Director of Information Security & Compliance (Remote) HEALTHCARE

Salary: Location: Remote (U.S. preferred) Reports To: CEO / CTO Position Type: Part-Time Contractor (Flexible) About Us PharmD Live is a leading virtual care company delivering pharmacist-led clinical services focused on chronic disease management, transitions of care, and medication safety. As we scale our proprietary digital health solutions, we are seeking a seasoned security professional to ensure our applications and engineering processes meet the highest standards of security and HIPAA compliance. Position Summary We are seeking an experienced and hands-on Director of Information Security & Compliance to build, implement, and manage security policies, risk frameworks, and technical safeguards across our software engineering and operations teams. This role will be responsible for ensuring end-to-end protection of Protected Health Information (PHI), advising on secure system architecture, and maintaining full HIPAA compliance across all digital assets. Key Responsibilities • Design, implement, and manage a comprehensive information security program aligned with HIPAA and healthcare industry best practices. • Work directly with software engineers and DevOps teams to guide secure application design and development. • Develop and maintain HIPAA security documentation, including risk assessments, policies, access control protocols, audit trails, and breach response plans. • Oversee regular security audits, penetration tests, and code reviews (manual or automated). • Select and manage use of secure development tools (e.g., SonarQube, Snyk, Veracode) to ensure code integrity. • Provide training and enforce secure coding practices and HIPAA awareness across all technical teams. • Review 3rd-party vendors and APIs for data security and privacy risks. • Serve as the primary point of contact for security incidents and ensure rapid response, mitigation, and documentation. • Stay current on evolving security threats, regulatory changes, and emerging best practices. Qualifications • Minimum 5+ years in information security, cybersecurity, or related fieldin a healthcare or digital health setting. • Demonstrated expertise with HIPAA Security Rule implementation and compliance management. • Strong technical foundation in cloud security (AWS, GCP, Azure), CI/CD pipeline security, and software development lifecycle (SDLC). • Experience with risk management frameworks (e.g., NIST, HITRUST) and conducting security audits. • Proficiency with secure code review and vulnerability scanning tools. • Ability to collaborate with cross-functional teams in a remote, fast-paced startup environment. • Relevant certifications (preferred but not required): CISSP, HCISPP, CISM, CEH, or similar. Why Join Us? • Be a founding member of our security leadership. • Make a meaningful impact in a mission-driven, innovative health tech company. • Flexible work arrangements and remote collaboration. • Work directly with a visionary leadership team and help shape the security culture from the ground up. remote work Apply tot his job