Skip to main content
Back to jobs

Head of IT & Security

External
nexhealth logoNexhealth · Seattle, WA
$175K–$220K/yrFull-timeOn-site1mo ago
Application SecurityAWSClassificationCloud SecurityComplianceHIPAA
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

About the role

NexHealth is a technology company building infrastructure that's reshaping how patient data moves and how the HealthTech ecosystem connects. We're looking for a Security Lead to own our security governance, compliance, IT operations, vendor security, and incident response - establishing the function, embedding strong practices, and partnering closely with engineering, legal, and leadership. This is a player-coach role with real hands-on expectation in year one. You'll drive the next phase of our security and compliance program, and build your team.

Responsibilities

  • Own NexHealth's security governance, compliance, and IT programs end-to-end.
  • Serve as named Information Security Officer and Privacy Officer for SOC 2 and HIPAA - own the policy manual (40+ documents), audit liaison relationship with A-LIGN, control mapping across overlapping regimes, and evidence collection pipelines.
  • Set security standards across application security, vulnerability management, cloud security (AWS), audit logging, and access controls - driving the technical program through Engineering via influence, not direct authority.
  • Build, hire, and develop the IT and workforce security program: endpoints, identity, SaaS administration, phishing simulations, role-specific training modules, and facilities security.
  • Own vendor security: intake, classification, assessment, BAA execution, ongoing oversight, and customer-facing trust artifacts including Trust Center and subprocessor disclosure.
  • Lead incident response in Officer capacity; partner with outside counsel on breach determinations, own IR tracking, and run annual tabletop exercises.
  • Own the risk register, risk acceptance decisions, privacy operations (DSARs, data subject rights, privacy complaints), BC/DR plan, and cyber insurance relationship.
  • Hire a Staff-level IT IC within year one and grow the function from there.

Requirements

  • 8+ years of relevant security experience, including 3+ years in a security leadership role where you were materially building the program, not maintaining it.
  • Has built (not inherited) a security program from a near-zero baseline at least once.
  • Has owned a recurring external audit cycle end-to-end (e.g., SOC 2, ISO, PCI, HITRUST) - designed evidence collection, mapped controls, ran the auditor relationship, and made the next cycle materially easier than the last.
  • Software engineering background. Can read a pull request, evaluate cloud configurations, and push back on Engineering with technical substance.
  • Experience hiring and developing senior security or IT individual contributors.
  • Hands-on experience with security tools and technologies such as SIEM, MDR, IDS/IPS, WAF, DLP, and vulnerability scanners.
  • You've reshaped how a company engages with auditors, regulators, or customer security teams - moved questionnaires to Trust Centers, audits from manual to automated, or vendor reviews from one-off projects to continuous programs.
  • You drive sustained operational change in functions you don't manage.
  • You treat engineering velocity as a security input. Slow shipping creates security risk too.
  • You can frame risk for a Board-level audience and for an engineering audience in the same week.
  • Behavioral Traits
  • First-principles thinker.
  • Writes. NexHealth runs on documents; verbal-first operators struggle here.
  • Comfortable being the ranking voice on policy and risk.

Benefits

NexHealth Compensation Range$175,000 - $220,000 USDFull Medical, Dental, and Vision (up to 100% covered)401K and commuter benefitsFlexible PTOHigh-impact work that directly improves the healthcare experience for millionsOur ValuesSolve the customer's problems, not yoursWhen making deHealth insuranceDental insuranceVision insurance401(k)Paid time offFlexible scheduleEquity / stock options

Additional Information

About NexHealth Our healthcare system remains frustratingly analog. When you live in a world of one-tap car rides, instant meal delivery, and unlimited streaming, why do you still have to call to schedule a doctor's appointment and fill out a clipboard in the waiting room? NexHealth's mission is to accelerate innovation in healthcare by connecting patients, providers, and developers. We're building the infrastructure layer for modern healthcare, connecting thousands of fragmented, on-premise, and closed EHR systems into a single, modern platform that powers software, APIs, payments, and patient experiences across the ecosystem. Founded: 2017 Headquarters: San Francisco, CA Funding: $177M Series C Employees: 200+ Trusted by tens of thousands of providers and hundreds of health-tech developers - forging the infrastructure layer that modern healthcare needs

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at nexhealth? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect