We’re a payments processing company partnering with health and wellness enterprises that rely on us to handle sensitive payment and health data. Security is at the core of everything we do. We require, and customers expect, SOC2 Type II compliance and rigorous security programs —this role formalizes the security programs we’ve started and will help build a best-in-class security foundation.
This is your chance to shape security at a fast-growing startup from the ground up. If you thrive in autonomous environments, love building programs from scratch, and want to own security initiatives directly impacting revenue, this role is for you.
What You’ll DoLead SOC2 Type II Compliance – Own the end-to-end process, including risk assessments, audits, and evidence collection.
Governance, Risk, and Compliance (GRC) – Respond to customer security questionnaires and build scalable processes to streamline responses.
Security Tooling & Implementation – Drive adoption of MDMs, virus scanners, and vulnerability management across our full stack.
Incident Response & Risk Mitigation – Develop security monitoring, respond to incidents, and proactively harden our systems before issues arise.
Cross-Team Collaboration – Work directly with engineering, sales, and customer success teams
Support Security in IT - Manage and enforce that company owned devices are provisioned and secure. Ensure permissions and access are granted when appropriate
5+ years of experience in security engineering, compliance, or security operations.
Hands-on experience with SOC2 Type II audits—either leading them or playing a significant role.
Strong background in vulnerability management, endpoint security, and secure software development practices.
Familiarity with MDMs, antivirus tools, SIEMs, and web security best practices.
Experience working with GRC teams and responding to enterprise security questionnaires.
Ability to work autonomously and drive initiatives without excessive oversight.
Scrappy attitude and a willingness to do the dirty work to make a successful startup
Bonus: Experience in payments, fintech, or healthcare security.
🚀 Get in on the ground floor – Build security at a company that prioritizes it from day one.
🔑 High autonomy – Own security initiatives and define how security is done at scale.
📈 Growth opportunities – Be the first dedicated security hire with the potential to grow into a leadership role.
💡 Work on impactful problems – Protect sensitive payment and health data while helping close high-value enterprise deals.
🌎 Remote-friendly – Work from anywhere in the US while collaborating with top-tier engineers.
If you're passionate about security and want to shape the future of security at a growing startup, we’d love to hear from you!
Top Skills
What We Do
TrueMed is a payments tool (think PayPal for HSA/FSA) that allows health + wellness brands to accept HSA/FSA funds.
We are partnering with leading health and wellness brands such as CrossFit, Magic Mind, and DB Method to drive increased AOV (30%+ for many leading merchants), retention (40% increase in month 2 retention) and LTV.
Our implementations are simple (official Shopify payments app/code snippets) and take less than 30 minutes to install with no engineering on the merchant's side.
Our goal is to unlock the $150B in HSA/FSA funds for wellness brands, and make it easy for customers to spend tax-free dollars on their health. We developed this company in close connection with the White House point person on HSA/FSA policy, key members of Congress and metabolic health leaders such as Dr. Mark Hyman.
