Fractional CISO / CSO (Remote)
💡 Mẹo ứng tuyển: Nhấn vào "Ứng tuyển miễn phí trên Braintrust" sẽ chuyển hướng bạn đến trang chính thức của Braintrust. Việc này hoàn toàn miễn phí cho bạn và giúp hỗ trợ nền tảng của chúng tôi thông qua tiền thưởng giới thiệu.
⚠️ Lưu ý dịch thuật: Thông tin việc làm này được dịch bằng AI. Nếu có chỗ chưa rõ hoặc chưa chính xác, vui lòng tham khảo bản gốc tiếng Anh.
Role Overview
Handl Health is a post-Series A healthcare technology company building AI-powered care navigation and cost estimation products. We handle PHI and operate under HIPAA, and we're scaling fast - which means our security and compliance posture needs to scale with us.
We're looking for a fractional CSO to take full ownership of our security program. Today, security is carried by our Head of Engineering alongside everything else. We need a dedicated leader who can establish the frameworks, policies, and operational practices that let us move fast without accumulating risk.
This is a hands-on leadership role, not an advisory engagement. You'll own outcomes, not just recommendations.
**Please note:
- This is a fractional / part-time role expected for up to 20-hours per week for an initial 6-month contract
- We are moving quickly on this search. Selected applicants should be available to interview promptly and, if selected, onboard quickly.
What You'll Do
- Own the end-to-end security posture including HIPAA compliance, SOC 2, and vendor risk management
- Conduct a security assessment of our current infrastructure (AWS, S3 data lake, AI integrations) and build a prioritized remediation roadmap
- Establish and maintain security policies, incident response procedures, and access control frameworks
- Evaluate and manage risk across our AI toolchain including Claude Enterprise, MCP integrations, and third-party connectors (Slack, Gmail, Google Drive)
- Own DLP strategy for our data lake, including PHI quarantine architecture and access controls
- Manage our JAMF instance and endpoint security across the organization
- Lead security reviews for new product features and AI capabilities before they ship
- Interface with customers and partners on security questionnaires, audits, and compliance requirements
- Build the security culture - training, awareness, and lightweight processes that engineers actually follow
What You Bring
- 10+ years in information security with at least 3 years in a CISO or senior security leadership role
- Deep HIPAA experience - you've built or led compliance programs for companies handling PHI
- Hands-on knowledge of AWS security (IAM, S3 policies, Lake Formation, CloudTrail, GuardDuty)
- Hands-on experience securing AI/ML systems - you've evaluated prompt injection, data exfiltration, model safety, and supply chain risks in LLM-based architectures and can build policy around them
- Track record of building security programs at startups or growth-stage companies, not just maintaining them at large enterprises
- Comfortable operating as a fractional executive - you know how to prioritize ruthlessly and drive outcomes with limited hours
Nice to Have
- SOC 2 Type II audit experience
- Familiarity with healthcare payer or TPA ecosystems
- Background in securing API products and B2B data integrations
Why Handl Health
- High-impact role where your work directly protects patients' data and enables the company to scale confidently
- Work alongside a technical leadership team that understands security and won't fight you on doing the right thing
- Post-Series A company with the resources to invest in security properly
- Flexible fractional engagement designed to respect your time and maximize your impact
Nhận Thông Báo Việc Làm Cá Nhân Hóa