Head of Security

About us

Pomelo Care is a multi-disciplinary team of clinicians, engineers and problem solvers who are passionate about improving care for moms and babies. We are transforming outcomes for pregnant people and babies with evidence-based pregnancy and newborn care at scale. Our technology-driven care platform enables us to engage patients early, conduct individualized risk assessments for poor pregnancy outcomes, and deliver coordinated, personalized virtual care throughout pregnancy, NICU stays, and the first postpartum year. We measure ourselves by reductions in preterm births, NICU admissions, c-sections and maternal mortality; we improve outcomes and reduce healthcare spend.

Role description

As the Head of Security at Pomelo Care, you will be at the forefront of our efforts to safeguard the privacy of our patients. This role involves defining and executing our security strategy, ensuring compliance with healthcare regulations, and building a security-first culture in the company. You will work closely with our engineering, operations, and compliance teams to integrate security into all aspects of our service delivery.

Key responsibilities

• Define and execute Pomelo Care's comprehensive security strategy
• Build and lead the security team as the company scales, fostering a culture of excellence
• Act as the principal security advisor to senior management, providing insights and recommendations on security matters
• Ensure compliance with frameworks and healthcare regulations such as SOC 2, HIPAA and HITRUST
• Conduct regular risk assessments to identify vulnerabilities and develop strategies to mitigate them
• Oversee daily security operations, including monitoring and forensic investigations
• Lead the response to security incidents, conducting thorough investigations and implementing corrective actions
• Collaborate with engineering to keep security a key part of the development processes and automate security testing in CI/CD pipelines
• Manage relationships with security vendors and service providers, ensuring they meet our security requirements

Who you are

• 7+ years of experience in security roles, with at least 3 years in a leadership or senior technical position
• Proven experience leading security teams -- bonus if in the healthcare sector or in a startup environment
• Excellent communication skills and the ability to convey complex security concepts simply -- to both technical and non-technical folks
• Track record of success in developing and implementing security strategies and managing complex security projects
• Proficiency in cloud security and securing cloud-native applications
• Strong coding or scripting skills (ex. shell, Python) for automating security tasks
• In-depth understanding of healthcare regulations such as HIPAA and HITRUST
• Experience conducting compliance audits and managing regulatory documentation and reporting
• Passion for continuous learning and staying up to date with the latest cybersecurity trends and technologies

Why you should join our team

By joining Pomelo, you will get in early at a fast-moving, well-funded, and mission-driven startup that always puts the patient first. You will learn, grow and be challenged -- and have fun with your team while doing it.

We strive to create an environment where employees from all backgrounds are respected. We also offer:

• Competitive healthcare benefits
• Generous equity compensation
• Unlimited vacation
• Membership in the First Round Network (a curated and confidential community with events, guides, thousands of Q&A questions, and opportunities for 1-1 mentorship)

At Pomelo, we are committed to hiring the best team to improve outcomes for all mothers and babies, regardless of their background. We need diverse perspectives to reflect the diversity of problems we face and the population we serve. We look to hire people from a variety of backgrounds, including but not limited to race, age, sexual orientation, gender identity and expression, national origin, religion, disability, and veteran status.

Our salary ranges are based on paying competitively for our company’s size and industry, and are one part of the total compensation package that also includes equity, benefits, and other opportunities at Pomelo Care. In accordance with New York City, Colorado, California, and other applicable laws, Pomelo Care is required to provide a reasonable estimate of the compensation range for this role. Individual pay decisions are ultimately based on a number of factors, including qualifications for the role, experience level, skillset, geography, and balancing internal equity. Given that this role is open to candidates of different skill levels, determining a salary range is challenging. A reasonable estimate of the current salary range is $175,000 to $250,000. We expect most candidates to fall in the middle of the range.

#LI-Remote