Head of Information Security Role Overview Were seeking an experienced Head of Information Security to lead and mature our clients global security and compliance strategy. Youll own the implementation and oversight of frameworks like ISO 27001, SOC, and HIPAA, ensuring the protection of sensitive health and operational data. Ideal candidates will have hands-on experience in regulated environments (preferably healthcare), a deep understanding of cloud security, and a strong track record of driving security certifications in fast-paced or startup settings. Key Responsibilities Develop and lead the organization's information security program. Define and enforce policies aligned with ISO 27001, NIST CSF, and HIPAA. Oversee risk assessments, incident response, and third-party risk. Lead audits and certification efforts (e.g., ISO 27001, FedRAMP, HIPAA). Partner with DevOps on secure cloud architecture and with engineering on DevSecOps. Drive company-wide security awareness and training. Represent security in customer, board, and regulatory discussions. Act as or support the Data Protection Officer for GDPR compliance. Required Qualifications 7+ years in information security, including 2+ years in a leadership role. Proven success with ISO 27001 certification and HIPAA compliance. Strong grasp of cloud-native security (AWS, Azure, or GCP). Experience in regulated sectors such as healthcare or MedTech. Effective communicator with both technical and non-technical audiences. Preferred Qualifications Certifications: CISSP, CISM, CISA, CCSP, or ISO 27001 Lead Implementer. Familiarity with NIST SP 800-53, FISMA, and FedRAMP. Knowledge of IoT security, Bluetooth, or firmware threat modeling. Experience with DevSecOps and CI/CD pipeline security. What We Offer A senior leadership role in an impactful MedTech startup. Competitive salary and equity. Flexible/hybrid work environment. The opportunity to shape a security program from the ground up. A collaborative, mission-driven team culture.