Skip to content
NexHealthNexHealthSeattle, WA

Head of IT & Security

Lead NexHealth's security governance, compliance, IT operations, and incident response. Build and scale the security program and team from the ground up while partnering with engineering and leadership.

175k – 220k
On-site8+ YOESecurity Engineering

About the role

What You'll Do

  • Own NexHealth's security governance, compliance, and IT programs end-to-end.
  • Serve as named Information Security Officer and Privacy Officer for SOC 2 and HIPAA — own the policy manual (40+ documents), audit liaison relationship with A-LIGN, control mapping across overlapping regimes, and evidence collection pipelines.
  • Set security standards across application security, vulnerability management, cloud security (AWS), audit logging, and access controls — driving the technical program through Engineering via influence, not direct authority.
  • Build, hire, and develop the IT and workforce security program: endpoints, identity, SaaS administration, phishing simulations, role-specific training modules, and facilities security.
  • Own vendor security: intake, classification, assessment, BAA execution, ongoing oversight, and customer-facing trust artifacts including Trust Center and subprocessor disclosure.
  • Lead incident response in Officer capacity; partner with outside counsel on breach determinations, own IR tracking, and run annual tabletop exercises.
  • Own the risk register, risk acceptance decisions, privacy operations (DSARs, data subject rights, privacy complaints), BC/DR plan, and cyber insurance relationship.
  • Hire a Staff-level IT IC within year one and grow the function from there.

What You'll Bring

  • 8+ years of relevant security experience, including 3+ years in a security leadership role where you were materially building the program, not maintaining it.
  • Has built (not inherited) a security program from a near-zero baseline at least once.
  • Has owned a recurring external audit cycle end-to-end (e.g., SOC 2, ISO, PCI, HITRUST) — designed evidence collection, mapped controls, ran the auditor relationship, and made the next cycle materially easier than the last.
  • Software engineering background. Can read a pull request, evaluate cloud configurations, and push back on Engineering with technical substance.
  • Experience hiring and developing senior security or IT individual contributors.
  • Hands-on experience with security tools and technologies such as SIEM, MDR, IDS/IPS, WAF, DLP, and vulnerability scanners.
  • You've reshaped how a company engages with auditors, regulators, or customer security teams — moved questionnaires to Trust Centers, audits from manual to automated, or vendor reviews from one-off projects to continuous programs.
  • You drive sustained operational change in functions you don't manage.
  • You treat engineering velocity as a security input. Slow shipping creates security risk too.
  • You can frame risk for a Board-level audience and for an engineering audience in the same week.
  • First-principles thinker.
  • Writes. NexHealth runs on documents; verbal-first operators struggle here.
  • Comfortable being the ranking voice on policy and risk.

Benefits

  • Full Medical, Dental, and Vision (up to 100% covered)
  • 401K and commuter benefits
  • Flexible PTO
  • High-impact work that directly improves the healthcare experience for millions

Skills

SIEMMdrIds/IpsWafDlpVulnerability ScannersSOC 2HIPAAAWSIncident Response
Greenboard

Head of Technical Security

GreenboardNew York, NY

Leads technical security, compliance (SOC 2, GDPR, ISO 42001), vulnerability management, and infrastructure hardening for a fast-growing fintech. Requires 3-7 years in security engineering with hands-on AWS, vuln tooling, and audit experience.

185k – 300k
On-siteSecurity Engineering
Fable Security

Head of IT & Information Security

Fable SecurityUnited States

Lead security, compliance, and IT functions including SOC 2, ISO 27001, privacy, risk management, and external industry presence. Requires 7+ years in security/compliance/IT with direct experience leading compliance programs.

160k – 225k
Remote7+ YOESecurity Engineering
Casca

Head of Security & Compliance

CascaSan Francisco, CA

Lead security and compliance for an AI-native banking startup. Build security tooling, manage a team of appsec engineers, own compliance (SOC 2, ISO 27001), and secure AI agent workflows.

200k – 255k
On-site5+ YOESecurity Engineering
Tatari

Head of Security

TatariNew York, NY +2

Lead security engineering team and roadmap for a late-stage AdTech SaaS company. Own incident response, risk management, AWS/K8s security, and compliance programs including SOC 2.

200k – 250k
Hybrid7+ YOESecurity Engineering
Parallel

Head of Security

ParallelPalo Alto, CA +1

Lead security strategy and program for AI web infrastructure platform. Own security posture, compliance, and customer trust as the technical security leader for engineering and leadership teams.

150k – 300k
On-siteSecurity Engineering