This job has closed.

Gifthealth · 9 hours ago

Director of IT Security

United States

Full-time

Remote

Director/Executive

$164K/yr - $205K/yr

8+ years exp

Gifthealth is revolutionizing healthcare by simplifying prescription and health service management. The Director of IT Security will establish and lead the information security and risk management programs, ensuring compliance and security within a highly regulated environment.

HealthcareSoftwarePharmaceuticalHealth Care

Responsibilities

Develops and executes the company-wide information security strategy, policies, and standards

Leads security risk assessments, vulnerability identification and prioritization, and remediation planning

Defines vulnerability severity, remediation expectations, and risk acceptance criteria based on organizational risk tolerance

Oversees incident response, breach management, and security investigations, serving as the incident commander for security incidents

Ensures compliance with healthcare, privacy, and security regulations (HIPAA, SOC 2, etc.)

Oversees and manages third-party and vendor security risk assessments

Partners across the organization to embed security into system architecture and the software development lifecycle

Provides leadership and strategic direction for Security and Governance, Risk, and Compliance (GRC) functions, ensuring clear accountability and separation of duties

Qualification

CISSPCISMInformation security strategySecurity risk assessmentIncident response leadershipGRC functions experienceHealthcare data regulationsSecurity tooling strategyCloud security principlesCross-functional communicationVendor risk managementPolicy developmentInfluenceScale programs

Required

Bachelor's degree in computer science, engineering, or related field OR equivalent combination of education and experience

8–10+ years of progressive experience in information security or cybersecurity

3–5+ years in a security leadership or management role

Experience defining security tooling strategy, requirements, and implementation approaches

Experience leading or partnering with GRC functions, including audit coordination, policy governance, and compliance oversight

Experience operating in regulated environments

Knowledge of information security frameworks (NIST, ISO 27001, SOC 2); healthcare data privacy and security regulations (HIPAA, HITECH); and cloud security principles (AWS/GCP/Azure)

Security risk assessment and mitigation skills

Incident response leadership skills

Policy development and governance skills

Cross-functional stakeholder communication skills

Ability to make risk-based decisions in fast-moving environments

Ability to influence senior leaders without direct authority

Preferred

CISSP, CISM, or similar security certification

Experience guiding security automation initiatives and tooling adoption

Healthcare, pharmacy, or health-tech experience

Experience supporting SOC 2 or similar audits

Knowledge of pharmacy, healthcare technology, or regulated SaaS environments and Zero Trust architecture and modern security tooling

Vendor and third-party risk management skills

Ability to scale security programs in high-growth organizations

Company

Gifthealth

GiftHealth is a healthcare tech startup that streamlines pharmacy experience with free delivery and competitive medication pricing.

Founded in 2020

Columbus, Ohio, USA

501-1000 employees

https://www.gifthealth.com

Funding

Current Stage

Late Stage

Total Funding

$45.8M

Key Investors

Eir PartnersAllos Ventures

2023-04-04Private Equity· $40M

2021-03-16Seed· $5.8M

2020-06-04Pre Seed

Leadership Team

John Romano

President and Co-Founder

Derek Schneider

CTO

Recent News

PR Newswire

Gifthealth Announces Jeremy Richardson as New Chief Commercial Officer

2026-01-14

Bizjournals.com Feed (2025-11-12 15:43:17)

Columbus-based health tech startup opens pharmacy in Arizona

2026-01-13

PR Newswire

Gifthealth Celebrates Grand Opening Of New Pharmacy In Mesa

2026-01-11

Company data provided by crunchbase