Director, Security & Compliance

At Qualified Health, we're redefining what's possible with Generative AI in healthcare. Our infrastructure provides the guardrails for safe AI governance, healthcare-specific agent creation, and real-time algorithm monitoring — working alongside leading health systems to drive real change.

This is more than just a job. It's an opportunity to build the future of AI in healthcare, solve complex challenges, and make a lasting impact on patient care. If you're ambitious, innovative, and ready to move fast, we'd love to have you on board.

Join us in shaping the future of healthcare.

The Director of Security & Compliance will own the security and compliance program for a growing health tech company that handles protected health information across 15+ health system partners. This is the most consequential security leadership role you'll find at a company this size.

Let's be direct about what you're walking into: we're building a security program that matches the scale and ambition of our business. The operational security work — vendor intakes, IAM, MDM, compliance certification — needs a dedicated leader who can drive it with the urgency and rigor it deserves. The board and our health system partners expect a security posture that matches the trust they place in us.

You'll drive HITRUST certification, build the ongoing compliance program, manage a small but growing security team, and represent the company's security posture to the board, investors, partners, and regulators. This is a build role — you're creating program infrastructure from the ground up, not inheriting a mature program. If you've spent your career wanting to own a security program at a mission-driven company where security actually matters (not just compliance theater), this is it.

• →Own the end-to-end security and compliance program: strategy, roadmap, execution
• →Drive HITRUST certification and establish the ongoing recertification program
• →Build and manage a security team
• →Own the company's security posture in all external contexts: board reporting, investor due diligence, partner audits, client security questionnaires
• →Manage IAM strategy and governance across company systems
• →Own the vendor security intake and assessment program
• →Publish and maintain security policies, procedures, and incident response plans
• →Drive the security scan and remediation coordination process with core engineering
• →Manage the relationship with our outsourced IT support vendor
• →Own MDM/device management strategy and compliance

• Bachelor's degree in Computer Science, Engineering, Data Science, Mathematics, or related technical field
• 8+ years in information security, with 3+ years in a leadership role
• Healthcare security experience required: HIPAA, HITRUST (i1 or r2), understanding of PHI handling requirements
• Hands-on GRC experience — you've built compliance programs, not just advised on them
• Enough technical depth to guide a security engineer on vulnerability management, infrastructure security, and secure architecture

• Experience with IAM platforms (Okta, Azure AD/Entra), MDM solutions, and endpoint security
• Board and executive communication experience — you can present security posture to non-technical investors
• Prior experience in a growth-stage startup or fast-scaling company where the security program was being built, not maintained
• CISSP, CISM, or HCISPP certification
• Experience managing vendor security assessments at scale (dozens of vendors across a growing company)
• Builder Mentality: You're excited by the prospect of creating a security program from the ground up — writing the first version of policies, standing up the first compliance automation, building the first incident response plan
• Pragmatic Risk Management: You know how to prioritize security investments based on actual risk, not just compliance checklists — and you can articulate that prioritization to a board
• Executive Communication: You translate security posture into business language that resonates with investors, board members, and health system partners
• Team Development: You'll build and develop a small security team — your ability to hire, develop, and retain these team members is critical
• Healthcare Sensibility: You understand that in healthcare, security isn't about protecting the company — it's about protecting patients whose data we handle. That responsibility is personal to you.

Our data infrastructure is built on modern cloud technologies including:

• Azure Databricks + Data Factory (plus Fabric and Snowflake integrations)
• PySpark for distributed data processing
• GitHub Actions + Terraform for CI/CD and Infrastructure as Code
• Python with type-safe patterns and modern frameworks
• Healthcare data formats including FHIR, Epic Clarity, and other EHR schemas

Qualified Health is an equal opportunity employer. We believe that a diverse and inclusive workplace is essential to our success, and we are committed to building a team that reflects the world we live in. We encourage applications from all qualified individuals, regardless of race, color, religion, gender, sexual orientation, gender identity or expression, age, national origin, marital status, disability, or veteran status.

Pay & Benefits: The pay range for this role is between $190,000 and $235,000, and will depend on your skills, qualifications, experience, and location. This role is also eligible for equity and benefits.

Join our mission to revolutionize healthcare with AI. To apply, please send your resume through the application below.