Head of Security

Stedi$130K — $180K *
US-AnywhereRemote in United States
Healthcare
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years of experience owning security programs in cloud environments
  • Deep technical expertise in security with hands-on experience
  • Strong understanding of legal and regulatory requirements, ideally in healthcare/HIPAA
  • Ability to communicate security risks to diverse audiences
  • Proven track record of leveraging automation and tooling in security
  • Strong analytical skills with a solution-oriented mindset

Responsibilities

  • Own and enhance Stedi's security program end-to-end
  • Contribute hands-on from day one while creating a growth roadmap
  • Advise on product-related security risks and partnerships
  • Utilize a strong security posture to attract new customers
  • Collaborate with Engineering to ensure security without hampering development
  • Lead incident response and breach preparedness processes
  • Report security status and risks to executive teams
  • Work with Legal on compliance and regulatory obligations

Benefits

  • Opportunity to shape security strategy in a fast-growing company
  • Engagement with cutting-edge technologies and practices in security
  • Collaborative work culture with cross-functional leadership
  • Possibility of scaling the security function with the company growth
  • Hands-on involvement in technical and strategic discussions
  • A strong foundation already in place for security protocols and certifications
Full Job Description
What we're looking for

We are hiring a Head of Security to take full ownership of security at Stedi, reporting directly to the CEO and working at the intersection of engineering, legal, product, and more.

At Stedi, security is job zero. There is nothing more important than securing our systems. This role exists to operationalize that principle across every function of the company.

You won't be building from scratch. We already have SOC 2 Type 2 and HIPAA certifications and will soon have HITRUST R2 certification. We view these compliance items as a baseline starting point and not the final destination. We have invested heavily in security from the earliest days. We have extensive controls across our engineering and IT infrastructure (from SCPs to DLP and everything in between), and 100% of our customer data is processed within AWS without exception. We work extensively with AWS's native tools as well as with AWS teams, including on an IAM access vulnerability that we discovered.

You will own our security function end-to-end: incident readiness, regulatory obligations, customer trust, and the day-to-day fundamentals that enable everything else. You will be the bridge between engineering and legal, working closely with leadership from both teams and the CEO. You'll inherit a strong foundation to scale in our next phase of growth - building out the team, programs, and processes that let a lean company move fast while maintaining a world-class security posture.

What you'll do
  • Own and build Stedi's security program end-to-end, including policies, controls, procedures, security tooling, training, vulnerability management, vendor risk, and more.
  • Be a strong hands-on contributor from day 1 while also building a roadmap for scaling the security function as the company continues to grow. We have a culture where leaders are contributors and are deeply involved in the technical details.
  • Advise on security risk tied to product decisions, architecture, and partnerships.
  • Leverage our best-in-category security posture to unlock new customers and strategic relationships.
  • Partner with Engineering to maintain security excellence while minimizing development friction.
  • Lead breach preparedness and incident response: build, test, and own the Security Incident Response Plan, Disaster Recovery, and Business Continuity programs so Stedi can detect, contain, and recover rapidly in the unlikely event of a significant issue.
  • Represent Stedi in conversations with customer and partner security leadership teams, and provide clear, regular reporting on security posture and risk to the executive team and board.
  • Partner with Legal on regulatory obligations, breach notification requirements, and the legal dimensions of security incidents - be ready to engage directly with regulators should the need ever arise.
  • Build mechanisms for continuous security improvement, and establish practical, role-appropriate security training across the company.


Who you are
  • Significant experience owning security programs in cloud-native environments.
  • Deep technical ability in the security domain and enough working knowledge to have high-bandwidth discussions with application engineers.
  • Strong legal and regulatory instincts - you have the ability to understand legal issues and can speak credibly with regulators; healthcare or HIPAA experience is a strong plus.
  • Opinionated but pragmatic, with strong judgment about where rigor matters most and a bias toward solutions over problems.
  • Exceptional communicator: you can explain security risk clearly to engineers, executives, customers, and regulators, in writing and in person.
  • You're excited to use automation and modern tooling to eliminate toil and raise the bar, not to build bureaucracy.


We've been made aware of individuals impersonating the Stedi recruiting team. Please note:
  • All official communication about roles at Stedi will only come from an @stedi.com email address
  • If you're unsure whether a message is legitimate or have any concerns, feel free to contact us directly at[email protected].

We appreciate your attention to this and your interest in joining Stedi.

At Stedi, we're looking for people who are deeply curious and aligned to our ways of working. You're encouraged to apply even if your experience doesn't perfectly match the job description.

About Stedi

Stedi is a software company that was founded in 2018. The company offers a platform that helps businesses automate their supply chain processes. Stedi's platform is designed to provide a more efficient and cost-effective solution for businesses that need to exchange electronic documents with their trading partners. The company is headquartered in Seattle, Washington.
Learn more about Stedi
Size
50 employees
Industry
Founded
2018

Similar Jobs

More Jobs at Stedi

More Healthcare Jobs

Find similar Head of Security jobs: