Head of Security Engineering

About The Position

Requirements

• You have 10+ years of experience in security engineering, with a proven track record of building and leading teams that own complex matrices of technical surface area in startup and scaled environments.
• Your expertise isn't just theoretical. You’ve had the hard conversations and driven the outcomes at an organizational scope, especially when it comes to the rituals and routines of security compliance.
• With strong knowledge of HIPAA, you're no stranger to the delicate information we handle.
• You are adaptable and flexible, always ready to engage with security challenges at both enterprise and customer levels.
• You know when to get your hands dirty and when to delegate. You possess the ability to read, understand, and audit systems, networks, and IT setups to ensure airtight security. That, combined with a keen sense for when to handoff ownership to someone with depth in the spaces that your breadth doesn’t cover makes you an effective engineering leader.

Responsibilities

• Scale and Lead a Security Engineering Organization: Interview, hire, and manage a team of top flight security engineers that will expansively own Risk, Compliance, Threat Management, Product and Application Security.
• Build and Own the Security Roadmap: Lead the transition from foundational security posture to one defined by a best in class, enterprise-grade security organization.
• Drive Security Prioritization at a Leadership Level: Act as the subject matter expert and voice in the room that is setting the prioritization of security initiatives and stack ranking the risks as well as advising Candid’s strategy to mitigate them in direct partnership with our executive leadership team.
• Lead Trust & Transparency Efforts: Understand, oversee, and drive the rituals associated with HIPAA, SOC2, SOC1, PCI and HITRUST; this role will entail not just audits, but living processes. You will often be the technical voice in the room with our largest enterprise customers.
• Act as a Security Evangelist and Culture Carrier: Educate and empower our 200 employees. From engineering practice to legal contracts, you will collaborate with virtually every team at Candid Health to promote the ethos that we are a security first, compliant organization.
• Manage Third-party Relationships: Coordinate with vendors for penetration testing and other security services, ensuring that our platforms undergo regular scrutiny and remain fortified, review vendor security prior to integration.