Redoxengine is hiring a Director of IT & Security, CISO

Redox is looking for a hands-on Director of IT & Security, CISO to own enterprise security, cloud and application security, and corporate IT. Reporting directly to the CTO, you will be a core member of the technology leadership team, partnering closely with Engineering, Platform, and Operations to embed security and reliability into how Redox builds and runs software.

What You'll Do

• Own end-to-end information security strategy across cloud, application, infrastructure, and corporate environments. Define a pragmatic security roadmap aligned to business risk, regulatory requirements, and engineering velocity.
• Serve as the executive owner for security posture, risk management, and incident response. Act as a trusted advisor to the CTO and executive team on security, risk, and operational tradeoffs.
• Drive a DevSecOps-first operating model, embedding security into CI/CD pipelines, infrastructure as code, and developer workflows.
• Lead threat modeling, secure design reviews, and risk assessments for new platform initiatives. Champion policy-as-code, guardrails, and automation.
• Own security architecture and operations for a primarily AWS-based environment. Lead application security programs, including secure SDLC, dependency scanning, SAST/DAST, penetration testing, and vulnerability management.
• Own identity and access management strategy with Okta as the backbone. Ensure strong detection, alerting, and response across endpoints and cloud workloads.
• Build and run effective security operations, including monitoring, investigation, incident response, and post-incident learning.
• Run tabletop exercises and continuously improve response playbooks. Manage vendor relationships, including CrowdStrike, Flashpoint, RAD, and Okta.
• Own corporate IT strategy and execution, focused on reliability, security, and employee productivity. Lead end-user computing, device management, endpoint security, identity lifecycle management, and access controls.
• Oversee IT systems, including identity, email, collaboration tools, endpoint management, and SaaS access governance. Drive automation and standardization across onboarding, offboarding, access management, and device lifecycle.
• Partner with People Ops, Legal, and Finance on IT processes, audits, and vendor management.
• Own healthcare-related security and compliance programs (e.g., HIPAA, SOC 2). Translate regulatory requirements into practical, engineering-friendly controls.
• Lead third-party risk management and vendor security reviews. Support customer security reviews and serve as an executive point of contact on security matters.
• Build, lead, and mentor a high-performing team spanning security engineering, security operations, and IT.

What We're Looking For

• 10+ years in information security, IT, or related technical leadership roles, including 5+ years of people management, ideally in healthcare technology SaaS.
• Proven experience leading security engineering, security operations, and corporate IT in a cloud-native SaaS environment.
• Direct experience in healthcare or other highly regulated industries.
• Track record of successfully implementing DevSecOps practices.
• Deep hands-on experience securing AWS environments.
• Strong understanding of endpoint security, identity systems, and modern SaaS IT stacks.
• Practical knowledge of tools such as CrowdStrike, Okta, Flashpoint, RAD, and related platforms.
• Strong foundation in application security, cloud security, and infrastructure as code.
• Strong collaborator with engineering, platform, and operations teams.
• Clear, direct communicator who can articulate risk without theatrics.
• Comfortable making tradeoffs and prioritizing based on real-world risk.
• Builder mindset with a bias toward automation and scale.

Nice to Have

• Proven experience securing autonomous agentic loops and tool-calling frameworks. Deep understanding of Indirect Prompt Injection and designing 'Human-in-the-Loop' guardrails for agent-driven actions.
• Technical expertise in securing the Model Context Protocol (MCP), specifically regarding context isolation, sandboxing, and identity propagation between LLMs and private data sources.
• Direct experience migrating security programs to Vanta or similar automated GRC platforms. Ability to architect 'continuous compliance' by integrating cloud, identity, and developer tools for automated evidence collection.
• Hands-on application of the NIST AI RMF, OWASP Top 10 for LLMs, etc within a production environment.

Technical Stack

• Crowdstrike
• AWS
• Okta
• Vanta

Team & Environment

You will be a core member of the technology leadership team and report directly to the CTO.

Benefits & Compensation

• Compensation: $224,000 - $260,000 per year + Stock Options
• 100% remote first culture (must be based in the US)
• Unlimited Flexible Time Off
• 15+ Observed Holidays
• Rest & R^Charge days (guaranteed a 3-day weekend each month)
• R^Charge (6 weeks paid sabbatical + stipend)
• 401k match 50% for up to 8% on Day 1
• Medical/Dental/Vision Benefits on Day 1
• HSA & FSA, Life, Disability, Medical Travel & Employee Assistance Program
• Paid Parental Leave (16 weeks)
• Productivity Stipend & Wellness Fund
• Redox Issued MacBook
• Virtual and/or in-person Team & Company Events
• Stock Options
• Employee Referral Bonus Program

Work Mode

This position operates in a 100% remote first culture and is open to candidates based anywhere in the United States.

Redox is an EEO company. We fully support the diversity of our team.