Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead the design and operation of US Healthcare security controls for a top health app.
- Company: Join Flo, the world’s #1 health & fitness app focused on female health.
- Benefits: Competitive salary, flexible working, paid sabbaticals, and enhanced parental leave.
- Other info: Dynamic team culture that values commitment, resilience, and professional growth.
- Why this job: Make a real impact on digital health while ensuring compliance and security.
- Qualifications: 7+ years in security/compliance with deep expertise in SOC 2 and HIPAA frameworks.
The predicted salary is between 80000 - 100000 £ per year.
Flo is the world’s #1 health & fitness app worldwide on a mission to build a better future for female health. Backed by a $200M investment led by General Atlantic, it became the first product of its kind to reach a $1B valuation in 2024. With 6M paid subscribers and the highest-rated experience in the App Store’s health category, Flo has spent 10 years earning trust at scale, building the next generation of digital health that is AI-powered, privacy-first, and clinically backed to help users know their body better.
As a key member of Flo’s Security Architecture team, the Lead Security Specialist will lead the design and operation of US Healthcare security controls. The role owns the roadmap for HIPAA compliance and SOC2 Type II certification, partnering with Engineering and Legal to build a secure, compliant platform for millions of users.
Key Responsibilities
- Lead annual SOC 2 and HIPAA certifications, managing interfaces with external auditors and professional services.
- Define and maintain security policies; embed risk assessment activities within engineering processes and vendor management.
- Partner with control owners to automate evidence gathering and ensure controls reduce friction rather than creating it.
- Serve as the primary Security POC for US regulators and partners; support the wider Security team with ISO 27001/27701 alignment.
- Manage and integrate GRC platforms to streamline compliance monitoring and reporting.
Qualifications
- 7+ years in security/compliance (3+ in leadership), with a Bachelor’s degree in a related field.
- Deep expertise in SOC 2 and HIPAA frameworks within a Cloud-based SaaS environment.
- Familiarity with PHI handling, GRC platforms, and compliance automation.
- Strong ability to translate complex compliance requirements into clear actions for engineering teams.
Preferred: CISA/CISSP certifications; experience with NIST, HiTrust, Docker/Kubernetes, and DevSecOps.
How We Work
Flo is a mission-led, product-driven team that moves fast, stays focused, and takes ownership. They encourage debate, share decisions, care about craft, and ship with purpose. The team values commitment, resilience, and drive for better health outcomes.
What You'll Get
- Competitive salary and annual reviews
- Opportunity to participate in Flo’s performance incentive scheme
- Paid holiday, sick leave, and female health leave
- Enhanced parental leave and pay for maternity, paternity, same-sex and adoptive parents
- Accelerated professional growth through world-changing work and learning support
- Flexible office + home working, up to 2 months a year working abroad
- 5-week fully paid sabbatical at 5-year Floversary
- Flo Premium for friends & family, plus more health, pension and wellbeing perks
Diversity, Equity and Inclusion
Flo hires based on merit, skill, and what the candidate brings to the role. They are an equal opportunity employer and welcome applicants from all backgrounds, communities, and identities.
How to Apply
To apply for the Lead Security Specialist (HIPAA) position at Flo, candidates can use the application form available on the job posting page at Greenhouse. The form requires personal details including name, email, phone, location, resume/CV, and optionally a cover letter and LinkedIn profile. Candidates need to confirm eligibility to work in the UK, willingness to travel to the office twice a week, salary expectations, and consent to be contacted about future job opportunities.
Lead Security Specialist (HIPAA) posted about 1 month ago Flo Health London, United Kingdom employer: Digital Health Jobs
Contact Detail:
Digital Health Jobs Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Lead Security Specialist (HIPAA) posted about 1 month ago Flo Health London, United Kingdom
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, especially those already at Flo or similar companies. A friendly chat can open doors and give you insider info that could make your application stand out.
✨Tip Number 2
Prepare for the interview by diving deep into HIPAA and SOC 2 frameworks. We want to see you not just know the theory but also how it applies in real-world scenarios. Bring examples of how you've tackled compliance challenges before!
✨Tip Number 3
Show us your passion for female health and digital security! Research Flo’s mission and values, and be ready to discuss how your experience aligns with their goals. It’s all about connecting your skills to their vision.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen. Plus, it shows you’re serious about joining the team and ready to take that next step in your career.
We think you need these skills to ace Lead Security Specialist (HIPAA) posted about 1 month ago Flo Health London, United Kingdom
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Lead Security Specialist role. Highlight your experience with HIPAA and SOC 2 frameworks, and don’t forget to showcase any leadership roles you've had in security compliance.
Craft a Compelling Cover Letter: If you choose to include a cover letter, use it to tell us why you're passionate about female health and how your skills align with our mission at Flo. Keep it concise but impactful!
Showcase Relevant Experience: In your application, emphasise your experience with cloud-based SaaS environments and any familiarity with GRC platforms. We want to see how you can contribute to our security architecture team.
Apply Through Our Website: Don’t forget to apply through our website! It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it’s super easy to fill out the form!
How to prepare for a job interview at Digital Health Jobs
✨Know Your Compliance Stuff
Make sure you brush up on SOC 2 and HIPAA frameworks before the interview. Be ready to discuss how you've applied these in past roles, especially in a Cloud-based SaaS environment. This will show that you understand the core of what Flo is looking for.
✨Showcase Your Leadership Skills
Since this role requires leadership experience, prepare examples of how you've led teams or projects in security and compliance. Highlight your ability to translate complex requirements into actionable steps for engineering teams, as this is crucial for the position.
✨Understand Flo's Mission
Familiarise yourself with Flo’s mission and values. Being able to articulate how your personal values align with their commitment to female health and privacy-first solutions will set you apart from other candidates.
✨Prepare Questions for Them
Have a few thoughtful questions ready about their security architecture and how they handle compliance challenges. This shows your genuine interest in the role and helps you assess if Flo is the right fit for you.