Listing Description

HeartFlow is a VC-backed, pre-IPO, Software as a Service (SaaS) company that has received international recognition for exceptional strides in healthcare innovation. We combine clinical expertise with cutting-edge technology (deep learning, computational fluid dynamics, cloud-based computing) to revolutionize the diagnosis and treatment of coronary artery disease.

If you are passionate about leading information security professionals looking to protect our applications as we change the standard of care for coronary artery disease, come join our engineering team! 

You will lead the team driving cyber security operations, continuous monitoring, security information and event management, security architecture, security engineering, vulnerability scanning, endpoint security, security analytics, network access control, penetration testing, data forensics, security data ingestion, and analysis, incident analysis, threat monitoring/hunt and security situational awareness.

As both a technical and people leader, you will be a key player to scale our organization and our technology. #LI-IB1; #LI-Remote

Job Responsibilities:

• Lead all security matters including governance, risk management, compliance, cyber security, application security, identity and access management, and security operations management


• Serve as subject matter expert including applicable standards, rules, regulations, and best practices


• Enable a DevSecOps Mindset


• Incorporate a data-centric, analytic, and fact-driven approach


• Analysis of current & future threat landscapes


• Direct dedicated security resources to operate against the security program plan


• Direct the execution of security risk assessments and conduct related ongoing compliance monitoring activities


• Direct the execution of risk mitigation plans generated as a result of risk management analysis


• Ensure all information technology systems, policies, and procedures fully comply with applicable laws, standards, and regulations


• Oversee Information Security Budget


• Monitor and evaluate security measures to protect against reasonably anticipated threats or hazards to the confidentiality, integrity, and availability of all applicable data


• Ensure the effective execution of security and compliance training for account employees, including the alignment of regulatory and account specific changes


• Engage with business leaders and corporate functions such as legal, HR, Product Development and IT to support securing our business data and products


• Engage with external auditors and other third parties in support of security activities


• Hands-on technical contributions as appropriate

Skills Needed:

• Exceptional verbal and written communication skills, specifically the ability to communicate within the context of the intended audience, whether that be senior executives or highly technical engineering resources.


• Progressive experience in information security management, information management, information systems, and/or risk management


• Familiarity and knowledge with relevant legal and regulatory requirements, such as SOX and HIPAA.


• In-depth knowledge of information risk concepts/related business needs to security controls


• Experience with Firewalls, NIDS, SIEM, End Point Security, Mobility Management, and Vulnerability Scanning


• Strong experience in securing AWS Cloud Infrastructure with infrastructure as code (Terraform or CDK)


• Strong experience and detailed technical knowledge in security engineering, application security, system, and network security, authentication, security protocols, and other security technologies

Educational Requirements & Work Experience: 

• Bachelor's Degree in Computer Science, Information Security, or a related field


• Minimum of 5 – 8 years of experience in Information Security


• 1-3 years of management experience 

The pay range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to experience and training; skill sets; licensure and certifications; and other business and organizational needs. A reasonable estimate of the base salary compensation range is $185,185 to $282,407 (for San Francisco Bay Area) and $162,963 to $248,519 (for locations outside of San Francisco Bay Area). 

We also offer a range of benefits and programs to meet employee needs based on eligibility. These benefits include comprehensive health care coverage, a health savings account, disability, and life insurance, a Critical Illness and accident plan, a flex spending account (medical and dependent care), a 401k plan with a company match, mental health support TaskHuman, EAP, financial coaching, Rocket Lawyer, and more. HeartFlow offers 12 paid holidays, 15 vacation days, and 80 hours of sick leave.