Director of Information Security & Compliance (Remote) HEALTHCARE
Salary:
Location: Remote (U.S. preferred) Reports To: CEO / CTO Position Type: Part-Time Contractor (Flexible) About Us
PharmD Live is a leading virtual care company delivering pharmacist-led clinical services focused on chronic disease management, transitions of care, and medication safety. As we scale our proprietary digital health solutions, we are seeking a seasoned security professional to ensure our applications and engineering processes meet the highest standards of security and HIPAA compliance.
Position Summary
We are seeking an experienced and hands-on Director of Information Security & Compliance to build, implement, and manage security policies, risk frameworks, and technical safeguards across our software engineering and operations teams. This role will be responsible for ensuring end-to-end protection of Protected Health Information (PHI), advising on secure system architecture, and maintaining full HIPAA compliance across all digital assets.
- Key Responsibilities
- Design, implement, and manage a comprehensive information security program aligned with HIPAA and healthcare industry best practices.
- Work directly with software engineers and DevOps teams to guide secure application design and development.
- Develop and maintain HIPAA security documentation, including risk assessments, policies, access control protocols, audit trails, and breach response plans.
- Oversee regular security audits, penetration tests, and code reviews (manual or automated).
- Select and manage use of secure development tools (e.g., SonarQube, Snyk, Veracode) to ensure code integrity.
- Provide training and enforce secure coding practices and HIPAA awareness across all technical teams.
- Review 3rd-party vendors and APIs for data security and privacy risks.
- Serve as the primary point of contact for security incidents and ensure rapid response, mitigation, and documentation.
- Stay current on evolving security threats, regulatory changes, and emerging best practices.
- Qualifications
- Minimum 5+ years in information security, cybersecurity, or related fieldin a healthcare or digital health setting.
- Demonstrated expertise with HIPAA Security Rule implementation and compliance management.
- Strong technical foundation in cloud security (AWS, GCP, Azure), CI/CD pipeline security, and software development lifecycle (SDLC).
- Experience with risk management frameworks (e.g., NIST, HITRUST) and conducting security audits.
- Proficiency with secure code review and vulnerability scanning tools.
- Ability to collaborate with cross-functional teams in a remote, fast-paced startup environment.
- Relevant certifications (preferred but not required): CISSP, HCISPP, CISM, CEH, or similar.
- Why Join Us?
- Be a founding member of our security leadership.
- Make a meaningful impact in a mission-driven, innovative health tech company.
- Flexible work arrangements and remote collaboration.
- Work directly with a visionary leadership team and help shape the security culture from the ground up.
remote work
Apply Now