Director of Security Privacy Compliance 100% Remote

Vori Health

Nashville, TN
Remote
Education
Industry
Qualifications
Benefits
Skills
Experience
Other
Apply
10,000+ Similar Jobs

Job Details

Description

Who We Are:

Vori Health is an award-winning, nationwide, virtual-first, musculoskeletal medical practice focused on evidence-based care that treats the whole person. Using a unique care model to help patients find the best path forward, Vori Health connects patients to a trained care team that includes a nonoperative physical medicine physician, a health coach navigator, and a physical therapist who manage the initial patient assessment and then work to coordinate all aspects of care. We are on a mission to empower humanity to lead a healthier life.

Reporting to the Chief Technology Officer, you will work closely with other members of the information technology team, as well as cross-functional stakeholders.

As the Director of Security, Privacy, and Compliance, you’ll be responsible for designing, implementing, and optimizing the security and compliance infrastructure that supports our virtual-first clinical care model. You will lead Vori Health’s information protection strategy across patient data, clinical workflows, and vendor ecosystems, ensuring regulatory readiness and operational resilience. This role will lead, operationalize and maintain security controls to protect patient data and maintain SOC2, HIPAA, GDPR and HITRUST compliance. You will lead Vori Health’s information protection strategy across patient data, clinical workflows, and third-party ecosystems, ensuring regulatory readiness, operational resilience, and patient trust.

This position involves strategic decision-making, system implementations, and the adoption and testing of new processes and procedures which improve the security and robustness of Vori Health’s infrastructure and associated IT systems. You will oversee key outside vendors, working to identify and safeguard Vori Health from intrusion, security threats, security weaknesses, software bugs and exploits. You will be responsible for Vori Health’s data, systems, patients, customer, and user security.

What You’ll Do:

  • Security & Compliance Leadership
    • Lead the development and execution of security and privacy programs that ensure HIPAA, HITECH, NIST, GDPR, SOC2, HITRUST, and emerging frameworks (e.g., CCPA/CPRA, 21st Century Cures Act) compliance.
    • Develop, implement, and maintain security policies, procedures, and governance documentation.
    • Serve as the primary point of contact for all internal and external audits, including regulatory and client assessments.
    • Conduct risk assessments, security audits and penetration tests to identify vulnerabilities and develop remediation plans
  • Privacy Management
    • Oversee the enterprise privacy program including PHI protections, breach notifications, consent management, and OCR compliance.
    • Act as liaison with legal and clinical leadership for interpretation and application of data privacy requirements.
  • Third-Party Risk & Vendor Security
    • Own vendor security assessments, third-party due diligence, and contract negotiation support.
    • Maintain a centralized vendor risk registry and monitor compliance on an ongoing basis.
  • Secure Architecture & Development Practices
    • Collaborate with engineering teams to ensure adoption of secure development practices (DevSecOps).
    • Leverage frameworks such as NIST, OWASP, and ISO for secure coding, CI/CD pipelines, and system design.
  • Risk Management & Incident Response
    • Conduct regular risk assessments, vulnerability scans, penetration tests, and threat modeling.
    • Develop and lead security incident response processes, including forensic investigations and breach communications.
  • Training & Enablement
    • Develop and deliver ongoing employee security and privacy training programs.
    • Promote a security-first culture across clinical, product, and operational teams.
  • Customer & Partner Engagement
    • Support the completion of RFPs, due diligence requests, and customer security questionnaires.
    • Participate in customer and partner meetings to articulate our security and compliance posture.
    • Build and maintain relationships with regulatory bodies, auditors, and other stakeholders to ensure compliance with relevant regulations and standards
  • Strategy, Reporting & Budgeting
    • Provide security KPIs, dashboards, and executive briefings to leadership.
    • Manage security budget, forecast technology investments, and evaluate tooling options.
  • Supervisory Responsibilities
    • Manage relationships and expectations with third-party vendors, MSSPs, and contractors.
    • Lead cross-functional teams as needed for enterprise-wide security initiatives.
  • Perform other projects and duties as assigned

