Head of Security

Stedi

23h

About The Position

Stedi is building the first new healthcare clearinghouse in decades. In the healthcare sector, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that all insurance payers exchange transactions such as claims, eligibility checks, prior authorizations, and remittances using a standardized EDI format called X12 HIPAA. Clearinghouses process the majority of these transactions, offering consolidated connectivity to carriers and providers. Until Stedi, the space was occupied entirely by a small group of legacy players, built on outdated, often pre-internet technology. Stedi is the world's only programmable healthcare clearinghouse. By offering modern API interfaces alongside traditional real-time and batch EDI processes, we enable both healthcare technology businesses and established players to exchange mission-critical transactions. Our clearinghouse product and customer-first approach have set us apart. Stedi was ranked by Ramp as one of the fastest-growing SaaS vendors. We have lightning in a bottle: engineers and designers shipping products week in and week out; a lean business team supporting the company’s infrastructure; passion for automation and eliminating toil; $142 million in funding from top investors like Stripe, Addition, USV, Bloomberg Beta, First Round Capital, and more. To learn more about how we work, watch our founder Zack’s interview with First Round Capital.

Requirements

Significant experience owning security programs in cloud-native environments.
Deep technical ability in the security domain and enough working knowledge to have high-bandwidth discussions with application engineers.
Strong legal and regulatory instincts – you have the ability to understand legal issues and can speak credibly with regulators; healthcare or HIPAA experience is a strong plus.
Opinionated but pragmatic, with strong judgment about where rigor matters most and a bias toward solutions over problems.
Exceptional communicator: you can explain security risk clearly to engineers, executives, customers, and regulators, in writing and in person.
You’re excited to use automation and modern tooling to eliminate toil and raise the bar, not to build bureaucracy.

Nice To Haves

healthcare or HIPAA experience

Responsibilities

Own and build Stedi's security program end-to-end, including policies, controls, procedures, security tooling, training, vulnerability management, vendor risk, and more.
Be a strong hands-on contributor from day 1 while also building a roadmap for scaling the security function as the company continues to grow. We have a culture where leaders are contributors and are deeply involved in the technical details.
Advise on security risk tied to product decisions, architecture, and partnerships.
Leverage our best-in-category security posture to unlock new customers and strategic relationships.
Partner with Engineering to maintain security excellence while minimizing development friction.
Lead breach preparedness and incident response: build, test, and own the Security Incident Response Plan, Disaster Recovery, and Business Continuity programs so Stedi can detect, contain, and recover rapidly in the unlikely event of a significant issue.
Represent Stedi in conversations with customer and partner security leadership teams, and provide clear, regular reporting on security posture and risk to the executive team and board.
Partner with Legal on regulatory obligations, breach notification requirements, and the legal dimensions of security incidents - be ready to engage directly with regulators should the need ever arise.
Build mechanisms for continuous security improvement, and establish practical, role-appropriate security training across the company.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume