Vori Health
Who We Are:
Vori Health is an award-winning, nationwide, virtual-first, musculoskeletal medical practice focused on evidence-based care that treats the whole person. Using a unique care model to help patients find the best path forward, Vori Health connects patients to a trained care team that includes a nonoperative physical medicine physician, a health coach navigator, and a physical therapist who manage the initial patient assessment and then work to coordinate all aspects of care. We are on a mission to empower humanity to lead a healthier life.
Reporting to the Chief Technology Officer, you will work closely with other members of the information technology team, as well as cross-functional stakeholders.
As the Director of Security, Privacy, and Compliance, you’ll be responsible for designing, implementing, and optimizing the security and compliance infrastructure that supports our virtual-first clinical care model. You will lead Vori Health’s information protection strategy across patient data, clinical workflows, and vendor ecosystems, ensuring regulatory readiness and operational resilience. This role will lead, operationalize and maintain security controls to protect patient data and maintain SOC2, HIPAA, GDPR and HITRUST compliance. You will lead Vori Health’s information protection strategy across patient data, clinical workflows, and third-party ecosystems, ensuring regulatory readiness, operational resilience, and patient trust.
This position involves strategic decision-making, system implementations, and the adoption and testing of new processes and procedures which improve the security and robustness of Vori Health’s infrastructure and associated IT systems. You will oversee key outside vendors, working to identify and safeguard Vori Health from intrusion, security threats, security weaknesses, software bugs and exploits. You will be responsible for Vori Health’s data, systems, patients, customer, and user security.
What You’ll Do:
Security & Compliance Leadership
Lead the development and execution of security and privacy programs that ensure HIPAA, HITECH, NIST, GDPR, SOC2, HITRUST, and emerging frameworks (e.g., CCPA/CPRA, 21st Century Cures Act) compliance.
Develop, implement, and maintain security policies, procedures, and governance documentation.
Serve as the primary point of contact for all internal and external audits, including regulatory and client assessments.
Conduct risk assessments, security audits and penetration tests to identify vulnerabilities and develop remediation plans
Privacy Management
Act as liaison with legal and clinical leadership for interpretation and application of data privacy requirements.
Third-Party Risk & Vendor Security
Own vendor security assessments, third-party due diligence, and contract negotiation support.
Maintain a centralized vendor risk registry and monitor compliance on an ongoing basis.
Secure Architecture & Development Practices
Collaborate with engineering teams to ensure adoption of secure development practices (DevSecOps).
Leverage frameworks such as NIST, OWASP, and ISO for secure coding, CI/CD pipelines, and system design.
Risk Management & Incident Response
Conduct regular risk assessments, vulnerability scans, penetration tests, and threat modeling.
Develop and lead security incident response processes, including forensic investigations and breach communications.
Training & Enablement
Develop and deliver ongoing employee security and privacy training programs.
Promote a security-first culture across clinical, product, and operational teams.
Customer & Partner Engagement
Support the completion of RFPs, due diligence requests, and customer security questionnaires.
Participate in customer and partner meetings to articulate our security and compliance posture.
Build and maintain relationships with regulatory bodies, auditors, and other stakeholders to ensure compliance with relevant regulations and standards
Strategy, Reporting & Budgeting
Provide security KPIs, dashboards, and executive briefings to leadership.
Manage security budget, forecast technology investments, and evaluate tooling options.
Supervisory Responsibilities
Manage relationships and expectations with third-party vendors, MSSPs, and contractors.
Lead cross-functional teams as needed for enterprise-wide security initiatives.
Perform other projects and duties as assigned
Who You Are:
Required:
7+ years of experience in information security and compliance, preferably in healthcare or digital health
Deep understanding of HIPAA, HITECH, SOC2, HITRUST, CCPA, and security frameworks (NIST, ISO, OWASP)
Experience in privacy program management and incident response
Strong familiarity with AWS security best practices
Expertise in risk management, security assessments, and audit readiness
Proven ability to lead cross-functional security programs in high-growth environments
Strong communication and interpersonal skills
Practical experience with AWS, Windows, MacOS, and Linux
Excellent time management and organizational abilities with attention to detail
Strong analytical and problem solving skills
Experience in High growth regulated environments
Work authorization/security clearance requirements:
Authorized or able to provide required documents to work in United States.
Physical Requirements/Work Environment:
Remote work environment.
While performing the duties of this job, the employee may be regularly required to stand, sit, talk, hear, reach, stoop, kneel, and use hands and fingers to operate a computer, telephone, and keyboard.
Specific vision abilities required by this job include close vision requirements due to computer work.
High-speed internet access with excellent bandwidth
Workspace that ensures patient privacy in virtual environment, both visual and auditory
Company Benefits
At Vori Health, we believe in fostering a supportive and rewarding work environment for our team members. We offer a comprehensive benefits package designed to support your overall well-being, growth, and work-life balance:
We’re committed to creating a workplace where you can grow, succeed, and achieve your best. Come join our team and enjoy the benefits of a company that values its team members we call Vorriors!
EEO Statement:
Vori Health is an Equal Opportunity Employer. We are committed to a work environment that supports, inspires and respects all individuals without discrimination on the basis of race, color, religion, sex, sexual orientation, gender identity, marital status, age, disability, national or ethnic origin, military service status, citizenship or other protected characteristics.