opengreenhousefelicis
Director of Security & IT
Nayya
LocationNew York, NY (Hybrid), New York
WorkplaceHybrid
Last observed2026-07-02 08:32:53.409323
Job idfelicis-nayya:greenhouse:5829557004
About Nayya Founded in 2019, Nayya is on a mission to connect people’s most important information, so they can thrive in their health and wealth. Powered by AI and advanced analytics, Nayya’s platform transforms complex benefits experiences into intuitive, seamless, and ongoing interactions—meeting people's real world needs. As a trusted platform and partner to leading employers, benefits solutions, and HR tech providers, Nayya unlocks long-term value through helping employees live more resilient lives. Backed by strategic investors like ICONIQ, Felicis Ventures, SemperVirens, Workday Ventures, MetLife Nextgen Ventures, and ADP Ventures, Nayya is ushering in the future of health and wealth for all. Role Summary: We are seeking a Director of Security & IT to lead Nayya's security strategy, compliance programs, and IT operations. This role will serve as the single point of accountability for protecting sensitive health and financial data, maintaining regulatory compliance, and ensuring the reliability and security of internal technology systems. Nayya is a benefits intelligence platform serving approximately 5 million employees. Our AI-powered platform delivers personalized guidance grounded in real plan data and claims history. The security and compliance requirements of this environment are significant: we handle Protected Health Information (PHI) at scale and operate under HIPAA, SOC 2, and other regulatory frameworks. This role reports to the Chief Product & AI Officer. The Director of Security & IT will partner closely with Engineering on infrastructure security while maintaining independent ownership of the security program, compliance posture, and IT operations. Key Responsibilities Security Program Leadership Lead the design, implementation, and continuous improvement of a comprehensive security program spanning application security, infrastructure security, data protection, and incident response. Implement and manage vulnerability assessments, penetration testing, and security audits to identify and mitigate risks across IT infrastructure and systems. Develop and maintain security policies, procedures, and controls aligned to SOC 2 Type II and HIPAA Security Rule requirements. Coordinate response to security incidents, including root cause analysis, containment, remediation, and legal reporting requirements. Own identity and access management (IAM) strategy, ensuring least-privilege access controls across production systems, cloud environments, and internal tools. Implement encryption, access control, audit logging, and other technical safeguards to meet HIPAA security requirements for data at rest, in transit, and during processing. Compliance & Risk Management Own SOC 2 Type II compliance initiatives, including audit preparation, controls documentation, evidence collection, and remediation of findings. Ensure compliance with HIPAA Privacy and Security Rules across Nayya's handling of PHI, including technical safeguards and organizational policies. Develop and maintain a risk management framework that identifies, evaluates, and prioritizes security and compliance risks, ensuring alignment with applicable regulations. Conduct regular risk assessments and vulnerability scans to proactively address potential compliance gaps. Prepare for and manage regulatory audits, customer security assessments, and external inspections related to data security and privacy. Stay current on emerging trends in healthcare data privacy regulations (HIPAA, HITECH, state-level requirements) and assess their impact on company policies and procedures. IT Operations & Help Desk Services Oversee day-to-day IT operations, ensuring all systems, networks, and applications function effectively and securely with minimal downtime. Lead the internal IT help desk function, ensuring timely resolution of technical issues with clear escalation protocols and service level agreements (SLAs). Monitor help desk performance metrics and implement improvements base
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.