TopRemoteJobs Logo
    Unlock JobsLogin
    Back to Jobs
    Redox logo
    R

    Director of IT & Security, CISO

    Redox
    Remote
    Remote
    Director
    Full Time
    about 24 hours ago
    💰$224,000 - $260,000
    CISOIT SecurityDirectorHealthcare TechnologyRemote

    Requirements

    • 10+ years in information security, IT, or related technical leadership roles
    • 5+ years of people management experience
    • Experience in healthcare technology SaaS
    • Proven experience leading security engineering, security operations, and corporate IT in a cloud-native SaaS environment
    • Direct experience in healthcare or other highly regulated industries
    • Track record of successfully implementing DevSecOps practices
    • Deep hands-on experience securing AWS environments
    • Strong understanding of endpoint security, identity systems, and modern SaaS IT stacks
    • Practical knowledge of tools such as CrowdStrike, Okta, Flashpoint, RAD
    • Strong foundation in application security, cloud security, and infrastructure as code
    • Strong collaborator with engineering, platform, and operations teams
    • Clear, direct communicator who can articulate risk without theatrics
    • Comfortable making tradeoffs and prioritizing based on real-world risk
    • Builder mindset with a bias toward automation and scale

    What You'll Do

    • Own end-to-end information security strategy across cloud, application, infrastructure, and corporate environments
    • Define a pragmatic security roadmap aligned to business risk, regulatory requirements, and engineering velocity
    • Serve as the executive owner for security posture, risk management, and incident response
    • Act as a trusted advisor to the CTO and executive team on security, risk, and operational tradeoffs
    • Drive a DevSecOps-first operating model, embedding security into CI/CD pipelines, infrastructure as code, and developer workflows
    • Lead threat modeling, secure design reviews, and risk assessments for new platform initiatives
    • Own security architecture and operations for a primarily AWS-based environment
    • Lead application security programs including secure SDLC, dependency scanning, SAST/DAST, penetration testing, and vulnerability management
    • Own identity and access management strategy with Okta
    • Ensure strong detection, alerting, and response across endpoints and cloud workloads
    • Build and run effective security operations including monitoring, investigation, incident response, and post-incident learning
    • Lead incident response for both security and IT incidents
    • Manage vendor relationships including CrowdStrike, Flashpoint, RAD, and Okta
    • Own corporate IT strategy and execution focused on reliability, security, and employee productivity
    • Lead end-user computing, device management, endpoint security, identity lifecycle management, and access controls
    • Oversee IT systems including identity, email, collaboration tools, endpoint management, and SaaS access governance
    • Drive automation and standardization across onboarding, offboarding, access management, and device lifecycle
    • Partner with People Ops, Legal, and Finance on IT processes, audits, and vendor management
    • Own healthcare-related security and compliance programs such as HIPAA and SOC 2
    • Lead third-party risk management and vendor security reviews
    • Support customer security reviews and serve as an executive point of contact on security matters
    • Build, lead, and mentor a high-performing team spanning security engineering, security operations, and IT
    • Create a culture where security and IT are seen as enablers, not blockers
    • Establish clear ownership, measurable outcomes, and high operational standards

    Nice to Have

    • Proven experience securing autonomous agentic loops and tool-calling frameworks
    • Deep understanding of Indirect Prompt Injection and designing 'Human-in-the-Loop' guardrails for agent-driven actions
    • Technical expertise in securing the Model Context Protocol (MCP) regarding context isolation, sandboxing, and identity propagation between LLMs and private data sources
    • Direct experience migrating security programs to Vanta or similar automated GRC platforms
    • Ability to architect 'continuous compliance' by integrating cloud, identity, and developer tools for automated evidence collection
    • Hands-on application of the NIST AI RMF, OWASP Top 10 for LLMs within a production environment

    Benefits

    • 100% remote first culture (must be based in the US)
    • Unlimited Flexible Time Off
    • 15+ Observed Holidays
    • Rest & R^Charge days (guaranteed a 3-day weekend each month)
    • R^Charge (6 weeks paid sabbatical + stipend)
    • 401k match 50% for up to 8% on Day 1
    • Medical/Dental/Vision Benefits on Day 1
    • HSA & FSA, Life, Disability, Medical Travel & Employee Assistance Program
    • Paid Parental Leave (16 weeks)
    • Productivity Stipend & Wellness Fund
    • Redox Issued MacBook
    • Virtual and/or in-person Team & Company Events
    • Stock Options
    • Employee Referral Bonus Program

    About Redox

    Redox logo
    R
    See more jobs at Redox

    Redox is an EHR integration and healthcare platform that accelerates the development and distribution of healthcare software solutions.

    Madison, WI, US
    100 - 250
    Healthcare
    WebsiteLinkedInLinkedInEmployee ReviewsSalary Data
    Get notified about jobs like this