Director of Security & IT
Listed on 2026-06-21
-
IT/Tech
Cybersecurity, Information Security, Data Security, IT Support
Founded in 2019, Nayya is on a mission to connect people’s most important information, so they can thrive in their health and wealth. Powered by AI and advanced analytics, Nayya’s platform transforms complex benefits experiences into intuitive, seamless, and ongoing interactions—meeting people's real world needs. As a trusted platform and partner to leading employers, benefits solutions, and HR tech providers, Nayya unlocks long-term value through helping employees live more resilient lives.
Backed by strategic investors like ICONIQ, Felicis Ventures, Semper Virens, Workday Ventures, Met Life Nextgen Ventures, and ADP Ventures, Nayya is ushering in the future of health and wealth for all.
Summary:
We are seeking a Director of Security & IT to lead Nayya's security strategy, compliance programs, and IT operations. This role will serve as the single point of accountability for protecting sensitive health and financial data, maintaining regulatory compliance, and ensuring the reliability and security of internal technology systems.
Nayya is a benefits intelligence platform serving approximately 5 million employees. Our AI-powered platform delivers personalized guidance grounded in real plan data and claims history. The security and compliance requirements of this environment are significant: we handle Protected Health Information (PHI) at scale and operate under HIPAA, SOC 2, and other regulatory frameworks.
This role reports to the Chief Product & AI Officer. The Director of Security & IT will partner closely with Engineering on infrastructure security while maintaining independent ownership of the security program, compliance posture, and IT operations.
Key ResponsibilitiesSecurity Program Leadership
- Lead the design, implementation, and continuous improvement of a comprehensive security program spanning application security, infrastructure security, data protection, and incident response.
- Implement and manage vulnerability assessments, penetration testing, and security audits to identify and mitigate risks across IT infrastructure and systems.
- Develop and maintain security policies, procedures, and controls aligned to SOC 2 Type II and HIPAA Security Rule requirements.
- Coordinate response to security incidents, including root cause analysis, containment, remediation, and legal reporting requirements.
- Own identity and access management (IAM) strategy, ensuring least-privilege access controls across production systems, cloud environments, and internal tools.
- Implement encryption, access control, audit logging, and other technical safeguards to meet HIPAA security requirements for data at rest, in transit, and during processing.
- Own SOC 2 Type II compliance initiatives, including audit preparation, controls documentation, evidence collection, and remediation of findings.
- Ensure compliance with HIPAA Privacy and Security Rules across Nayya's handling of PHI, including technical safeguards and organizational policies.
- Develop and maintain a risk management framework that identifies, evaluates, and prioritizes security and compliance risks, ensuring alignment with applicable regulations.
- Conduct regular risk assessments and vulnerability scans to proactively address potential compliance gaps.
- Prepare for and manage regulatory audits, customer security assessments, and external inspections related to data security and privacy.
- Stay current on emerging trends in healthcare data privacy regulations (HIPAA, HITECH, state-level requirements) and assess their impact on company policies and procedures.
- Oversee day-to-day IT operations, ensuring all systems, networks, and applications function effectively and securely with minimal downtime.
- Lead the internal IT help desk function, ensuring timely resolution of technical issues with clear escalation protocols and service level agreements (SLAs).
- Monitor help desk performance metrics and implement improvements based on organizational needs.
- Manage IT asset lifecycle, including procurement, tracking, maintenance, and compliance with company policies.
- Ensure effective onboarding and offboarding processes for IT…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).