Director of Security Engineering and Operations

Aeroflow Career•Asheville, NC

12d•Onsite

About The Position

Aeroflow Health is made up of creative and talented associates who are transforming the home medical equipment industry. Our patient-centric business model is founded on innovation through technology and cutting-edge delivery platforms. We have grown to be a leader in the home medical equipment segment of the healthcare industry, are among the fastest-growing healthcare companies in the country and recognized on Inc. 5000’s list of fastest-growing companies in the U.S. As Aeroflow has grown, our needs to curate an amazing employee environment and experience have grown as well. We’re working hard to ensure that Aeroflow remains a premier employer in Western North Carolina, thus bettering the everyday lives of the employees that work so hard to service our patients. The Opportunity We are seeking an experienced and highly capable Director of Cybersecurity to lead all aspects of our security program—technical, operational, and strategic. This leader will take ownership of an established security roadmap and drive execution across the organization to ensure Aeroflow Health is protected from internal and external threats. This role is ideal for a hands-on, highly technical security leader who can roll up their sleeves, guide engineers, implement tools and processes, and build strong partnerships across Engineering, IT, Compliance, Legal, Shared Services, and Executive leadership. The Director will oversee a small but highly skilled security team, including Security Engineering, Security Operations, and IT Risk & Compliance, while maintaining direct involvement in core security projects and incident response. This is a high-visibility, business-critical role responsible for safeguarding the organization, maturing our security posture, and ensuring we remain compliant, resilient, and ahead of emerging threats.

Requirements

10+ years of progressive security experience, including hands-on technical security work and leadership responsibilities.
Proven ability to lead security functions in a fast-moving, high-growth environment—preferably healthcare, SaaS, or regulated industries.
Deep technical expertise in security engineering, cloud security (Azure/AWS), identity and access management (IAM), endpoint protection, network security, and modern DevSecOps practices.
Experience leading incident response, vulnerability management, and risk mitigation efforts.
Demonstrated experience assessing and managing third-party security risks and vendor access.
Strong communication skills—able to translate complex technical concepts to leadership and non-technical teams.
Experience partnering with cross-functional teams including Legal, Compliance, Engineering, and executive leadership.
Must be onsite in Asheville, NC or willing to relocate (relocation support available for the right candidate).

Nice To Haves

Experience in HIPAA, SOC2, HITRUST, or other compliance-heavy environments.
Prior experience scaling a security function or building programs from the ground up.
Relevant certifications (CISSP, CISM, CCSP, etc.).

Responsibilities

Own and execute the enterprise security roadmap—ensuring planned initiatives are delivered, measured, and continuously improved.
Provide strong, clear leadership to the Security Engineering and Security Compliance functions.
Serve as the primary point of accountability for organizational security posture, reporting to senior leadership and key stakeholders.
Develop, document, and enforce security policies, procedures, standards, and best practices.
Actively participate in daily security engineering tasks, including tool implementation, security monitoring, incident investigation, and vulnerability management.
Lead the architecture, deployment, and optimization of security technologies (SIEM, EDR, IAM, DLP, cloud security tools, network security solutions, etc.).
Oversee access management strategy and operations, ensuring strong identity, authorization, and least-privilege controls across all systems and environments.
Partner with Engineering to secure systems, applications, and infrastructure.
Oversee periodic penetration tests, threat modeling exercises, incident simulations, and red/blue team activities.
Manage and mature third-party security risk practices, including vendor security reviews, ongoing monitoring, and contractual security requirements.
Ensure regulatory and audit compliance (HIPAA, SOC2, HITRUST, and other healthcare/security frameworks).
Partner with Legal and Compliance teams to ensure security programs, tools, and practices meet contractual, regulatory, and industry expectations.
Maintain documentation for compliance requirements and support internal and external audit efforts.
Serve as a trusted advisor to leadership and technical teams regarding risk, architecture, and security-by-design.
Drive companywide education, awareness, and accountability to embed security into every function.
Manage and grow a high-performing security team, including a Security Engineer and a Security Compliance Specialist.
Set clear expectations, provide coaching, and empower team members to execute and grow into subject-matter experts.
Foster a collaborative and transparent culture centered on accountability, communication, and continuous improvement.
Maintain HIPAA/patient confidentiality
Other job duties assigned

Benefits

Competitive Pay
Health Plans with FSA or HSA options
Dental, and Vision Insurance
Optional Life Insurance
401K with Company Match
12 weeks of parental leave for birthing parent/ 4 weeks leave for non-birthing parent(s)
Additional Parental benefits to include fertility stipends, free diapers, breast pump
Paid Holidays
PTO Accrual from day one
Employee Assistance Programs and SO MUCH MORE!!