Gifthealth · 1 day ago
Director of IT Security
United States
Full-time
Remote
Director/Executive
$164K/yr - $205K/yr
8+ years expGifthealth is revolutionizing healthcare by simplifying the management of prescriptions and health services. The Director of IT Security is responsible for leading the information security strategy and ensuring compliance with healthcare regulations while partnering with various departments to integrate security into business processes.
HealthcareSoftwarePharmaceuticalHealth Care
Responsibilities
Develops and executes the company-wide information security strategy, policies, and standards
Leads security risk assessments, vulnerability identification and prioritization, and remediation planning
Defines vulnerability severity, remediation expectations, and risk acceptance criteria based on organizational risk tolerance
Oversees incident response, breach management, and security investigations, serving as the incident commander for security incidents
Ensures compliance with healthcare, privacy, and security regulations (HIPAA, SOC 2, etc.)
Oversees and manages third-party and vendor security risk assessments
Partners across the organization to embed security into system architecture and the software development lifecycle
Provides leadership and strategic direction for Security and Governance, Risk, and Compliance (GRC) functions, ensuring clear accountability and separation of duties
Qualification
Required
Bachelor's degree in computer science, engineering, or related field OR equivalent combination of education and experience
8–10+ years of progressive experience in information security or cybersecurity
3–5+ years in a security leadership or management role
Experience defining security tooling strategy, requirements, and implementation approaches
Experience leading or partnering with GRC functions, including audit coordination, policy governance, and compliance oversight
Experience operating in regulated environments
Knowledge of information security frameworks (NIST, ISO 27001, SOC 2); healthcare data privacy and security regulations (HIPAA, HITECH); and cloud security principles (AWS/GCP/Azure)
Security risk assessment and mitigation skills
Incident response leadership skills
Policy development and governance skills
Cross-functional stakeholder communication skills
Ability to make risk-based decisions in fast-moving environments
Ability to influence senior leaders without direct authority
Preferred
CISSP, CISM, or similar security certification
Experience guiding security automation initiatives and tooling adoption
Healthcare, pharmacy, or health-tech experience
Experience supporting SOC 2 or similar audits
Knowledge of pharmacy, healthcare technology, or regulated SaaS environments and Zero Trust architecture and modern security tooling
Vendor and third-party risk management skills
Ability to scale security programs in high-growth organizations
Company
Gifthealth
GiftHealth is a healthcare tech startup that streamlines pharmacy experience with free delivery and competitive medication pricing.
501-1000 employees
Funding
Current Stage
Late StageTotal Funding
$45.8MKey Investors
Eir PartnersAllos Ventures
2023-04-04Private Equity· $40M
2021-03-16Seed· $5.8M
2020-06-04Pre Seed
Leadership Team
John Romano
President and Co-Founder
Derek Schneider
CTO
Recent News
2026-01-14
Bizjournals.com Feed (2025-11-12 15:43:17)
2026-01-13
2026-01-11
Company data provided by crunchbase