NexHealth

Head of IT & Security

NexHealth$175K — $220K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 8+ years in security, including 3+ years in a leadership role building security programs.
  • Experience creating a security program from scratch.
  • Ownership of an external audit cycle (e.g., SOC 2, ISO) from design to execution.
  • Background in software engineering for evaluating technical security measures.
  • Proven ability to hire and mentor senior security or IT teams.

Responsibilities

  • Own security governance, compliance, and IT programs end-to-end.
  • Serve as Information Security Officer and Privacy Officer for SOC 2 and HIPAA compliance.
  • Set security standards in application security and vulnerability management.
  • Build and develop the IT and workforce security program from the ground up.
  • Manage vendor security assessments and relationships, including Trust Center artifacts.
  • Lead incident response efforts and collaborate with counsel on breach investigations.
  • Maintain the risk register and oversee privacy operations and cyber insurance.

Benefits

  • Full Medical, Dental, and Vision coverage (up to 100% covered)
  • 401K and commuter benefits
  • Flexible paid time off policy
  • Engagement in impactful work improving healthcare experiences
  • Opportunities for team development in a growing security landscape
Full Job Description
About the Role

NexHealth is a technology company building infrastructure that's reshaping how patient data moves and how the HealthTech ecosystem connects. We're looking for a Security Lead to own our security governance, compliance, IT operations, vendor security, and incident response - establishing the function, embedding strong practices, and partnering closely with engineering, legal, and leadership.

This is a player-coach role with real hands-on expectation in year one. You'll drive the next phase of our security and compliance program, and build your team.
What You'll Do
  • Own NexHealth's security governance, compliance, and IT programs end-to-end.
  • Serve as named Information Security Officer and Privacy Officer for SOC 2 and HIPAA - own the policy manual (40+ documents), audit liaison relationship with A-LIGN, control mapping across overlapping regimes, and evidence collection pipelines.
  • Set security standards across application security, vulnerability management, cloud security (AWS), audit logging, and access controls - driving the technical program through Engineering via influence, not direct authority.
  • Build, hire, and develop the IT and workforce security program: endpoints, identity, SaaS administration, phishing simulations, role-specific training modules, and facilities security.
  • Own vendor security: intake, classification, assessment, BAA execution, ongoing oversight, and customer-facing trust artifacts including Trust Center and subprocessor disclosure.
  • Lead incident response in Officer capacity; partner with outside counsel on breach determinations, own IR tracking, and run annual tabletop exercises.
  • Own the risk register, risk acceptance decisions, privacy operations (DSARs, data subject rights, privacy complaints), BC/DR plan, and cyber insurance relationship.
  • Hire a Staff-level IT IC within year one and grow the function from there.
What You'll Bring
Experience
  • 8+ years of relevant security experience, including 3+ years in a security leadership role where you were materially building the program, not maintaining it.
  • Has built (not inherited) a security program from a near-zero baseline at least once.
  • Has owned a recurring external audit cycle end-to-end (e.g., SOC 2, ISO, PCI, HITRUST) - designed evidence collection, mapped controls, ran the auditor relationship, and made the next cycle materially easier than the last.
  • Software engineering background. Can read a pull request, evaluate cloud configurations, and push back on Engineering with technical substance.
  • Experience hiring and developing senior security or IT individual contributors.


Qualifications
  • Hands-on experience with security tools and technologies such as SIEM, MDR, IDS/IPS, WAF, DLP, and vulnerability scanners.
  • You've reshaped how a company engages with auditors, regulators, or customer security teams - moved questionnaires to Trust Centers, audits from manual to automated, or vendor reviews from one-off projects to continuous programs.
  • You drive sustained operational change in functions you don't manage.
  • You treat engineering velocity as a security input. Slow shipping creates security risk too.
  • You can frame risk for a Board-level audience and for an engineering audience in the same week.

Behavioral Traits
  • First-principles thinker.
  • Writes. NexHealth runs on documents; verbal-first operators struggle here.
  • Comfortable being the ranking voice on policy and risk.


Compensation

Actual salaries will vary depending on factors including but not limited to location, experience, and performance. The range listed is just the base salary component of NexHealth's total compensation package for employees. Other benefits may include stock options, an unlimited paid time off policy, and up to 100% coverage on medical, vision and dental insurance.

NexHealth Compensation Range

$175,000-$220,000 USD

Benefits
  • Full Medical, Dental, and Vision (up to 100% covered)
  • 401K and commuter benefits
  • Flexible PTO
  • High-impact work that directly improves the healthcare experience for millions

About NexHealth

NexHealth is a healthcare technology company that provides a patient experience management platform for healthcare providers. The platform helps healthcare providers to improve patient engagement, streamline operations, and increase revenue. NexHealth's platform is used by healthcare providers in over 1,000 locations across the United States. The company was founded in 2016 and is headquartered in New York, New York.
Learn more about NexHealth
Size
50 employees
Industry
Founded
2017

Similar Jobs

More Jobs at NexHealth

  • NexHealth
    Senior Account Executive
    $160K — $190K *
    New York, NY 10025 (New York County)
    Healthcare
    In-Person
  • NexHealth
    Senior Account Executive
    $160K — $190K *
    Miami, FL 33186 (Miami-Dade County)
    Enterprise Technology
    In-Person
  • NexHealth
    Account Executive
    $120K — $140K *
    Miami, FL 33186 (Miami-Dade County)
    Healthcare
    In-Person
  • NexHealth
    Account Executive
    $120K — $140K *
    Austin, TX 78745 (Travis County)
    Enterprise Technology
    In-Person
  • NexHealth
    Account Executive
    $120K — $140K *
    Washington, DC 20011 (District Of Columbia County)
    Healthcare
    In-Person

More Information Technology Jobs

Find similar Head of IT & Security jobs: