Director of Security & IT

Oshi Health is revolutionizing GI care with a digital clinic model that provides easy, convenient access to an integrated and multidisciplinary care team that takes a holistic approach to diagnosing, managing and treating digestive health conditions. Oshi Health has been recognized by Modern Healthcare and Builtin as the recipient of Best Place to Work awards. This recognition highlights our dedication to creating a workplace environment that prioritizes our team, fosters inclusivity, and is committed to our mission.

We take time to get to know each patient, develop a personalized, whole-person care plan that includes identification of symptom triggers and prescription of evidence-based interventions, including medications, dietary changes, and mental health support.  Our care is delivered virtually through our app, via secure messaging and telehealth visits.  When in-person diagnostics or procedures are needed, we take a concierge approach and coordinate access, care and follow up with local providers. For more information, visit us at: www.oshihealth.com

"Oshi Health will never contact job candidates via text message or any other messaging platform including WhatsApp, Signal, and Telegram. All official correspondence will occur through email. We will never ask you to share bank account information, cash a check from us, or purchase software or equipment as part of your interview or hiring process. If you have concerns, please reach out to careers@oshihealth.com, and we’ll confirm whether you’re engaging with one of our Oshi teammates!"

Director of Security & IT

Are you a seasoned IT & Security Leader looking to make a bigger impact at an organization that changes lives?

Do you thrive in a fast-paced environment where every day brings new challenges and opportunities to improve technology security and infrastructure?

Are you passionate about healthcare and looking to revolutionize digestive care with cutting-edge technology?

If so, you could be the perfect fit for our team of professionals dedicated to eliminating the impact of digestive health conditions through innovative GI care.

The Role

Oshi Health is seeking a Director,Security & IT to lead our security and IT operations as we scale. In this pivotal role, you will be responsible for maturing our IT and security programs to protect our healthcare technology infrastructure, aligned to our business goals as well as regulatory and contractual requirements. You will build, mentor and lead a team of security and IT professionals, collaborate across departments, and execute a comprehensive security strategy that protects our systems, patients, and data in a rapidly evolving regulatory landscape. This role is vital to maintaining trust with our partners and patient populations and will also be responsible for developing a communications strategy to build this trust..

What You’ll Do:

• Build and maintain a scalable and cost-effective IT infrastructure, including endpoint, asset and vendor management and end user support, ensuring our team is productive with the technology and tools we provide.
• Lead and scale Oshi’s security operations, implementing and refining a robust vulnerability management program.
• Identify, assess, and prioritize security and privacy risks to Oshi’s technology, data, and operations, with a focus on healthcare specific regulations and requirements
• Develop and implement a risk management program, effectively communicating, managing, mitigating and remediating risks across the organization.
• Maintain, monitor and mature compliance with healthcare industry regulations and standards, including but not limited to HIPAA, SOC2 Type II and HITRUST.
• Manage relationships with vendors and oversee security assessments to enforce Oshi’s security standards.
• Build and track data-driven metrics to measure the maturity and effectiveness of the security and IT programs, identifying key areas for ongoing improvement and value.
• Align security initiatives with the CTO and other senior leadership, setting clear security strategies, values, budgets, and team priorities.
• Collaborate with engineering and product teams to embed security practices into the Software Development Lifecycle (SDLC).
• Lead and mentor a high-performing team of security and IT professionals, fostering growth and career development.
• Stay abreast of healthcare related security, privacy and regulatory changes as well as industry trends, communicating relevant updates and potential actions to leadership

Who you are:

• 6+ years of experience in security operations, including hands-on technical experience.
• 3+ years of strategic security leadership in a healthcare setting, preferably in a fast-growing environment.
• 5+ years managing primarily SaaS based IT infrastructure and end user support, in a hybrid or fully remote environment
• HCISPP/CISSP certification (or equivalent experience) demonstrating expertise in information security and healthcare compliance.
• Proven ability to assess, manage and communicate security risks, clearly defining requirements across the organization.
• Experience managing end-to-end security for company-issued devices, including laptops, mobile devices, and other endpoints.
• Deep knowledge of application security, cloud security architecture (especially AWS), and compliance frameworks.
• Strong communication skills, with the ability to translate complex security concepts for both technical and non-technical stakeholders.
• Effective leadership and collaboration skills, with experience working closely with engineers, product managers, clinicians, and executives.
• A proven track record of cultivating a security-conscious culture, including building security champion programs, training and empowering cross-functional teams.

We make healthcare more equitable and accessible:

• Mission-driven organization focused on innovative digestive care.
• Thrive on diversity with monthly DEIB discussions and activities.
• Virtual-first culture: Work from home anywhere in the U.S.
• Live our core values: Own the outcome, Do the right thing, Be direct & open, Learn & improve, Team, Thrive on diversity.

We take care of our people:

• Competitive compensation and meaningful equity.
• Employer-sponsored medical, dental, and vision plans.
• Access to a “Life Concierge” through Overalls, because we know life happens.
• Tailored professional development opportunities to help you grow.

We rest, recharge, and re-energize:

• Unlimited paid time off — take what you need, when you need it.
• 13 paid company holidays to power down.
• Team events, such as virtual cooking classes, games, and more.
• Recognition of professional and personal accomplishments.

Oshi Health’s Core Values:

1. Own the Outcome
2. Do the Right Thing
3. Be Direct & Open
4. Learn & Improve
5. TEAM - Together Everyone Achieves More
6. Thrive on Diversity

If you’re ready to lead Oshi Health’s security and IT operations and help revolutionize healthcare technology, we’d love to hear from you!

Oshi Health is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Note: This job description serves as a general overview and may be subject to change based on organizational needs and requirements.

Oshi Health is an equal opportunity employer that is committed to creating a diverse work environment. To do that, we champion a workplace where each and every person is treated with dignity and respect and is valued for their unique perspective and contributions.

Oshi Health’s policy is to maintain a working environment that encourages mutual respect, promotes harmonious and congenial relationships between employees, and is free from all forms of discrimination and harassment of any employee (or applicant for employment or service provider) by anyone, including supervisors, co-workers, vendors, or clients. Harassment and discrimination in any manner or form is expressly prohibited. There is no tolerance for discrimination or unequal treatment of any kind on the basis of race, color, religion, creed, gender, sex, sexual orientation, gender identity or expression, pregnancy, sexual and reproductive health decisions, national origin, age, disability, genetic information, marital status or civil partnership/union status, familial status, military or veteran status, predisposition or carrier status, domestic violence victim status, alienage or citizenship status, unemployment status, sexual violence or stalking victim status, caregiver status, or any other characteristic protected by law.

This practice applies to all terms, conditions and privileges of employment including, but not limited to, recruitment, selection, promotion, demotion, transfer, layoff, rehire, termination of employment, development and training, compensation, benefits and retirement.

For more information, visit us at www.oshihealth.com