Director of Security & IT

📋 Description

• Lead design, implementation, and continuous improvement of a comprehensive security program spanning application security, infrastructure security, data protection, and incident response.
• Implement and manage vulnerability assessments, penetration testing, and security audits to identify and mitigate risks across IT infrastructure and systems.
• Develop and maintain security policies, procedures, and controls aligned to SOC 2 Type II and HIPAA Security Rule requirements.
• Coordinate response to security incidents, including root cause analysis, containment, remediation, and legal reporting requirements.
• Own identity and access management (IAM) strategy, ensuring least-privilege access controls across production systems, cloud environments, and internal tools.
• Implement encryption, access control, audit logging, and other technical safeguards to meet HIPAA security requirements for data at rest, in transit, and during processing.

🎯 Requirements

• 10+ years in security, IT infrastructure, and compliance, with at least 3 years owning a security function in a leadership capacity.
• Experience at a scaling software or AI company (50-1,000 employees) with tradeoffs of building security programs with constrained resources.
• Proven depth in HIPAA compliance, healthcare data protection, and SOC 2 Type II audits.
• Strong understanding of cloud security architecture (AWS), network security, container security, and production access patterns.
• Experience building or significantly maturing security and compliance programs, not solely operating existing ones.
• Demonstrated ability to operate cross-functionally with Engineering, Legal, Finance, and People teams, turning ambiguity into structured execution.