About the role We're seeking an Information Security Lead to enhance and extend security frameworks that protect millions of patients' sensitive healthcare data. You'll architect comprehensive security programs in a highly regulated healthcare environment, ensuring our platform meets the highest standards of data protection while enabling seamless patient care experiences that leverage leading-edge AI and technology. This is a high-impact leadership role—ideal for someone eager to "own the outcome" and establish security excellence in a "high tech + high touch" healthcare environment. What you'll do - Design and implement a comprehensive information security strategy aligned with business objectives and stringent healthcare regulatory requirements including HIPAA, SOC 2, and HITRUST. - Architect and maintain security policies, procedures, and controls that protect patient data while enabling operational efficiency across all platform interactions. - Conduct regular risk assessments, security audits, and vulnerability management programs to proactively identify and mitigate threats. - Lead incident response processes and coordinate investigations of security events, ensuring rapid containment and comprehensive remediation. - Collaborate closely with engineering, product, and operations teams to integrate security best practices into product development and service delivery workflows. - Develop and deliver security awareness training programs for employees and stakeholders, fostering a culture of security-first thinking. - Lead IT and information security discussions with customers, addressing technical security requirements, compliance questions, and integration considerations to support sales and partnership initiatives. - Stay current with emerging threats, security technologies, and regulatory changes specific to the healthcare sector, translating insights into actionable security enhancements. Required Qualifications - 5+ years of information security experience with 3+ years specifically in leadership roles. - In-depth knowledge of healthcare security standards including HIPAA, SOC 2, HITRUST, and other relevant compliance frameworks. - Proficiency in security technologies including firewalls, encryption, access controls, intrusion detection systems, and security monitoring platforms. - Experience designing and implementing cloud security architectures, particularly in AWS environments, including containerized security and infrastructure as code. - Excellent communication and interpersonal skills, with the ability to engage effectively with technical and non-technical stakeholders in both written and verbal forms. - A deep interest in healthcare innovation and a commitment to building security programs that positively impact health outcomes. - Knowledge of security frameworks, risk management methodologies, and incident response best practices. Desired Qualifications - Bachelor's degree in Computer Science, Information Security, Cybersecurity, or related field. - Experience in the healthcare technology sector, including hands-on experience with healthcare regulations and audit processes. - Experience leading large security initiatives and mentoring junior security professionals. - Strong applied knowledge of zero-trust architectures, identity and access management systems, and data loss prevention technologies. - Experience implementing security monitoring, SIEM platforms, and automated threat detection systems.