- Job Type: Full-Time
- Function: IT
- Industry: Digital Health
- Post Date: 10/08/2024
- Website: www.xphealth.co
- Company Address: , Palo Alto, CA, 94306
About XP health
Revolutionizing vision care and benefits.Job Description
At XP Health, we are revolutionizing vision care with cutting-edge technology like augmented reality alongside a dedication to a delightful and seamless user experience, ultimately making quality eye care accessible for all. Today, we are honored to serve over 3,000 clients, including multiple Fortune 500 logos and many of the standout companies in Silicon Valley. With passionate founders and a proven team with subject-matter expertise in the space, XP Health has driven efficient, best-in-class growth to date and is hungry for more.
Join our dynamic, diverse team for unparalleled growth opportunities and the chance to make a meaningful impact on millions of people's healthcare. We closed our Series B earlier in 2024 and have raised a total of $50M+ in funding from various healthcare and tech VCs, strategic, and angels.
The Opportunity
As the Security Lead, you will be at the forefront of ensuring the company meets critical compliance standards, including SOC 2, HIPAA, and HiTrust. You will take full ownership of the compliance function, working directly with leadership to manage audits, implement IT security protocols, and oversee training programs. This is an exciting opportunity to join a fast-growing healthcare B2B company that serves large clients and undergoes rigorous annual audits to maintain trust and security.
You'll be instrumental in shaping the company's security posture as we scale, deepening our compliance and expanding our programs to meet the increasing complexity of our operations. This role offers the chance to impact the company's growth while building a scalable and robust security framework, with opportunities for leadership and strategic influence in the coming years.
Key Responsibilities
- Lead the execution of annual audits for SOC 2, HIPAA, and HiTrust, ensuring the company meets and exceeds compliance requirements.
- Develop, manage, and track annual compliance training programs for all employees.
- Oversee IT security tasks, including provisioning laptops, setting up compliant firewalls, and maintaining VPNs in line with industry best practices.
- Conduct quarterly security and compliance review meetings to identify risks, escalate issues, and drive necessary changes to maintain security posture.
- Manage client-facing calls for security due diligence and provide audit evidence to external auditors.
- Monitor and improve SLAs for addressing data breaches or compliance gaps, ensuring timely resolution of critical issues.
- Collaborate with leadership to continuously improve compliance initiatives and scale security programs as the company grows.
- 5+ years of experience managing compliance programs for SOC 2, HiTrust, or similar frameworks at companies with 80+ employees.
- Proven track record of handling HIPAA, SOC 2, and HiTrust audits from start to finish, including providing evidence to auditors and managing security training.
- Strong IT skills, including experience with laptop provisioning, firewall setup, and VPN maintenance, with a focus on security.
- Demonstrated ability to manage and improve compliance processes, including tracking training programs, running penetration tests, and ensuring adherence to security protocols.
- Strong program management and organizational skills, with experience coordinating cross-functional stakeholders and managing quarterly security reviews.
- Excellent communication and client-facing skills, with the ability to present security protocols and audit findings to both internal teams and external auditors.
$150,000—$170,000 USD