Director, Security & Compliance

Transform healthcare with us. At Qualified Health, we're redefining what's possible with Generative AI in healthcare. Our infrastructure provides the guardrails for safe AI governance, healthcare-specific agent creation, and real-time algorithm monitoring — working alongside leading health systems to drive real change. This is more than just a job. It's an opportunity to build the future of AI in healthcare, solve complex challenges, and make a lasting impact on patient care. If you're ambitious, innovative, and ready to move fast, we'd love to have you on board. Join us in shaping the future of healthcare. Job Summary: The Director of Security Compliance will own the security and compliance program for a growing health tech company that handles protected health information across 15+ health system partners. This is the most consequential security leadership role you'll find at a company this size. Let's be direct about what you're walking into: we're building a security program that matches the scale and ambition of our business. The operational security work — vendor intakes, IAM, MDM, compliance certification — needs a dedicated leader who can drive it with the urgency and rigor it deserves. The board and our health system partners expect a security posture that matches the trust they place in us. You'll drive HITRUST certification, build the ongoing compliance program, manage a small but growing security team, and represent the company's security posture to the board, investors, partners, and regulators. This is a build role — you're creating program infrastructure from the ground up, not inheriting a mature program. If you've spent your career wanting to own a security program at a mission-driven company where security actually matters (not just compliance theater), this is it. Key Responsibilities: Own the end-to-end security and compliance program: strategy, roadmap, execution Drive HITRUST certification and establish the ongoing recertification program Build and manage a security team Own the company's security posture in all external contexts: board reporting, investor due diligence, partner audits, client security questionnaires Manage IAM strategy and governance across company systems Own the vendor security intake and assessment program Publish and maintain security policies, procedures, and incident response plans Drive the security scan and remediation coordination process with core engineering Manage the relationship with our outsourced IT support vendor Own MDM/device management strategy and compliance Required Qualifications: Bachelor's degree in Computer Science, Engineering, Data Science, Mathematics, or related technical field 8+ years in information security, with 3+ years in a leadership role Healthcare security experience required: HIPAA, HITRUST (i1 or r2), understanding of PHI handling requirements Hands-on GRC experience — you've built compliance programs, not just advised on them Enough technical depth to guide a security engineer on vulnerability management, infrastructure security, and secure architecture Preferred Skills: Experience with IAM platforms (Okta, Azure AD/Entra), MDM solutions, and endpoint security Board and executive communication experience — you can present security posture to non-technical investors Prior experience in a growth-stage startup or fast-scaling company where the security program was being built, not maintained CISSP, CISM, or HCISPP certification Experience managing vendor security assessments at scale (dozens of vendors across a growing company) Builder Mentality: You're excited by the prospect of creating a security program from the ground up — writing the first version of policies, standing up the first compliance automation, building the first incident response plan Pragmatic Risk Management: You know how to prioritize security investments based on actual risk, not just compliance checklists — and you can articulate that prioriti ... (truncated, view full listing at source)