About Alaffia & Our Mission
Each year, the U.S. healthcare system suffers from over $500B in wasted spending due to medical billing fraud, waste, and administrative burden. At Alaffia, we’re on a mission to change that. We’ve assembled a team of clinicians, AI/ML engineers, and product experts to build advanced AI that finally bends the cost curve for all patients across our ecosystem. Collectively, we’re building best-in-class AI software to provide our customers with co-pilot tools, AI agents, and other cutting-edge solutions to reduce administrative burden and reduce healthcare costs. We’re a high-growth, venture-backed startup based in NYC and are actively scaling our company.
About the Role
We’re looking for an experienced Director of Security to manage and implement best-in-class data security programs to protect our systems and customers’ data at all times. To thrive in this role, you’ll need to get excited about the technical details — working with engineering to evaluate and configure new observability and monitoring systems, researching and adopting new security and compliance training programs, ideating new scenarios for incident response dry-runs and tabletop exercises, and designing new processes for teams to adhere to company policies. You will be responsible for the security of our platform and obtaining accreditations of compliance frameworks such as SOC 2 Type II, HIPAA, and HITRUST. This is a hands-on, individual contributor role.
Key Responsibilities:
- Manage SOC 2 and HITRUST compliance programs by maintaining communication with our auditors, collecting evidence of control efficacy, and enforcement of company policies
- Work closely with the Software and DevOps Engineering teams to implement technical controls, security architectures, conduct access reviews, and follow compliance processes
- Work with the Product and Operations Integrity teams to ensure that their development requirements are in alignment with security and compliance requirements
- Ensure that compliance controls are passed on a daily and weekly basis to comply with customer SLAs, employee off-boarding requirements, and company policies
- Manage our security training programs to increase awareness and combat personnel-centric security risks such as phishing, HIPAA violations, and compliance with company policy
- Define requirements and evaluate results of tabletop exercises and live procedures for security incident responses and disaster recovery
Requirements for the Role:
- 7+ years of experience working with enterprise-level compliance programs
- Experience with modern technologies and tools for IT such as Vanta, AWS, Google Workspace, SentinelOne, and Datadog
- Experience working in a DevOps environment, with a solid understanding of how to integrate security practices into DevOps processes.
- Experience implementing and maintaining the SOC 2 and HITRUST compliance framework
- Experience leading and managing security incident response programs
- Strong oral and written communication skills to effectively communicate with fellow team members and customers
Our Culture
At Alaffia, we fundamentally believe that the whole is more valuable than the sum of its individual parts. Further to that point, we believe a diverse team of individuals with various backgrounds, ideologies, and types of training generates the most value. If you want to work alongside driven people on a mission to make a major impact at the core of U.S. healthcare by implementing the latest in cutting-edge technologies, then we’d like to meet you!
What Else Do You Get Working With Us?
- Competitive base salary
- Company stock options
- Fully covered employer-sponsored healthcare (medical, dental, vision)
- Flexible PTO
- Work in a flat organizational structure — direct access to Executive team members