Fractional CISO / CSO (Remote)
💡 Başvuru İpucu: "Braintrust Üzerinden Ücretsiz Başvur" seçeneğine tıklamak sizi Braintrust platformunun resmi sitesine yönlendirecektir. Bu işlem sizin için %100 ücretsizdir ve yönlendirme bonusları aracılığıyla platformumuzu desteklememize yardımcı olur.
⚠️ Çeviri notu: Bu ilan bilgisi yapay zekâ ile çevrilmiştir. Herhangi bir belirsizlik veya hata varsa İngilizce orijinal metni esas alın.
Role Overview
Handl Health is a post-Series A healthcare technology company building AI-powered care navigation and cost estimation products. We handle PHI and operate under HIPAA, and we're scaling fast - which means our security and compliance posture needs to scale with us.
We're looking for a fractional CSO to take full ownership of our security program. Today, security is carried by our Head of Engineering alongside everything else. We need a dedicated leader who can establish the frameworks, policies, and operational practices that let us move fast without accumulating risk.
This is a hands-on leadership role, not an advisory engagement. You'll own outcomes, not just recommendations.
**Please note:
- This is a fractional / part-time role expected for up to 20-hours per week for an initial 6-month contract
- We are moving quickly on this search. Selected applicants should be available to interview promptly and, if selected, onboard quickly.
What You'll Do
- Own the end-to-end security posture including HIPAA compliance, SOC 2, and vendor risk management
- Conduct a security assessment of our current infrastructure (AWS, S3 data lake, AI integrations) and build a prioritized remediation roadmap
- Establish and maintain security policies, incident response procedures, and access control frameworks
- Evaluate and manage risk across our AI toolchain including Claude Enterprise, MCP integrations, and third-party connectors (Slack, Gmail, Google Drive)
- Own DLP strategy for our data lake, including PHI quarantine architecture and access controls
- Manage our JAMF instance and endpoint security across the organization
- Lead security reviews for new product features and AI capabilities before they ship
- Interface with customers and partners on security questionnaires, audits, and compliance requirements
- Build the security culture - training, awareness, and lightweight processes that engineers actually follow
What You Bring
- 10+ years in information security with at least 3 years in a CISO or senior security leadership role
- Deep HIPAA experience - you've built or led compliance programs for companies handling PHI
- Hands-on knowledge of AWS security (IAM, S3 policies, Lake Formation, CloudTrail, GuardDuty)
- Hands-on experience securing AI/ML systems - you've evaluated prompt injection, data exfiltration, model safety, and supply chain risks in LLM-based architectures and can build policy around them
- Track record of building security programs at startups or growth-stage companies, not just maintaining them at large enterprises
- Comfortable operating as a fractional executive - you know how to prioritize ruthlessly and drive outcomes with limited hours
Nice to Have
- SOC 2 Type II audit experience
- Familiarity with healthcare payer or TPA ecosystems
- Background in securing API products and B2B data integrations
Why Handl Health
- High-impact role where your work directly protects patients' data and enables the company to scale confidently
- Work alongside a technical leadership team that understands security and won't fight you on doing the right thing
- Post-Series A company with the resources to invest in security properly
- Flexible fractional engagement designed to respect your time and maximize your impact
Kişiselleştirilmiş İş Bildirimleri Alın