All Jobs
New
Lead design, implementation, and continuous improvement of a comprehensive security program spanning application security, infrastructure security, data protection, and incident response. Implement and manage vulnerability assessments, penetration testing, and security audits to identify and mitigate risks across IT infrastructure and systems. Develop and maintain security policies, procedures, and controls aligned to SOC 2 Type II and HIPAA Security Rule requirements. Coordinate response to security incidents, including root cause analysis, containment, remediation, and legal reporting requirements. Own identity and access management (IAM) strategy, ensuring least-privilege access controls across production systems, cloud environments, and internal tools. Implement encryption, access control, audit logging, and other technical safeguards to meet HIPAA security requirements for data at rest, in transit, and during processing. 10+ years in security, IT infrastructure, and compliance, with at least 3 years owning a security function in a leadership capacity. Experience at a scaling software or AI company (50-1,000 employees) with tradeoffs of building security programs with constrained resources. Proven depth in HIPAA compliance, healthcare data protection, and SOC 2 Type II audits. Strong understanding of cloud security architecture (AWS), network security, container security, and production access patterns. Experience building or significantly maturing security and compliance programs, not solely operating existing ones. Demonstrated ability to operate cross-functionally with Engineering, Legal, Finance, and People teams, turning ambiguity into structured execution.