Skip to content
StediStediUnited States

Head of Security

Leads end-to-end security program for healthcare clearinghouse, owning policies, incident response, compliance (SOC 2, HIPAA, HITRUST), and risk advisory. Requires deep cloud security expertise, regulatory knowledge, and hands-on technical leadership in AWS environments.

Salary not listed
RemoteSecurity Engineering

About the role

What you'll do

  • Own and build Stedi's security program end-to-end, including policies, controls, procedures, security tooling, training, vulnerability management, vendor risk, and more.
  • Be a strong hands-on contributor from day 1 while also building a roadmap for scaling the security function as the company continues to grow.
  • Advise on security risk tied to product decisions, architecture, and partnerships.
  • Leverage our best-in-category security posture to unlock new customers and strategic relationships.
  • Partner with Engineering to maintain security excellence while minimizing development friction.
  • Lead breach preparedness and incident response: build, test, and own the Security Incident Response Plan, Disaster Recovery, and Business Continuity programs.
  • Represent Stedi in conversations with customer and partner security leadership teams, and provide clear, regular reporting on security posture and risk to the executive team and board.
  • Partner with Legal on regulatory obligations, breach notification requirements, and the legal dimensions of security incidents.
  • Build mechanisms for continuous security improvement, and establish practical, role-appropriate security training across the company.

Who you are

  • Significant experience owning security programs in cloud-native environments.
  • Deep technical ability in the security domain and enough working knowledge to have high-bandwidth discussions with application engineers.
  • Strong legal and regulatory instincts – you have the ability to understand legal issues and can speak credibly with regulators; healthcare or HIPAA experience is a strong plus.
  • Opinionated but pragmatic, with strong judgment about where rigor matters most and a bias toward solutions over problems.
  • Exceptional communicator: you can explain security risk clearly to engineers, executives, customers, and regulators, in writing and in person.
  • You’re excited to use automation and modern tooling to eliminate toil and raise the bar, not to build bureaucracy.

Skills

AWSSOC 2HIPAAHitrustDlpIAMVulnerability ManagementIncident ResponseSecurity Incident Response PlanVendor Risk ManagementCloud SecurityScps
GameChanger

Director, Information Security & Technology

GameChangerNew York, NY

Lead GameChanger's Information Security and IT Operations as Director. Own multi-year security strategy, lead multidisciplinary teams across product security, cloud/AI security, SecOps, GRC, and internal tech support. Partner with executive leadership and parent company DSG while building security culture. Requires 10+ years security experience including people management.

220k – 240k/yr
Remote10+ YOESecurity Engineering
Casca

Head of Security & Compliance

CascaSan Francisco, CA

Lead security and compliance for an AI-native banking startup. Build security tooling, manage a team of appsec engineers, own compliance (SOC 2, ISO 27001), and secure AI agent workflows.

200k – 255k/yr
On-site5+ YOESecurity Engineering
Harvey

Head of Security Engineering

HarveySan Francisco, CA +1

Lead and scale the security engineering organization, owning IAM strategy, security tooling, and foundational security platforms that enable rapid, secure product development.

285k – 350k/yr
Hybrid10+ YOESecurity Engineering
Fable Security

Head of IT & Information Security

Fable SecurityUnited States

Lead security, compliance, and IT functions including SOC 2, ISO 27001, privacy, risk management, and external industry presence. Requires 7+ years in security/compliance/IT with direct experience leading compliance programs.

160k – 225k/yr
Remote7+ YOESecurity Engineering
DuckDuckGo

Privacy Engineering Director

DuckDuckGoUnited States

Lead privacy engineering initiatives across private browsing, search, and agentic products. Own complex privacy projects from definition to delivery, evolve review processes, and grow privacy engineering talent.

244k – 244k/yr
Remote10+ YOESecurity Engineering