Symmvia logoSYMMVIA
CareersOpen nowSecurity & Compliance

Security & Compliance Lead

Build the control environment required for real clinic onboarding, HIPAA security, and SOC 2 readiness.

Apply by emailBack to careers

Team

Security & Compliance

Location

US hybrid or remote, depending on qualification

Experience

6+ years building or owning security and compliance programs in real operating environments

About Symmvia

Symmvia is building a high-trust care platform across public web, authenticated web, and a patient mobile app.

The product includes identity, permissions, billing, messaging, booking, provider workflow, and the data infrastructure required to make the system smarter over time.

We care about clear systems. Auditability, access control, operational clarity, and careful product design matter as much as speed.

About the role

This is a first-wave role because Symmvia is building for real clinic relationships from the beginning. The job is to create a control environment that matches how the platform actually works: access, logging, vendor review, policies, incident response, and audit readiness. This role must work directly with engineering and the founder. It is not a paperwork silo and it is not a ceremonial compliance seat.

In this role, you will
  • Own or coordinate the control environment across HIPAA security and SOC 2 readiness workstreams.
  • Lead security risk analysis, access review, vendor review, and incident process design.
  • Partner directly with engineering to make sure controls match actual system behavior.
  • Define evidence collection, policy alignment, and operational security discipline.
  • Help make trust a property of the system, not just a claim on the website.
You might thrive if you
  • You care about real controls, not checkbox theater.
  • You can hold a high bar without slowing engineering into paralysis.
  • You are comfortable translating security requirements into operational practice.
  • Healthcare or healthcare-adjacent platform experience is strongly preferred.
  • Early-stage product experience is a plus.
Required capabilities
  • Direct experience with HIPAA security programs or equivalent regulated security environments.
  • Direct experience building toward or owning SOC 2 readiness or audit processes.
  • Strong understanding of access control, logging, vendor review, and incident management.
  • Ability to work directly with engineering on technical control design.
  • Ability to distinguish useful controls from ceremonial process.
How to apply

Send us one thoughtful email.

If this role fits, email us directly. Include the items below. If something does not apply, say so plainly. We care about signal, not performance.

Apply by emailAsk a question
Submission checklist

Send the required items first. Add optional context only if it helps us understand the fit.

* Required

** Optional

Required

  • Name
  • Email
  • Country
  • Phone
  • PDF of your resume or CV
  • A few bullet points that best evidence exceptional ability
  • Preference for working in person versus remote
  • Earliest date you can start
  • Any deadline or timeline considerations we should know about
  • A short answer to: Why Symmvia?

Optional

  • Voluntary self-identification
  • How to pronounce your name, if applicable
  • LinkedIn profile, GitHub URL, personal website, publications, or Google Scholar profile (if applicable)
  • Cover letter
  • Anything else you would like to share, including a relevant project