HIPAA Lead Security Specialist (12 months contract)

New York

Apply

500M+ downloads. 80M+ monthly users. A decade of building – and we’re still accelerating.

Flo is the world’s #1 health & fitness app worldwide on a mission to build a better future for female health. Backed by a $200M investment led by General Atlantic, we became the first product of our kind to reach a $1B valuation in 2024 – and we’re not slowing down.

With 7M paid subscribers and the highest-rated experience in the App Store’s health category, we’ve spent 10 years earning trust at scale. Now, we’re building the next generation of digital health – AI-powered, privacy-first, clinically backed – to help our users know their body better.

The job

As a key member of Flo’s Security Architecture team, you will lead the design and operation of our US Healthcare security controls. You will own the roadmap for HIPAA compliance and SOC2 Type II certification, partnering with Engineering and Legal to build a secure, compliant platform for millions of users.

Key Responsibilities

• Compliance Leadership: Lead annual SOC 2 and HIPAA certifications, managing interfaces with external auditors and professional services.
• Policy & Risk: Define and maintain security policies; embed risk assessment activities within engineering processes and vendor management.
• Operational Excellence: Partner with control owners to automate evidence gathering and ensure controls reduce friction rather than creating it.
• Stakeholder Management: Serve as the primary Security POC for US regulators and partners; support the wider Security team with ISO 27001/27701 alignment.
• Tooling: Manage and integrate GRC platforms to streamline compliance monitoring and reporting.

Qualifications

• Experience: 7+ years in security/compliance (3+ in leadership), with a Bachelor’s degree in a related field.
• Core Skills: Deep expertise in SOC 2 and HIPAA frameworks within a Cloud-based SaaS environment.
• Technical Knowledge: Familiarity with PHI handling, GRC platforms, and compliance automation.
• Soft Skills: Strong ability to translate complex compliance requirements into clear actions for engineering teams.

Preferred: CISA/CISSP certifications; experience with NIST, HiTrust, Docker/Kubernetes, and DevSecOps.

This is a 12-months contract, therefore not all listed benefits will be applicable.

How we work

We’re a mission-led, product-driven team. We move fast, stay focused and take ownership – from brief to build to impact. Debate is encouraged. Decisions are shared. We care about craft, ship with purpose, and always raise the bar.

You’ll be working with people who take their work seriously, not themselves. It takes commitment, resilience, and the drive to keep going when things get tough. Because better health outcomes are worth it.

What you'll get

We support impact with meaningful reward. Here’s what that looks like:

• Competitive salary and annual reviews
• Opportunity to participate in Flo’s performance incentive scheme
• Paid holiday, sick leave, and female health leave
• Enhanced parental leave and pay for maternity, paternity, same-sex and adoptive parents
• Accelerated professional growth through world-changing work and learning support
• In-person collaboration and work in a hybrid model, with 3 days per week spent in the office
• 5-week fully paid sabbatical at 5-year Floversary
• Flo Premium for friends & family, plus more health, pension and wellbeing perks

Diversity, equity and inclusion

Our strength is in our differences. At Flo, hiring is based on merit, skill and what you bring to the role – nothing else. We’re proud to be an equal opportunity employer, and we welcome applicants from all backgrounds, communities and identities. Read our privacy notice for job applicants.

Create a Job Alert

Interested in building your career at Flo Health? Get future opportunities sent straight to your email.

Apply for this job

* indicates a required field

LinkedIn Profile

Website

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Flo Health’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Disability Status

Select...

PUBLIC BURDEN STATEMENT:

According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

Submit application

protected by reCAPTCHA

For more information visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs.