Hipaa Lead Security Specialist (Fintech)

TL;DR

HIPAA Lead Security Specialist (Fintech): Leading the design and operation of US Healthcare security controls, ensuring HIPAA compliance and SOC2 Type II certification. Focus on managing interfaces with external auditors and professional services, defining security policies, and streamlining compliance monitoring and reporting.

Location: Flexible office + home working, up to 2 months a year working abroad

Company

Flo is the world’s #1 health & fitness app worldwide on a mission to build a better future for female health.

What you will do

• Lead annual SOC 2 and HIPAA certifications, managing interfaces with external auditors and professional services.
• Define and maintain security policies; embed risk assessment activities within engineering processes and vendor management.
• Partner with control owners to automate evidence gathering and ensure controls reduce friction rather than creating it.
• Serve as the primary Security POC for US regulators and partners; support the wider Security team with ISO 27001/27701 alignment.
• Manage and integrate GRC platforms to streamline compliance monitoring and reporting.

Requirements

• 7+ years in security/compliance (3+ in leadership), with a Bachelor’s degree in a related field.
• Deep expertise in SOC 2 and HIPAA frameworks within a Cloud-based SaaS environment.
• Familiarity with PHI handling, GRC platforms, and compliance automation.
• Strong ability to translate complex compliance requirements into clear actions for engineering teams.

Nice to have

• CISA/CISSP certifications.
• Experience with NIST, HiTrust, Docker/Kubernetes, and DevSecOps.

Culture & Benefits

• Competitive salary and annual reviews.
• Opportunity to participate in Flo’s performance incentive scheme.
• Paid holiday, sick leave, and female health leave.
• Accelerated professional growth through world-changing work and learning support.
• Flexible office + home working, up to 2 months a year working abroad.