Lead Security Specialist (HIPAA)
Posted on December 10, 2025 (about 2 hours ago)
Lead Security Specialist (HIPAA)
Flo is the world’s #1 health & fitness app worldwide on a mission to build a better future for female health. Backed by a $200M investment led by General Atlantic, it became the first product of its kind to reach a $1B valuation in 2024. With 6M paid subscribers and the highest-rated experience in the App Store’s health category, Flo has spent 10 years earning trust at scale, building the next generation of digital health that is AI-powered, privacy-first, and clinically backed to help users know their body better.
The Job
As a key member of Flo’s Security Architecture team, the Lead Security Specialist will lead the design and operation of US Healthcare security controls. The role owns the roadmap for HIPAA compliance and SOC2 Type II certification, partnering with Engineering and Legal to build a secure, compliant platform for millions of users.
Key Responsibilities
- Lead annual SOC 2 and HIPAA certifications, managing interfaces with external auditors and professional services.
- Define and maintain security policies; embed risk assessment activities within engineering processes and vendor management.
- Partner with control owners to automate evidence gathering and ensure controls reduce friction rather than creating it.
- Serve as the primary Security POC for US regulators and partners; support the wider Security team with ISO 27001/27701 alignment.
- Manage and integrate GRC platforms to streamline compliance monitoring and reporting.
Qualifications
- 7+ years in security/compliance (3+ in leadership), with a Bachelor’s degree in a related field.
- Deep expertise in SOC 2 and HIPAA frameworks within a Cloud-based SaaS environment.
- Familiarity with PHI handling, GRC platforms, and compliance automation.
- Strong ability to translate complex compliance requirements into clear actions for engineering teams.
Preferred: CISA/CISSP certifications; experience with NIST, HiTrust, Docker/Kubernetes, and DevSecOps.
How We Work
Flo is a mission-led, product-driven team that moves fast, stays focused, and takes ownership. They encourage debate, share decisions, care about craft, and ship with purpose. The team values commitment, resilience, and drive for better health outcomes.
What You'll Get
- Competitive salary and annual reviews
- Opportunity to participate in Flo’s performance incentive scheme
- Paid holiday, sick leave, and female health leave
- Enhanced parental leave and pay for maternity, paternity, same-sex and adoptive parents
- Accelerated professional growth through world-changing work and learning support
- Flexible office + home working, up to 2 months a year working abroad
- 5-week fully paid sabbatical at 5-year Floversary
- Flo Premium for friends & family, plus more health, pension and wellbeing perks
Diversity, Equity and Inclusion
Flo hires based on merit, skill, and what the candidate brings to the role. They are an equal opportunity employer and welcome applicants from all backgrounds, communities, and identities. The privacy notice for job applicants is available at https://flo.health/privacy-policy-for-job-applicants.
How to Apply
To apply for the Lead Security Specialist (HIPAA) position at Flo, candidates can use the application form available on the job posting page at Greenhouse. The form requires personal details including name, email, phone, location, resume/CV, and optionally a cover letter and LinkedIn profile. Candidates need to confirm eligibility to work in the UK, willingness to travel to the office twice a week, salary expectations, and consent to be contacted about future job opportunities. Applicants must also review the privacy notice for job applicants provided by Flo.