Qualified Health - Director, Security & Compliance

• Bachelor's degree in Computer Science, Engineering, Data Science, Mathematics, or related technical field • Bachelor's degree • 8+ years in information security, with 3+ years in a leadership role • Healthcare security experience required: HIPAA, HITRUST (i1 or r2), understanding of PHI handling requirements • Hands-on GRC experience — you've built compliance programs, not just advised on them • Enough technical depth to guide a security engineer on vulnerability management, infrastructure security, and secure architecture • Experience with IAM platforms (Okta, Azure AD/Entra), MDM solutions, and endpoint security • Board and executive communication experience — you can present security posture to non-technical investors • Prior experience in a growth-stage startup or fast-scaling company where the security program was being built, not maintained • CISSP, CISM, or HCISPP certification • Experience managing vendor security assessments at scale (dozens of vendors across a growing company) • Builder Mentality: You're excited by the prospect of creating a security program from the ground up — writing the first version of policies, standing up the first compliance automation, building the first incident response plan • Builder Mentality: • Pragmatic Risk Management: You know how to prioritize security investments based on actual risk, not just compliance checklists — and you can articulate that prioritization to a board • Pragmatic Risk Management: • Executive Communication: You translate security posture into business language that resonates with investors, board members, and health system partners • Executive Communication: • Team Development: You'll build and develop a small security team — your ability to hire, develop, and retain these team members is critical • Team Development: • Healthcare Sensibility: You understand that in healthcare, security isn't about protecting the company — it's about protecting patients whose data we handle. That responsibility is personal to you. • Healthcare Sensibility: • Technical Environment: • Our data infrastructure is built on modern cloud technologies including: • Azure Databricks + Data Factory (plus Fabric and Snowflake integrations) • Azure Databricks + Data Factory • PySpark for distributed data processing • PySpark • GitHub Actions + Terraform for CI/CD and Infrastructure as Code • GitHub Actions + Terraform • Python with type-safe patterns and modern frameworks • Python • Healthcare data formats including FHIR, Epic Clarity, and other EHR schemas