Director of Security Engineering and Operations

Aeroflow Health Director of Cybersecurity

Aeroflow Health is made up of creative and talented associates who are transforming the home medical equipment industry. Our patient-centric business model is founded on innovation through technology and cutting-edge delivery platforms. We have grown to be a leader in the home medical equipment segment of the healthcare industry are among the fastest-growing healthcare companies in the country and recognized on Inc. 5000s list of fastest-growing companies in the U.S. As Aeroflow has grown our needs to curate an amazing employee environment and experience have grown as well. Were working hard to ensure that Aeroflow remains a premier employer in Western North Carolina thus bettering the everyday lives of the employees that work so hard to service our patients.

The Opportunity

We are seeking an experienced and highly capable Director of Cybersecurity to lead all aspects of our security programtechnical operational and strategic. This leader will take ownership of an established security roadmap and drive execution across the organization to ensure Aeroflow Health is protected from internal and external threats.

This role is ideal for a hands-on highly technical security leader who can roll up their sleeves guide engineers implement tools and processes and build strong partnerships across Engineering IT Compliance Legal Shared Services and Executive leadership. The Director will oversee a small but highly skilled security team including Security Engineering Security Operations and IT Risk & Compliance while maintaining direct involvement in core security projects and incident response.

This is a high-visibility business-critical role responsible for safeguarding the organization maturing our security posture and ensuring we remain compliant resilient and ahead of emerging threats.

Your Primary Responsibilities

We are currently seeking a Director of Cybersecurity to:

• Own and execute the enterprise security roadmapensuring planned initiatives are delivered measured and continuously improved.
• Provide strong clear leadership to the Security Engineering and Security Compliance functions.
• Serve as the primary point of accountability for organizational security posture reporting to senior leadership and key stakeholders.
• Develop document and enforce security policies procedures standards and best practices.
• Actively participate in daily security engineering tasks including tool implementation security monitoring incident investigation and vulnerability management.
• Lead the architecture deployment and optimization of security technologies (SIEM EDR IAM DLP cloud security tools network security solutions etc.).
• Oversee access management strategy and operations ensuring strong identity authorization and least-privilege controls across all systems and environments.
• Partner with Engineering to secure systems applications and infrastructure.
• Oversee periodic penetration tests threat modeling exercises incident simulations and red/blue team activities.
• Manage and mature third-party security risk practices including vendor security reviews ongoing monitoring and contractual security requirements.
• Ensure regulatory and audit compliance (HIPAA SOC2 HITRUST and other healthcare/security frameworks).
• Partner with Legal and Compliance teams to ensure security programs tools and practices meet contractual regulatory and industry expectations.
• Maintain documentation for compliance requirements and support internal and external audit efforts.
• Serve as a trusted advisor to leadership and technical teams regarding risk architecture and security-by-design.
• Drive companywide education awareness and accountability to embed security into every function.
• Manage and grow a high-performing security team including a Security Engineer and a Security Compliance Specialist.
• Set clear expectations provide coaching and empower team members to execute and grow into subject-matter experts.
• Foster a collaborative and transparent culture centered on accountability communication and continuous improvement.
• Compliance is a condition of employment and is considered an element of job performance
• Maintain HIPAA/patient confidentiality
• Other job duties assigned

Key Factors for Success

• A secure compliant and resilient environmentand clear visibility into risks.
• A proactive structured and well-governed security program.
• Strong execution against the roadmap with measurable progress.
• Leaders across the company view you as a trusted partner and advisor.
• A high-performing security team that is supported empowered and aligned.
• A meaningful reduction in risk increased preparedness and a culture in which security is everyones responsibility

Required Qualifications

• 10 years of progressive security experience including hands-on technical security work and leadership responsibilities.
• Proven ability to lead security functions in a fast-moving high-growth environmentpreferably healthcare SaaS or regulated industries.
• Deep technical expertise in security engineering cloud security (Azure/AWS) identity and access management (IAM) endpoint protection network security and modern DevSecOps practices.
• Experience leading incident response vulnerability management and risk mitigation efforts.
• Demonstrated experience assessing and managing third-party security risks and vendor access.
• Strong communication skillsable to translate complex technical concepts to leadership and non-technical teams.
• Experience partnering with cross-functional teams including Legal Compliance Engineering and executive leadership.
• Must be onsite in Asheville NC or willing to relocate (relocation support available for the right candidate).

You might also have

• Experience in HIPAA SOC2 HITRUST or other compliance-heavy environments.
• Prior experience scaling a security function or building programs from the ground up.
• Relevant certifications (CISSP CISM CCSP etc.).

What Aeroflow Offers

Competitive Pay Health Plans with FSA or HSA options Dental and Vision Insurance Optional Life Insurance 401K with Company Match 12 weeks of parental leave for birthing parent/ 4 weeks leave for non-birthing parent(s) Additional Parental benefits to include fertility stipends free diapers breast pump Paid Holidays PTO Accrual from day one Employee Assistance Programs and SO MUCH MORE!!

Here at Aeroflow we are proud of our commitment to all of our employees. Aeroflow Health has been recognized both locally and nationally for the following achievements:

• Family Forward Certified
• Great Place to Work Certified
• 5000 Best Place to Work award winner
• HME Excellence Award
• Sky High Growth Award

If youve been looking for an opportunity that will allow you to make an impact and an organization with unlimited growth potential we want to hear from you!

Aeroflow Health is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race color sex religion sexual orientation national origin disability genetic information pregnancy or any other protected characteristic as outlined by federal state or local laws.

Required Experience:

Director