Security Architect & ISO

Hazel Health

Hazel Health

San Francisco, CA, USA · Remote
Posted on Tuesday, May 16, 2023

About Hazel Health

Hazel Health, the national leader in school-based telehealth, was founded in 2015 to address systemic inequities in healthcare access, and ensure all children can get the quality care they need and deserve. We leverage digital health technology to provide on-demand physical and mental health care services to over 2 million students in school districts across the country.

Physical and mental telehealth has become more relevant in the lives of children than ever before. Hazel is experiencing tremendous company growth as we respond to our nation’s call for equitable, affordable, and safe virtual access to healthcare.

We are a mission-driven team of healthcare and business leaders, educators, and tech innovators, bringing together our unique skills in a meaningful way to do good in the world. Please consider joining us to share your gifts and talents with a growing and diverse organization, working to make healthcare available to all students.

The Role: Security Architect & ISO

Location: Remote

About This Role:

We are seeking a seasoned technologist with experience selecting/designing, integrating, installing, and operationalizing security infrastructure. The ideal candidate is passionate about information security and privacy and uses that drive to help the organization maintain and enhance our security posture and controls. This is a hands-on role that will lead the design and deployment of both process and technical controls to identify misuse of assets, mitigate compromises, ensure appropriate monitoring, respond to client security requests and testing procedures, and to perform security incident handling and troubleshooting.

What You'll Do:

  • Perform an initial discovery and use your findings to build a risk-based roadmap
  • Implement enhancements and close (process and technology) gaps in the existing Information Security Management Program, while continuously re-evaluating and adjusting to meet the ever changing risks and threats
  • Lead the organization through the process of preparing for and operationalizing the necessary policies and procedures in order to successfully complete a 3rd-party audit of an industry standard compliance framework (e.g., SOC2, HITRUST, ISO27001, or similar)
  • Assist with overall corporate maintenance of compliance with the Health Insurance Portability and Accountability Act (HIPAA & HITECH)
  • Design, document, and lead the execution of security policies, processes, and procedures
  • Lead development of security architectures, requirements, and test procedures
  • Complete internal and third-party/vendor security audits, perform security testing, and demonstrate how Hazel leverages state of the art security tools and techniques to protect and secure highly sensitive health information
  • Test and deploy new security technology; Maintain existing technologies; Use data and reports from systems to identify and remediate gaps in security architecture
  • Conduct research and make recommendations on products, services, protocols, and standards in support of infrastructure and application security

Working knowledge of the following systems and concepts:

  • Demonstrated competence with the following practices and concepts:
    • Compliance frameworks - Implementation and management of standard frameworks such as SOC2, HITRUST, ISO27001, CSA CCM, and similar
    • Computer Forensics - Understands basic concepts of the full life-cycle of forensic investigation and analysis
    • Configuration Management - knowledge of the principles and methods for control of changes made to information systems components
    • Encryption - Knowledge of procedures, tools, and applications used to keep data or information secure
    • Network Security - Knowledge of methods, tools, and procedures, to protect the organization’s system boundaries and to prevent information systems vulnerabilities and restore security of information systems / network services
    • Identity Management (IAM) - knowledge is identity and access management architecture, tools, and implementation.
  • Gained proficiency with the following classes of security tools:
    • Vulnerability Risk Management (VRM)
    • Security information / Event management / Log aggregation (SIEM)
    • Intrusion Detection/Prevention System (IDS/IPS) and Firewall tools
    • Endpoint Detection and Response (EDR) / Anti-virus products
    • User Behavior Analytics (UBA)
  • Experience with the following technologies (as it relates to using, deploying, and securing):
    • MacOS (desktop), Linux (server), and Windows (desktop and server)
    • Cisco Meraki network appliances and tools
    • Scripting skills, such as bash, Ruby, Python
    • Distributed source control systems (we use Git)
    • IaaS concepts, such as AWS, Google Cloud, Heroku or Azure


  • Received a Bachelor’s degree in Information Technology, Computer Science, related major OR equivalent on the job experience in the Security field
  • Attained security certifications, such as CISSP, SANS, Security+, OSCP, or equivalents
  • 6+ years experience designing and deploying security policies and technical solutions
  • 3+ years experience managing multiple simultaneous technical/security implementation projects
  • 2+ years working in a Security role within a regulated industry (such as Banking, Aerospace, Healthcare, and Defense)
  • Process oriented, with an understanding of how to design and deploy policies and procedures that end users can adopt and incorporate into their daily operations
  • Acquired a working knowledge of auditing, risk, and threat analysis, contingency planning, and creation / maintenance of security standards
  • Secured highly sensitive data/information while working in a primarily IaaS (such as AWS, GCP, or Azure) and SaaS (such as gSuite or O365) based infrastructure
  • Used data analysis (system telemetry, management consoles, system reports, log output) to identify risks and steer priorities and goals
  • Clear, consistent communication skills: in writing, in discussion, and in code
  • Exhibits ability to comfortably work in time-critical / high-pressure situations and environments, while providing a great customer experience
  • Kept patient safety and security a top priority in your deliverables
  • Continuously sought and embraced opportunities to build upon your skills and knowledge
  • Ability to work independently, as well as in a team environment

Bonus Points For:

  • Experience with automation and configuration version control (e.g., Ansible, Teraform, etc.)
  • Experience with Healthcare delivery organizations (Clinics, private practices, specialists, etc.)
  • Familiarity with DevOps and/or Agile methodologies
  • Experience working in Start-ups and/or Scale-ups

Hazel’s Core Values:

  • Exceptional Partnership: We seek to understand, align, and then work to exceed the highest expectations of those we serve.
  • Always Accountable: We set high standards for ourselves and each other and deliver. We do what we say we are going to do.
  • Make it Happen: Every teammate has the power and responsibility to make our company better. We are collectively imagining and building the product and company of our dreams.
  • One Team: Our success is driven by building relationships and collaborating across teams, geographies and functions. Bringing in diverse perspectives and understanding everyone’s personal story drives to transformative solutions.
  • Never Stop Innovating: We are bold. Our goal is to make transformational change. Sometimes we will fail, and we use it to learn and drive forward.
  • Drive Impact: Everything comes down to the impact Hazel makes on people our families and students, our teammates, our partners, our neighbors, ourselves.

Our Benefits:

This is an exciting position in a fast-paced organization. We offer:

  • Flexible work hours
  • Generous, high-quality medical, dental, and vision coverage
  • 401K with a 100% employer match for contributions up to 4% of salary
  • Flex PTO and 11 paid holidays annually
  • Flexible Spending Account (FSA)
  • Employer-paid short-term and long-term disability and employer-sponsored life insurance
  • Home office setup including a Macbook, iPad (depending on role), and internet and phone reimbursement for remote positions
  • A positive, supportive, and passionate team