Head of Security

This is a fully remote position, open to applicants in United States.

📋 Description

• Take ownership of and develop Stedi's comprehensive security program, encompassing policies, controls, procedures, security tools, training, vulnerability management, vendor risk, and more.

• Be an impactful hands-on contributor from the very first day, while also devising a roadmap for scaling the security function as the company expands. We foster a culture where leaders actively participate and are deeply engaged in technical details.

• Provide guidance on security risks associated with product decisions, architectural choices, and partnerships.

• Utilize our top-tier security posture to attract new customers and forge strategic relationships.

• Collaborate with Engineering to uphold security excellence while reducing development friction.

• Spearhead breach preparedness and incident response: develop, test, and manage the Security Incident Response Plan, Disaster Recovery, and Business Continuity programs to ensure Stedi can swiftly detect, contain, and recover from any significant issues that may arise.

• Serve as Stedi's representative in discussions with customer and partner security leadership teams, and deliver clear, regular updates on security posture and risk to the executive team and board.

• Collaborate with Legal on regulatory obligations, breach notification requirements, and the legal aspects of security incidents - be prepared to engage directly with regulators if necessary.

• Create systems for ongoing security improvement and establish practical, role-specific security training throughout the organization.

⛳️ Requirements

• Extensive experience managing security programs within cloud-native environments.

• Profound technical expertise in the security domain, with sufficient knowledge to engage in high-level discussions with application engineers.

• Strong legal and regulatory acumen – capable of understanding legal issues and effectively communicating with regulators; experience in healthcare or HIPAA is a significant advantage.

• Opinionated yet pragmatic, exercising sound judgment on where rigor is most crucial and favoring solutions over problems.

• Outstanding communicator: able to articulate security risks clearly to engineers, executives, customers, and regulators, both in writing and verbally.

• Enthusiastic about leveraging automation and modern tools to eliminate repetitive tasks and elevate standards, rather than creating bureaucracy.

🏝️ Benefits

• All official communications regarding roles at Stedi will exclusively come from an @stedi.com email address, or from our verified identification partner, Persona, at @frompersona.com.

• If you are uncertain about the legitimacy of a message or have any concerns, please do not hesitate to contact us directly at careers@stedi.com.