openashbyhqusv
Head of Security
Stedi
LocationRemote in the USA
WorkplaceRemote
EmploymentFullTime
Posted2026-04-30T13:18:33.264+00:00
Last observed2026-06-13 05:24:36.238656
Job idusv-stedi:ashbyhq:7d04150f-01d4-406b-8cfe-1d3b979f80e9
WE'RE BUILDING A NEW HEALTHCARE CLEARINGHOUSE Stedi is building the first new healthcare clearinghouse in decades. In the healthcare sector, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that all insurance payers exchange transactions such as claims, eligibility checks, prior authorizations, and remittances using a standardized EDI format called X12 HIPAA. Clearinghouses process the majority of these transactions, offering consolidated connectivity to carriers and providers. Until Stedi, the space was occupied entirely by a small group of legacy players, built on outdated, often pre-internet technology. Stedi is the world's only programmable healthcare clearinghouse. By offering modern API interfaces alongside traditional real-time and batch EDI processes, we enable both healthcare technology businesses and established players to exchange mission-critical transactions. Our clearinghouse product and customer-first approach have set us apart. Stedi was ranked by Ramp https://ramp.com/velocity/top-saas-vendors-on-ramp-march-2026 as one of the fastest-growing SaaS vendors. We have lightning in a bottle: engineers and designers shipping products week in and week out; a lean business team supporting the company’s infrastructure; passion for automation and eliminating toil; $142 million in funding from top investors like Stripe, Addition, USV, Bloomberg Beta, First Round Capital, and more. To learn more about how we work, watch our founder Zack’s interview with First Round Capital https://www.youtube.com/watch?v=IO6sR-i5rSs. WHAT WE’RE LOOKING FOR We are hiring a Head of Security to take full ownership of security at Stedi, reporting directly to the CEO and working at the intersection of engineering, legal, product, and more. At Stedi, security is job zero. There is nothing more important than securing our systems. This role exists to operationalize that principle across every function of the company. You won’t be building from scratch. We already have SOC 2 Type 2 and HIPAA certifications and will soon have HITRUST R2 certification. We view these compliance items as a baseline starting point and not the final destination. We have invested heavily in security from the earliest days. We have extensive controls across our engineering and IT infrastructure (from SCPs to DLP and everything in between), and 100% of our customer data is processed within AWS without exception. We work extensively with AWS’s native tools as well as with AWS teams, including on an IAM access vulnerability that we discovered https://www.stedi.com/blog/stedi-discovered-an-aws-access-vulnerability. You will own our security function end-to-end: incident readiness, regulatory obligations, customer trust, and the day-to-day fundamentals that enable everything else. You will be the bridge between engineering and legal, working closely with leadership from both teams and the CEO. You’ll inherit a strong foundation to scale in our next phase of growth – building out the team, programs, and processes that let a lean company move fast while maintaining a world-class security posture. WHAT YOU’LL DO - Own and build Stedi's security program end-to-end, including policies, controls, procedures, security tooling, training, vulnerability management, vendor risk, and more. - Be a strong hands-on contributor from day 1 while also building a roadmap for scaling the security function as the company continues to grow. We have a culture where leaders are contributors and are deeply involved in the technical details. - Advise on security risk tied to product decisions, architecture, and partnerships. - Leverage our best-in-category security posture to unlock new customers and strategic relationships. - Partner with Engineering to maintain security excellence while minimizing development friction. - Lead breach preparedness and incident response: build, test, and own the Security Incident Response Plan, Disaster Recovery, and Business Continuity p
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.