About Us
We’re a fast-growing SaaS company powering digital infrastructure for healthcare organizations across the U.S. Our platform handles sensitive healthcare data and supports secure, seamless interactions for providers, patients, and payers. We’re committed to compliance, trust, and protecting the data entrusted to us.
As we scale, we’re hiring a HIPAA Security Officer to join our security and compliance team — someone who will serve as a key guardian of our HIPAA Security Rule compliance, and who thrives at the intersection of technology, risk, and regulation.
Role Overview
The HIPAA Security Officer is responsible for implementing, managing, and continuously improving our administrative, physical, and technical safeguards for ePHI (electronic protected health information) in accordance with the HIPAA Security Rule and related regulations.
This person will report directly to the CISO and collaborate closely with Legal, Engineering, DevOps, and Compliance teams to ensure the security of healthcare data throughout our SaaS environment.
Key Responsibilities
- Lead and maintain compliance with the HIPAA Security Rule, including documentation, assessments, and audits.
- Conduct and update our Security Risk Assessment (SRA) and help guide remediation plans.
- Develop, implement, and maintain HIPAA-aligned security policies and procedures.
- Ensure appropriate technical safeguards are in place (e.g., access controls, encryption, logging, MFA).
- Manage incident response protocols involving PHI and support breach notification procedures.
- Provide security training and awareness programs to internal teams.
- Monitor HIPAA-related developments, regulatory changes, and threat intelligence to proactively adapt policies.
- Assist with customer, partner, and third-party security assessments or audits.
- Collaborate with the HIPAA Privacy Officer (if separate) and Legal team to maintain strong organizational compliance.
Requirements
- 4–8+ years in information security, cybersecurity, or compliance, ideally in a healthcare or B2B SaaS environment.
- Deep knowledge of HIPAA (Security Rule, Privacy Rule).
- Experience supporting SOC 2, HITRUST, or ISO 27001 initiatives.
- Experience conducting or managing risk assessments (including NIST-based, HITRUST, or similar frameworks).
- Familiarity with security tools and concepts such as IAM, DLP, SIEM, vulnerability management, and cloud security (AWS or Azure preferred).
- Strong documentation, writing, and policy creation skills.
- Excellent cross-functional communication and leadership ability.
- Security certifications (preferred but not required): CISSP, HCISPP, CISA, CHPS, CIPP/US, or similar.
Bonus Points
- Familiarity with DevSecOps or SaaS infrastructure security.
- Experience working with or for Covered Entities or Business Associates.
Why Join Us?
- Mission-driven work protecting sensitive healthcare data
- A growing team and significant influence over security culture
- Competitive salary + success share + benefits
How to Apply
Please submit your resume and a brief cover note describing your experience with HIPAA or healthcare data security. If available, include any sample policies, SRA summaries, or frameworks you’ve worked on (we respect redactions).
Job Type: Full-time
Pay: $110,000.00 - $125,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Health insurance
- Health savings account
- Life insurance
- Paid time off
- Vision insurance
Application Question(s):
- What experience do you have in information security, compliance or IT risk management?
- Describe how you have worked in a HIPAA-regulated environment (Covered Entity or Business Associate)?
- Describe your experience as a HIPAA Security Officer or supportive role?
- How have you led or contributed to a HIPAA Security Risk Assessment (SRA)?
Ability to Commute:
- Hudson, OH 44236 (Required)
Work Location: In person