Who You Are:

  • Required:
    • 7+ years of experience in information security and compliance, preferably in healthcare or digital health
    • Deep understanding of HIPAA, HITECH, SOC2, HITRUST, CCPA, and security frameworks (NIST, ISO, OWASP)
    • Experience in privacy program management and incident response
    • Strong familiarity with AWS security best practices
    • Expertise in risk management, security assessments, and audit readiness
    • Proven ability to lead cross-functional security programs in high-growth environments
    • Strong communication and interpersonal skills
    • Practical experience with AWS, Windows, MacOS, and Linux
    • Excellent time management and organizational abilities with attention to detail
    • Strong analytical and problem solving skills
    • Experience in High growth regulated environments
  • Nice-to-Haves:
    • Bachelor’s or Master’s in Computer Science, Cybersecurity, or related field
    • Certifications such as CISSP, CISM, HCISPP, or CHPC
    • Experience working with EMRs, care management platforms, and digital health products
    • Familiarity with SaaS delivery models and secure product development lifecycles

Work authorization/security clearance requirements:

  • Authorized or able to provide required documents to work in United States.

Physical Requirements/Work Environment:

  • Remote work environment.
    • While performing the duties of this job, the employee may be regularly required to stand, sit, talk, hear, reach, stoop, kneel, and use hands and fingers to operate a computer, telephone, and keyboard.
    • Specific vision abilities required by this job include close vision requirements due to computer work.
    • High-speed internet access with excellent bandwidth
    • Workspace that ensures patient privacy in virtual environment, both visual and auditory

Company Benefits

At Vori Health, we believe in fostering a supportive and rewarding work environment for our team members. We offer a comprehensive benefits package designed to support your overall well-being, growth, and work-life balance:

  • Competitive Salary: We offer competitive pay based on experience, skillset and the value you bring to the team.
  • Equity Options: As part of our commitment to long-term success, we offer equity options, giving you the opportunity to share in the growth of the company.
  • Health & Wellness: Our health benefits include medical, dental, and vision coverage to keep you and your family healthy. We also offer wellness programs and mental health resources to help you thrive both personally and professionally.
  • Retirement Plans: We provide a 401(k) plan and Roth options to help you plan for the future and enjoy peace of mind.
  • Paid Time Off (PTO): Enjoy generous paid time off, including vacation days, holidays, and sick leave, to recharge and maintain a healthy work-life balance.
  • Fully Remote Work: Work from your home or private office location! We offer a flexible, fully remote work environment that allows you to manage your workspace in a way that best suits your lifestyle.
  • Professional Development: We encourage continuous learning and growth with access to training resources and Professional Development stipend for further education.
  • Parental Leave: We offer paid parental leave to support team members through important life moments, whether you're welcoming a child or expanding your family.
  • Employee Assistance Program (EAP): Access confidential counseling and support for personal or work-related challenges to maintain your well-being along with additional employee assistance programs.

We’re committed to creating a workplace where you can grow, succeed, and achieve your best. Come join our team and enjoy the benefits of a company that values its team members we call Vorriors!

EEO Statement:

Vori Health is an Equal Opportunity Employer. We are committed to a work environment that supports, inspires and respects all individuals without discrimination on the basis of race, color, religion, sex, sexual orientation, gender identity, marital status, age, disability, national or ethnic origin, military service status, citizenship or other protected characteristics.

Equal Opportunity Employer

This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.

Read Full Description
Apply
Jobs at Vori Health
Similar Jobs
Confirmed 11 hours ago. Posted 6 days ago.

Discover Similar Jobs

Suggested Articles

What is a Unicorn Startup?
How To Lose a Job Offer In 10 Days
Will Your Stock Options Make You Rich?
Can an Algorithm Predict if You Will Start a Successful Company?
Jobs for Introverts and Other Career Questions Answered
When You Should Leave a Job and Other Career Questions Answered

Entry Level and Junior Customer Experience Jobs at Startups