About NexHealth

Our healthcare system remains frustratingly analog. When you live in a world of one-tap car rides instant meal delivery and unlimited streaming why do you still have to call to schedule a doctors appointment and fill out a clipboard in the waiting room

NexHealths mission is to accelerate innovation in healthcare by connecting patients providers and building the infrastructure layer for modern healthcare connecting thousands of fragmented on-premise and closed EHR systems into a single modern platform that powers software APIs payments and patient experiences across the ecosystem.

• Founded: 2017
• Headquarters: San Francisco CA
• Funding: $177M Series C
• Employees: 200
• Trusted by tens of thousands of providers and hundreds of health-tech developers forging the infrastructure layer that modern healthcare needs

About the Role

NexHealth is a technology company building infrastructure thats reshaping how patient data moves and how the HealthTech ecosystem connects. Were looking for a Security Lead to own our security governance compliance IT operations vendor security and incident response establishing the function embedding strong practices and partnering closely with engineering legal and leadership.

This is a player-coach role with real hands-on expectation in year one. Youll drive the next phase of our security and compliance program and build your team.

What Youll Do

• Own NexHealths security governance compliance and IT programs end-to-end.
• Serve as named Information Security Officer and Privacy Officer for SOC 2 and HIPAA own the policy manual (40 documents) audit liaison relationship with A-LIGN control mapping across overlapping regimes and evidence collection pipelines.
• Set security standards across application security vulnerability management cloud security (AWS) audit logging and access controls driving the technical program through Engineering via influence not direct authority.
• Build hire and develop the IT and workforce security program: endpoints identity SaaS administration phishing simulations role-specific training modules and facilities security.
• Own vendor security: intake classification assessment BAA execution ongoing oversight and customer-facing trust artifacts including Trust Center and subprocessor disclosure.
• Lead incident response in Officer capacity; partner with outside counsel on breach determinations own IR tracking and run annual tabletop exercises.
• Own the risk register risk acceptance decisions privacy operations (DSARs data subject rights privacy complaints) BC/DR plan and cyber insurance relationship.
• Hire a Staff-level IT IC within year one and grow the function from there.

What Youll Bring

Experience

• 8 years of relevant security experience including 3 years in a security leadership role where you were materially building the program not maintaining it.
• Has built (not inherited) a security program from a near-zero baseline at least once.
• Has owned a recurring external audit cycle end-to-end (e.g. SOC 2 ISO PCI HITRUST) designed evidence collection mapped controls ran the auditor relationship and made the next cycle materially easier than the last.
• Software engineering background. Can read a pull request evaluate cloud configurations and push back on Engineering with technical substance.
• Experience hiring and developing senior security or IT individual contributors.

Qualifications

• Hands-on experience with security tools and technologies such as SIEM MDR IDS/IPS WAF DLP and vulnerability scanners.
• Youve reshaped how a company engages with auditors regulators or customer security teams moved questionnaires to Trust Centers audits from manual to automated or vendor reviews from one-off projects to continuous programs.
• You drive sustained operational change in functions you dont manage.
• You treat engineering velocity as a security input. Slow shipping creates security risk too.
• You can frame risk for a Board-level audience and for an engineering audience in the same week.

Behavioral Traits

• First-principles thinker.
• Writes. NexHealth runs on documents; verbal-first operators struggle here.
• Comfortable being the ranking voice on policy and risk.

Benefits

• Full Medical Dental and Vision (up to 100% covered)
• 401K and commuter benefits
• Flexible PTO
• High-impact work that directly improves the healthcare experience for millions

Our Values

• Solve the customers problems not yours
  When making decisions think from the perspective of the customer. Its easy to make decisions that make our lives simpler but not the customers.
• Do the things others are not willing to do
  As a Nexer always go after the hardest problems. Pursue things at the highest quality. Move at the fastest pace.
• Take ownership
  Act like a founder. Own your roles destinies mistakes behavior and our mission. The buck stops with each of us - no blaming or excuses.
• Say whats on your mind with positive intent
  Be direct proactive transparent and frequent in your communication.
• Default trust
  As a Nexer you do not have to earn trust trust is given to you by default. If we by default trust each other our speed of communication feedback information sharing and overall improvements will be a lot faster.
• Think in first principles
  We first identify the problem and then break it down to its fundamentals before diving into solutions. We constantly ask why to validate our assumptions.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race religion color national origin sex gender expression sexual orientation age marital status veteran status or disability status. We provide reasonable accommodation for individuals with disabilities to participate in the application or interview process. Contact to request assistance.