Chief Information Security Officer

Handl Health is a post-Series A healthcare technology company building AI-powered care navigation and cost estimation products. We handle PHI and operate under HIPAA, and we’re scaling fast — which means our security and compliance posture needs to scale with us.

We’re looking for a fractional CSO to take full ownership of our security program. Today, security is carried by our Head of Engineering alongside everything else. We need a dedicated leader who can establish the frameworks, policies, and operational practices that let us move fast without accumulating risk.

This is a hands-on leadership role, not an advisory engagement. You’ll own outcomes, not just recommendations.

‍Please note:

• This is a fractional / part-time role expected for up to 20-hours per week for an initial 6-month contract
• We are moving quickly on this search. Selected applicants should be available to interview promptly and, if selected, onboard quickly.

​

What You’ll Do

• Own the end-to-end security posture including HIPAA compliance, SOC 2, and vendor risk management
• Conduct a security assessment of our current infrastructure (AWS, S3 data lake, AI integrations) and build a prioritized remediation roadmap
• Establish and maintain security policies, incident response procedures, and access control frameworks
• Evaluate and manage risk across our AI toolchain including Claude Enterprise, MCP integrations, and third-party connectors (Slack, Gmail, Google Drive)
• Own DLP strategy for our data lake, including PHI quarantine architecture and access controls
• Manage our JAMF instance and endpoint security across the organization
• Lead security reviews for new product features and AI capabilities before they ship
• Interface with customers and partners on security questionnaires, audits, and compliance requirements
• Build the security culture — training, awareness, and lightweight processes that engineers actually follow

​

What You Bring

• 10+ years in information security with at least 3 years in a CISO or senior security leadership role
• Deep HIPAA experience — you’ve built or led compliance programs for companies handling PHI
• Hands-on knowledge of AWS security (IAM, S3 policies, Lake Formation, CloudTrail, GuardDuty)
• Hands-on experience securing AI/ML systems — you’ve evaluated prompt injection, data exfiltration, model safety, and supply chain risks in LLM-based architectures and can build policy around them
• Track record of building security programs at startups or growth-stage companies, not just maintaining them at large enterprises
• Comfortable operating as a fractional executive — you know how to prioritize ruthlessly and drive outcomes with limited hours

​

Nice to Have

• SOC 2 Type II audit experience
• Familiarity with healthcare payer or TPA ecosystems
• Background in securing API products and B2B data integrations

​

Why Handl Health

• High-impact role where your work directly protects patients’ data and enables the company to scale confidently
• Work alongside a technical leadership team that understands security and won’t fight you on doing the right thing
• Post-Series A company with the resources to invest in security properly
• Flexible fractional engagement designed to respect your time and maximize your impact

​

How to Apply

Note: This is a syndicated job post. Fractional Jobs found it on the web, but we are not working with the client directly, so we don't have control over or knowledge of the application process. To apply, click on the "View Application" button and follow the application's instructions. Let us know how it goes!