Lead NexHealth's security governance, compliance, IT operations, and incident response. Build and scale the security program and team from the ground up while partnering with engineering and leadership.
175k – 220k
On-site8+ YOESecurity Engineering
About the role
What You'll Do
Own NexHealth's security governance, compliance, and IT programs end-to-end.
Serve as named Information Security Officer and Privacy Officer for SOC 2 and HIPAA — own the policy manual (40+ documents), audit liaison relationship with A-LIGN, control mapping across overlapping regimes, and evidence collection pipelines.
Set security standards across application security, vulnerability management, cloud security (AWS), audit logging, and access controls — driving the technical program through Engineering via influence, not direct authority.
Build, hire, and develop the IT and workforce security program: endpoints, identity, SaaS administration, phishing simulations, role-specific training modules, and facilities security.
Own vendor security: intake, classification, assessment, BAA execution, ongoing oversight, and customer-facing trust artifacts including Trust Center and subprocessor disclosure.
Lead incident response in Officer capacity; partner with outside counsel on breach determinations, own IR tracking, and run annual tabletop exercises.
Own the risk register, risk acceptance decisions, privacy operations (DSARs, data subject rights, privacy complaints), BC/DR plan, and cyber insurance relationship.
Hire a Staff-level IT IC within year one and grow the function from there.
What You'll Bring
8+ years of relevant security experience, including 3+ years in a security leadership role where you were materially building the program, not maintaining it.
Has built (not inherited) a security program from a near-zero baseline at least once.
Has owned a recurring external audit cycle end-to-end (e.g., SOC 2, ISO, PCI, HITRUST) — designed evidence collection, mapped controls, ran the auditor relationship, and made the next cycle materially easier than the last.
Software engineering background. Can read a pull request, evaluate cloud configurations, and push back on Engineering with technical substance.
Experience hiring and developing senior security or IT individual contributors.
Hands-on experience with security tools and technologies such as SIEM, MDR, IDS/IPS, WAF, DLP, and vulnerability scanners.
You've reshaped how a company engages with auditors, regulators, or customer security teams — moved questionnaires to Trust Centers, audits from manual to automated, or vendor reviews from one-off projects to continuous programs.
You drive sustained operational change in functions you don't manage.
You treat engineering velocity as a security input. Slow shipping creates security risk too.
You can frame risk for a Board-level audience and for an engineering audience in the same week.
First-principles thinker.
Writes. NexHealth runs on documents; verbal-first operators struggle here.
Comfortable being the ranking voice on policy and risk.
Benefits
Full Medical, Dental, and Vision (up to 100% covered)
401K and commuter benefits
Flexible PTO
High-impact work that directly improves the healthcare experience for millions
Leads technical security, compliance (SOC 2, GDPR, ISO 42001), vulnerability management, and infrastructure hardening for a fast-growing fintech. Requires 3-7 years in security engineering with hands-on AWS, vuln tooling, and audit experience.
185k – 300k
On-siteSecurity Engineering
Head of IT & Information Security
Fable SecurityUnited States
Lead security, compliance, and IT functions including SOC 2, ISO 27001, privacy, risk management, and external industry presence. Requires 7+ years in security/compliance/IT with direct experience leading compliance programs.
160k – 225k
Remote7+ YOESecurity Engineering
Head of Security & Compliance
CascaSan Francisco, CA
Lead security and compliance for an AI-native banking startup. Build security tooling, manage a team of appsec engineers, own compliance (SOC 2, ISO 27001), and secure AI agent workflows.
200k – 255k
On-site5+ YOESecurity Engineering
Head of Security
TatariNew York, NY +2
Lead security engineering team and roadmap for a late-stage AdTech SaaS company. Own incident response, risk management, AWS/K8s security, and compliance programs including SOC 2.
200k – 250k
Hybrid7+ YOESecurity Engineering
Head of Security
ParallelPalo Alto, CA +1
Lead security strategy and program for AI web infrastructure platform. Own security posture, compliance, and customer trust as the technical security leader for engineering and leadership teams.