# Head of Security

**Company:** [Stedi](https://hotfix.jobs/companies/stedi)
**Location:** Remote
**Role:** Security Engineering
**Skills:** AWS, SOC 2, HIPAA, Hitrust, Dlp, IAM, Vulnerability Management, Incident Response, Security Incident Response Plan, Vendor Risk Management, Cloud Security, Scps
**Posted:** 2026-04-30

> Leads end-to-end security program for healthcare clearinghouse, owning policies, incident response, compliance (SOC 2, HIPAA, HITRUST), and risk advisory. Requires deep cloud security expertise, regulatory knowledge, and hands-on technical leadership in AWS environments.

## Job Description

## What you'll do

- Own and build Stedi's security program end-to-end, including policies, controls, procedures, security tooling, training, vulnerability management, vendor risk, and more.
- Be a strong hands-on contributor from day 1 while also building a roadmap for scaling the security function as the company continues to grow.
- Advise on security risk tied to product decisions, architecture, and partnerships.
- Leverage our best-in-category security posture to unlock new customers and strategic relationships.
- Partner with Engineering to maintain security excellence while minimizing development friction.
- Lead breach preparedness and incident response: build, test, and own the Security Incident Response Plan, Disaster Recovery, and Business Continuity programs.
- Represent Stedi in conversations with customer and partner security leadership teams, and provide clear, regular reporting on security posture and risk to the executive team and board.
- Partner with Legal on regulatory obligations, breach notification requirements, and the legal dimensions of security incidents.
- Build mechanisms for continuous security improvement, and establish practical, role-appropriate security training across the company.

## Who you are

- Significant experience owning security programs in cloud-native environments.
- Deep technical ability in the security domain and enough working knowledge to have high-bandwidth discussions with application engineers.
- Strong legal and regulatory instincts – you have the ability to understand legal issues and can speak credibly with regulators; healthcare or HIPAA experience is a strong plus.
- Opinionated but pragmatic, with strong judgment about where rigor matters most and a bias toward solutions over problems.
- Exceptional communicator: you can explain security risk clearly to engineers, executives, customers, and regulators, in writing and in person.
- You’re excited to use automation and modern tooling to eliminate toil and raise the bar, not to build bureaucracy.

## Similar roles

- [Director, Information Security & Technology](https://hotfix.jobs/jobs/206a3607-4d09-42a8-8ff7-ff8d9b3096f3) - GameChanger - Remote - $220k – $240k/yr
- [Head of Security & Compliance](https://hotfix.jobs/jobs/0c31140a-05ba-40ab-a5aa-12713d69cde4) - Casca - San Francisco, CA - $200k – $255k/yr
- [Head of Security Engineering](https://hotfix.jobs/jobs/367726a8-59a8-46f7-b624-833e1365c048) - Harvey - San Francisco, CA - $285k – $350k/yr
- [Head of IT & Information Security](https://hotfix.jobs/jobs/f30c568f-e311-4782-97f6-8ec02f856c13) - Fable Security - Remote - $160k – $225k/yr
- [Privacy Engineering Director](https://hotfix.jobs/jobs/7a45a3ca-90d8-4d75-bac1-d9537bd8a64f) - DuckDuckGo - Remote - $244k – $244k/yr

**Apply:** https://hotfix.jobs/jobs/791e372e-4bc8-42f3-a3f9-3f024be9d961
**Canonical:** https://hotfix.jobs/jobs/791e372e-4bc8-42f3-a3f9-3f024be9d961