Director of Security & Compliance
Verse Medical · New York, NY · 3 wk ago
HybridInformation Technology$220k–$270k/yrFull-time
About the role
The Director of Security & Compliance will own and build the company's security program, focusing on HIPAA compliance, HITRUST certification, and protecting patient data.
Responsibilities
- Own and drive the company-wide security strategy and roadmap, balancing risk reduction with the speed of a Series C product organization
- Serve as the owner for HIPAA compliance and our ongoing HITRUST certification effort, implementing and operating the underlying controls
- Lead incident response, including playbook development, on-call structure, tabletop exercises, and post-incident reviews
- Build the security team over time, starting as a hands-on player-coach and hiring once the program scales
Requirements
- 8+ years in security, compliance, or information security, with at least 2–3 years as a senior leader or subject matter expert at a startup or growth-stage company
- Direct experience owning HIPAA, HITRUST, and/or SOC 2 compliance end to end — designing, implementing, operating, and auditing the relevant security controls and policies
- Experience leading incident response, from detection through remediation and postmortem
- Experience designing and implementing both technical and non-technical security controls: MDM, IAM, endpoint protection, access policies, vulnerability management
- Strong cross-functional communication: able to explain risk and compliance requirements to executives, work credibly alongside engineers, and represent our posture to enterprise customers and auditors
- Comfort operating as a player-coach — willing to be hands-on-keyboard while building the function
Qualifications
- Track record of building security programs from early maturity: you've written the first policies, stood up the first tooling, and made pragmatic risk tradeoffs rather than inheriting a mature program
Skills and Experience
- Core Skills & Experience: 8+ years in security, compliance, or information security, with at least 2–3 years as a senior leader or subject matter expert at a startup or growth-stage company
- Direct experience owning HIPAA, HITRUST, and/or SOC 2 compliance end to end — designing, implementing, operating, and auditing the relevant security controls and policies
- Experience leading incident response, from detection through remediation and postmortem
- Experience designing and implementing both technical and non-technical security controls: MDM, IAM, endpoint protection, access policies, vulnerability management
- Strong cross-functional communication: able to explain risk and compliance requirements to executives, work credibly alongside engineers, and represent our posture to enterprise customers and auditors
- Comfort operating as a player-coach — willing to be hands-on-keyboard while building the function
Benefits
- Competitive compensation - $220,000-$270,000 base compensation + equity
- Opportunities for rapid career advancement in a growing company
- 100% premium coverage for health insurance
- 401(k) with no matching at this time
Pay
$220,000 - $270,000 base compensation
Schedule
This is a hybrid role based in our New York office and will require you to be in the office 4x in a week.
Verse Medical Pledge for an Equitable Future
We are committed to building a workplace where everyone feels a sense of belonging, where their contributions are valued, and where they can do their best work. We embrace diversity of all kinds: race, gender, age, religion, identity, experience. We are actively working to build a more inclusive and equitable world, starting from within our own walls.