Director of Information Security & Compliance

At Eko, we’re dedicated to providing healthcare professionals with industry leading digital tools to hear and understand their patients’ hearts and lungs. With our platform, clinicians can detect cardiopulmonary disease with higher accuracy, diagnose with more confidence, manage treatment effectively, and ultimately give their patients the best care possible.  
With over $165M in funding from partners like 3M and the Mayo Clinic, Eko has become one of the fastest growing digital health companies, doubling our customer base in the last year to over 500,000 clinicians across 4,000 U.S. hospitals. We’ve built a tremendously talented, diverse, and mission driven team and are proud to be certified as a Great Place to Work®. Together we are committed to investing in each other and our mission to ensure all patients have access to high quality care.
We are seeking an experienced “Director of Information Security & Compliance” to join our team. In this role, you will provide strategic leadership and direction in establishing and maintaining a robust information security and regulatory program, ensuring the confidentiality, integrity, and availability of health information and sensitive data.
You will assess and mitigate security risks, protecting the organization from cyber threats and potential breaches that could lead to financial losses, reputational damage, and legal consequences. You will ensure that, as a medical device company, we are in compliance with US and European health information protection laws.

As Director of Information Security & Compliance at Eko, You Will:

• Key Responsibilities
• Contribute to the successful launch and commercialization of digital stethoscopes and software to detect cardiovascular conditions and improve patient care
• Play a critical role in strengthening Eko’s approach to security within our hardware devices, mobile apps, and cloud technology stack
• Security
• Develop and implement the organization's information security strategy, aligning it with business objectives and risk tolerance. Identify and prioritize security initiatives, establish security goals, and create a roadmap for their implementation
• Conduct regular risk assessments to identify and evaluate potential security threats and vulnerabilities. Develop and implement risk mitigation strategies, including security controls, policies, and procedures. Monitor and manage security risks through ongoing assessments and the implementation of appropriate safeguards. Conduct internal vulnerability tests and oversee external penetration tests
• Establish and enforce information security policies, standards, guidelines, and procedures. Ensure that they align with industry best practices and regulatory requirements. Communicate and educate employees on security policies, promoting a culture of security awareness and compliance
• Stay abreast of relevant laws, regulations, and industry standards pertaining to information security. Ensure that the organization's security practices and controls are in compliance with applicable requirements. Liaise with regulatory bodies, auditors, and stakeholders to address compliance issues and maintain regulatory alignment
• Respond to security questions from customers and formal compliance audits
• Compliance
• Ensure compliance with HIPAA and GDPR (including DPO requirements and DPIAs)
• Monitor data handling practices across the organization to ensure adherence to compliance standards
• Stay up-to-date with evolving data privacy laws, regulations, and industry best practices
• Serve as a subject matter expert and advisor on data compliance matters to senior leadership
• Provide training and awareness programs to educate employees on data compliance best practices
• Liaise with regulatory authorities and external auditors to ensure compliance and address inquiries

As Director of Information Security & Compliance at Eko, You Have:

• 8+ years of experience in healthcare/medtech information security and compliance
• Expertise in medical devices, SaMD, SiMD, and global compliance requirements for the same
• Strong familiarity with cloud cybersecurity and SOC 2
• Strong knowledge of data privacy and security regulations such as HIPAA and GDPR
• Excellent communication and collaboration skills

As Director of Information Security & Compliance at Eko,Nice to have:

• Recent experience working at a Series C/D healthcare startup.
• Experience with AWS and cloud architecture

Benefits and Perks We Offer:

• Eko was recognized by “Great Place to Work” in 2020 and 2021
• Paid-time off
• Medical/Dental/Vision, Disability + Life Insurance
• One Medical membership
• Parental Leave
• 401k Matching
• Work from home equipment stipend
• Flexible schedules
• Wellness programs (Wellness Wednesdays, Time off)
• Wellness perks (Headspace, Ginger, Aaptiv, Physera) 
• Learning and Development stipend

Eko is elevating the way clinicians detect and monitor cardiac and respiratory disease by bringing together advanced sensors, patient and provider software, and AI-powered analysis. Its FDA cleared platform is used by tens of thousands of clinicians treating millions of patients around the world, in-person, and through telehealth. The company is headquartered in Oakland, California and privately-held, with investments from ARTIS Ventures, NTT Venture Capital, DigiTx Ventures, Mayo Clinic, Sutter Health and others.  
Eko is proud to be an equal opportunity employer and welcome people of different backgrounds, experiences, abilities and perspectives. We celebrate diversity and are committed to building a diverse and inclusive team.