Fractional CISO / CSO (Remote)

🌍 Remote, USA 🎯 Full-time 🕐 Posted Recently

Job Description

Handl Health is a post-Series A healthcare technology company building AI-powered care navigation and cost estimation products. We handle PHI and operate under HIPAA, and we’re scaling fast — which means our security and compliance posture needs to scale with us.

We’re looking for a fractional CSO to take full ownership of our security program. Today, security is carried by our Head of Engineering alongside everything else. We need a dedicated leader who can establish the frameworks, policies, and operational practices that let us move fast without accumulating risk.

    This is a hands-on leadership role, not an advisory engagement. You’ll own outcomes, not just recommendations.
  • Please note:
  • This is a fractional / part-time role expected for up to 20-hours per week for an initial 6-month contract
  • We are moving quickly on this search. Selected applicants should be available to interview promptly and, if selected, onboard quickly.
  • *What You’ll Do**
  • Own the end-to-end security posture including HIPAA compliance, SOC 2, and vendor risk management
  • Conduct a security assessment of our current infrastructure (AWS, S3 data lake, AI integrations) and build a prioritized remediation roadmap
  • Establish and maintain security policies, incident response procedures, and access control frameworks
  • Evaluate and manage risk across our AI toolchain including Claude Enterprise, MCP integrations, and third-party connectors (Slack, Gmail, Google Drive)
  • Own DLP strategy for our data lake, including PHI quarantine architecture and access controls
  • Manage our JAMF instance and endpoint security across the organization
  • Lead security reviews for new product features and AI capabilities before they ship
  • Interface with customers and partners on security questionnaires, audits, and compliance requirements
  • Build the security culture — training, awareness, and lightweight processes that engineers actually follow
  • *What You Bring**
  • 10+ years in information security with at least 3 years in a CISO or senior security leadership role
  • Deep HIPAA experience — you’ve built or led compliance programs for companies handling PHI
  • Hands-on knowledge of AWS security (IAM, S3 policies, Lake Formation, CloudTrail, GuardDuty)
  • Hands-on experience securing AI/ML systems — you’ve evaluated prompt injection, data exfiltration, model safety, and supply chain risks in LLM-based architectures and can build policy around them
  • Track record of building security programs at startups or growth-stage companies, not just maintaining them at large enterprises
  • Comfortable operating as a fractional executive — you know how to prioritize ruthlessly and drive outcomes with limited hours
  • ***Nice to Have****
  • SOC 2 Type II audit experience
  • Familiarity with healthcare payer or TPA ecosystems
  • Background in securing API products and B2B data integrations
  • ***Why Handl Health****
  • High-impact role where your work directly protects patients’ data and enables the company to scale confidently
  • Work alongside a technical leadership team that understands security and won’t fight you on doing the right thing
  • Post-Series A company with the resources to invest in security properly
  • Flexible fractional engagement designed to respect your time and maximize your impact

Apply tot his job

Apply To this Job

Ready to Apply?

Don't miss out on this amazing opportunity!

🚀 Apply Now

Similar Jobs

Recent Jobs

You May Also Like