IT Security & Compliance Lead
VIA HealthTech
Job Description
<p>VIA HealthTech automates psychotherapy documentation — from session notes to psychological reports — so therapists spend less time on admin and more time with patients.</p>
<p>We work at the intersection of mental healthcare, AI, and software. Security is central to what we build: we process highly sensitive data and already hold C5 and ISO27001 certification.</p>
<h2>Tasks</h2>
<p>We are looking for a hands-on IT Security & Compliance Lead to own security and compliance end-to-end at VIA.</p>
<p>This is a broad role in a small team. You will not only define policies — you will implement systems, configure tools, improve cloud and product security, run audits, and work directly with engineering to make security a practical part of how we build.</p>
<p>Your goal is to make VIA more secure while helping the team move faster, not slower.</p>
<p><strong>What you’ll do</strong></p>
<ul>
<li>Own internal IT security end-to-end: devices, access management, 2FA, endpoint protection, policies, onboarding and offboarding</li>
<li>Professionalize and operate our internal IT setup</li>
<li>Own IT Compliance (ISO27001 and C5), including audits, evidence management, policies, risk management, corrective actions, auditor communication, and internal training</li>
<li>Improve cloud security across infrastructure, access control, encryption, logging, monitoring, and operational processes</li>
<li>Work closely with engineering on product security across web, desktop, mobile, backend, and AI-related systems</li>
<li>Help embed security into the development lifecycle without creating unnecessary overhead</li>
<li>Coordinate external security work such as penetration tests, security reviews, and vendor assessments where needed</li>
<li>Identify security gaps, prioritize what matters, and implement pragmatic improvements</li>
</ul>
<h2>Requirements</h2>
<p><strong>Required:</strong></p>
<ul>
<li>Strong hands-on experience in IT Security, Information Security, Cloud Security, or a closely related field</li>
<li>Practical experience securing cloud-based software products and internal IT environments</li>
<li>Solid understanding of IAM, endpoint security, device management, encryption, logging, access control, and incident response</li>
<li>Experience with ISO27001 and/or C5, ideally including audit ownership or major audit involvement</li>
<li>Ability to work directly with engineering teams on technical security topics</li>
<li>Strong operational ownership: you see what needs to be done and make it happen</li>
<li>Pragmatic judgment: you know how to raise the security bar without blocking a fast-moving team</li>
<li>Clear communication and comfort working in an async-first startup environment</li>
</ul>
<p><strong>Nice to have:</strong></p>
<ul>
<li>Experience in healthcare, regulated environments, or companies handling highly sensitive data</li>
<li>Experience with application security, secure SDLC, threat modeling, or vulnerability management</li>
<li>Experienc
Skills