Director, Information Security

Company Overview

Join us for an enriching journey with Outset, a trailblazing medical device company that is revolutionizing the field of dialysis. Our focus is to create one high performing team, obsessed with progress, in an atmosphere that is brimming with transformative opportunities. The heart of our mission is pioneering a groundbreaking technology that redefines the landscape of dialysis, streamlining complexity and cost, because patients deserve “better” now, not some day.  

At Outset we’re revolutionizing an industry and changing lives. We’re impacting what the future of dialysis looks like by creating a first-of-its-kind technology in order to reduce the cost and complexity of dialysis. FDA cleared for use across care settings, from the hospital to the clinic to the home, the Tablo® Hemodialysis System harnesses modern technology for a new holistic approach to dialysis care. We’re giving providers time back to focus on patient care. And we’re giving patients the power to take control of their life and get back to enjoying the things they love.

Position Overview:  

Outset is seeking a hands-on information security leader to drive our cybersecurity and technology risk management program. This individual will be responsible for developing and enforcing security policies, managing governance, risk, and compliance (GRC) activities, executing security operations, and leading strategic projects to advance our security posture.  In this role, you will collaborate cross-functionally with software engineering, IT Infrastructure, quality, regulatory, legal and other key stakeholders to continuously evolve and strengthen our cybersecurity program. 

 

This role requires a passion for protecting company assets and a strategic mindset to design and implement scalable security solutions. The ideal candidate will bring deep expertise in both on-premises and cloud security, including insights into cloud native security solutions for Microsoft 365 and AWS platforms. 

 

We’re looking for a leader with exceptional problem-solving skills, high attention to detail, strong organizational acumen, and a proven track record of building enterprise-grade security programs. This is a high-impact opportunity to shape the security foundation of Outset’s mission-driven organization – one that is reimagining dialysis and working to catalyze change for patients who deserve better. 

 

Essential Job Functions and Responsibilities: 

• Serve as the Security Lead and Subject Matter Expert (SME) for all environments, including cloud infrastructure, and on-premises systems. 

• Continuously assess and evolve the organization’s security posture—driving program maturity through strategic assessments, road mapping, stakeholder alignment, and project execution. 

• Monitor the external threat landscape to identify emerging attack vectors, vulnerabilities, and adversary tactics—translating threat intelligence into actionable insights that inform security strategy, initiatives and controls. 

• Ensure security practices and controls align with regulatory requirements, including FDA and HIPAA, and fulfill the requirements and obligations of the HIPAA security officer. 

• Support commercial functions by responding to customer cybersecurity due diligence questionnaires and security assessments—articulating Outset’s security posture, controls, and compliance practices directly to Customers. 

• Lead the vendor security risk assessment process—evaluating third-party partners for compliance with Outset’s security standards, identifying potential risks, and ensuring appropriate controls are in place. 

• Conduct technical evaluations of system architecture with a focus on security design and compliance, leveraging frameworks such as NIST CSF and NIST SP 800-53. 

• Provide strategic leadership in identifying, assessing, and mitigating information security risks; ensure alignment with internal policies and external standards. 

• Monitor emerging threats and lead the organization’s response to security incidents, serving as the primary control point and convening the Incident Response Team to investigate, contain, and resolve events. 

• Develop, maintain, and enforce enterprise cybersecurity policies, standards, and procedures, ensuring alignment with regulatory requirements, industry frameworks, and organizational risk tolerance. 

• Influence technology and architecture decisions as a key member of the IT leadership team. 

Required Qualifications: 

• 10+ years of industry experience in an information security function; leadership experience preferred. 

• B.S. or M.S. in Computer Science, Information Security, or a related field. 

• Professional security certifications such as CISSP, CISM, CISA, CCSP, or CEH (or equivalent). Additional certifications like Microsoft Certified: Cybersecurity Architect or AWS Certified Security – Specialty are a plus. 

• Proven experience leading organizations through security certifications and audits, including SOC 2, HIPAA, FIPS, and HITRUST. 

• Demonstrated expertise with cloud security tools and telemetry platforms including experience with AWS (CloudTrail, IAM, Incognito, GuardDuty) and Microsoft 365 (Defender, Entra ID, Purview, Sentinel). 

• Strong knowledge of risk assessment tools, technologies, and methodologies. 

• Exceptional written and verbal communication skills, with the ability to influence technical and non-technical stakeholders. 

• Experience in highly regulated industries. 

Desired Qualifications 

• Experience in FDA regulated industries, specifically Medical Device, is strongly preferred. 

• Experience in customer-facing technical roles, with the ability to translate complex security concepts into business-aligned recommendations. 

• Experience planning, researching, and developing security policies, standards, and procedures. 

• Hands-on experience implementing enterprise security capabilities such as identity and access management (IAM), data loss prevention (DLP), endpoint detection and response (EDR), extended detection and response (XDR), security information and event management (SIEM), and security orchestration, automation and response (SOAR). 

• Familiarity with mobile code, malware analysis, and endpoint protection technologies. 

• Proficiency in deploying logging and monitoring tools at scale, with an emphasis on automation and event-driven response. 

• Expertise in designing secure networks, systems, and application architectures. 

• Experience with disaster recovery planning, digital forensics, and incident response tools and techniques. 

Company Culture

At Outset, we believe every person matters. Every Outsetter, every patient, every caregiver. Because we are here to create a revolution, and we believe in doing that by innovating everywhere with intelligent speed. Our team expects nothing less than our best display of strengths and skills, and we find joy in working together for a common goal. At Outset, we believe that curiosity, ingenuity and conviction in the power of technology will transform the lives of dialysis patients and providers. 

We are fueled by the opportunity to give people their lives back. And we believe that it begins with YOU, our future Outsetter. At Outset, we’ve designed a professional world that our employees are honored and impassioned to belong to, one that offers challenge, the ability to collaborate with great people, and opportunities to build skill and expertise in a fulfilling career. 

An opportunity at Outset Medical won’t just be about finding a job. Our culture revolves around the principles of moving farther, faster, together, so working here feels like a masterclass in peak performance, for individuals and teams. 

Privacy is important to us. Please review our Applicant Privacy Notice. 

 

Important Notice

We have been made aware of fraudulent activities where individuals are impersonating our company and offering fake job opportunities. Please note, Outset Medical will never request payment or gift cards during the hiring process, nor will we ask you to purchase your own equipment. Anyone reaching out to you with an email address ending in @outsetmedical.cc, is not a legitimate Outset representative. For legitimate opportunities, always apply directly through our official careers page. If you are unsure about the authenticity of a communication, contact us immediately at peopleops@outsetmedical.com.

 

EQUAL EMPLOYMENT OPPORTUNITY STATEMENT 

Outset Medical is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind on the basis of race, color, national origin, religion, gender, gender identity, sexual orientation, disability, genetic information, pregnancy, age, or any other protected status set forth in federal, state, or local laws. This policy applies to all employment practices within our organization.