subject matter expert at a startup or growth-stage company
- Direct experience owning HIPAA, HITRUST, and/or SOC 2 compliance end to end - designing, implementing, operating, and auditing the relevant security controls and policies
- Experience leading incident response, from detection through remediation and postmortem
- Experience designing and implementing both technical and non-technical security controls: MDM, IAM, endpoint protection, access policies, vulnerability management
- Strong cross-functional communication: able to explain risk and compliance requirements to executives, work credibly alongside engineers, and represent our posture to enterprise customers and auditors
- Comfort operating as a player-coach - willing to be hands-on-keyboard while building the function
- Preferred: Track record of building security programs from early maturity: you've written the first policies, stood up the first tooling, and made pragmatic risk tradeoffs rather than inheriting a mature program
Benefits:- Competitive compensation.
- Opportunities for rapid career advancement in a growing company.
- 100% premium coverage for health insurance.
- 401(k) with no matching at this time.
This is a hybrid role based in our New York office and will require you to be in the office 4x in a week.
