Senior Security and Compliance Lead

About The Position

Requirements

• 5+ years in cybersecurity with demonstrated program ownership. You’ve driven initiatives end-to-end, influenced without authority, and been accountable for outcomes, whether or not you carried a management title.
• Familiar with and can demonstrate knowledge and ownership of regulatory compliance, such as SOC 2, HIPAA, HITRUST, GDPR.
• Strong working knowledge of cloud security (Azure, AWS, or GCP), IAM, network security, encryption, and secure SDLC.
• Proven track record leading incident response and managing breaches end-to-end including communication with executives and external stakeholders.
• Experience building and leading teams and managing cross-functional security initiatives
• Ability to translate technical risk into business terms for executives, the board, and customers.
• Bachelor's degree in Computer Science, Information Security, or equivalent practical experience.
• US Residents only. Must reside in the continental U.S., be authorized to work without sponsorship, and not reside in California.

Nice To Haves

• CISSP, CISM, CCSP, CISA, ISO 27001 Lead Auditor/Implementer, Cloud security certs (AZ-500 / AWS Security Specialty).
• Experience in a regulated or high-trust industry (healthcare, digital health, fintech, SaaS handling sensitive data).
• Familiarity with infrastructure-as-code and securing CI/CD pipelines.
• Experience scaling a compliance program from initial certification through annual renewals where you built the program.
• Master's degree in a relevant field.

Responsibilities

• Define and own the multi-year information security strategy and roadmap aligned to business objectives.
• Build, mentor, and lead the security and compliance team, including security engineers, analysts, and GRC (governance, risk management, and compliance) staff.
• Establish and report on security KPIs, KRIs, and program maturity metrics.
• Manage the security and compliance budget, vendor relationships, and tooling investments.
• Own the enterprise risk management program: identify, assess, prioritize, and track remediation of security risks.
• Lead audit readiness and certification efforts (e.g., SOC 2 Type II, ISO 27001, HIPAA, HITRUST, GDPR, CCPA).
• Develop, maintain, and enforce security policies, standards, and procedures.
• Manage relationships with external auditors, assessors, and regulators; coordinate evidence collection and remediation.
• Oversee third-party and vendor risk management and customer security questionnaire responses.
• Partner with other functions on data privacy obligations, breach notification readiness, and cross-functional compliance matters.
• Direct security operations, including monitoring, detection, vulnerability management, and patching.
• Own the incident response program — preparation, detection, containment, eradication, recovery, and post-incident review.
• Oversee identity and access management, encryption, network security, and cloud security posture management.
• Champion "security by design" and shift-left practices within the software development lifecycle.
• Lead business continuity and disaster recovery planning, testing, and continuous improvement.
• Design and administer security awareness, training, and phishing simulation programs across the organization.
• Foster a “security is everyone’s responsibility” culture — serve as the internal champion and go-to escalation point for security matters.
• Act as a calm, credible communicator during security events, translating technical risk into clear business language for executives, customers, and the board.

Benefits

• Medical, dental, and vision benefits
• Discounted pet insurance
• Unlimited PTO after 60 days of employment
• 401(k) after six months with company match
• Competitive salary
• Fast-track career advancement with a high-growth, Great Place to Work™ certified organization
• WFH stipend to offset costs per company guidelines