Carrum Health · 6 hours ago
Staff Information Security Specialist
United States
Full-time
Remote
Senior Level, Lead/Staff
$150K/yr - $175K/yr
8+ years expCarrum Health is a health tech company transforming healthcare delivery and experience. They are seeking a Senior Information Security Specialist to act as a strategic partner in executing security initiatives, ensuring compliance, and leading efforts in application security and identity access management.
Health CareHospitalHuman ResourcesWellness
Responsibilities
Act as a Strategic Partner: Operate as a force multiplier for the Director and second-in-command, executing high-impact security initiatives and identifying opportunities to operationalize security strategy. Over time, you will grow into ownership and rollout of defined strategic projects
Support Compliance & Business Enablement: Execute the compliance lifecycle for HITRUST, SOC 2, and HIPAA using automation platforms like Vanta. You will also play a critical role in revenue enablement by performing vendor reviews and taking the 'first pass' on client security questionnaires to unblock sales deals
Architect & Automate Identity Access Management (IAM): Lead the design and restructuring of complex access controls to enforce Least Privilege across our SaaS and Cloud ecosystem. Crucially, you will move us away from manual provisioning by implementing lifecycle automation and Identity Governance (IGA) workflows. While you will initially handle operational requests, your primary goal is to engineer the systems that eliminate the need for manual intervention. (e.g. AWS, Azure, Google Workspace, GitHub, Atlassian, Slack Enterprise)
Lead AppSec & DevSecOps: Function as an Application Security lead by conducting automated and manual code security reviews, performing threat hunting, and tracking remediation tasks directly with the Engineering and DevOps teams
AI Tooling & Innovation: Proactively identify, evaluate, and leverage AI-driven security tools to automate manual tasks, improve threat detection, and enhance internal knowledge management
Partner on AI Governance & Security Strategy: Collaborate with cross-department leadership to define and execute the security posture for our adoption of emerging AI technologies. While we don't expect a decade of experience in this new field, you must possess a strong grasp of AI Governance principles, including securing LLM implementations and managing data privacy in AI workflows. You will be responsible for researching and implementing the 'guardrails' that allow us to innovate safely
Handle Security Operations: Configure and analyze logs for our defensive stack, including tools such as SentinelOne, AWS Security Hub/GuardDuty, and Spin.ai
Incident Response Leadership: Act as a technical lead during security incidents. You will coordinate the initial response, lead investigation efforts, and communicate technical findings to Engineering and Leadership to ensure rapid remediation and minimal business impact
Drive Policy Governance: Contribute to the security policy lifecycle by participating in regular reviews and updating internal documentation to ensure it remains current, effective, and aligned with the evolving threat landscape
Organizational Rollouts & Education: Act as the lead for rolling out new security tools or processes. You will drive a 'security-first' culture by leading internal awareness sessions and educating team members on best practices
Qualification
Required
8+ years of relevant experience in senior-level IT, DevOps, Engineering, or Security roles
Value practical application over certifications, prioritizing hands-on experience
Comfortable working independently as a Full-Time Employee (FTE), with clear deliverables and minimal day-to-day supervision
Deep experience with compliance automation platforms (Vanta preferred, but experience with Drata or Secureframe acceptable), including system integration, control automation, and evidence collection
Possess a 'builder' mindset and willingness to dive into security questionnaires and vendor assessments
Expert-level knowledge of Identity and Access Management (IAM) principles, specifically for re-architecting roles and enforcing the principle of least privilege in complex environments
Ability to communicate technical security risks and incident status clearly across both written and oral formats to non-technical stakeholders and clients
Highly organized and comfortable using task management tools (preferably Jira) to structure work and track deliverables
Hands-on experience with AppSec workflows, including code scanning, vulnerability management, and translating security findings into actionable engineering tickets
Preferred
Rippling management and configuration
Hands-on experience configuring and managing Zscaler environments
Administration and policy configuration for SentinelOne or similar EDR platforms
Experience with SaaS Security Posture Management (SSPM) tools like Spin.ai
Microsoft Azure Security design and hardening
Interest in leveraging AWS AI tools (Amazon Q Business, Bedrock, Kendra) for internal knowledge management
Benefits
Stock option plan
Flexible schedules and remote work
Chicago and San Francisco offices available
Self-managed vacation days, within reason
Paid parental leave
Health, vision, and dental insurance
401K retirement plan
Company
Carrum Health
Carrum Health is a value-based centers of platform that ensures patients receive quality and less expensive care.
51-200 employees
Funding
Current Stage
Growth StageTotal Funding
$96MKey Investors
OMERS Growth EquityTiger Global ManagementWildcat Venture Partners
2023-05-30Series B· $45M
2021-01-07Series A· $40M
2019-05-01Series Unknown· $4.5M
Leadership Team
Sach Jain
Founder & CEO
Brent Nicholson
Co-Founder and CPO
Recent News
Alchemist Accelerator
2026-01-06
Fierce Healthcare
2025-11-10
2025-11-08
Company data provided by crunchbase