We Love AI JobsWe Love AI JobsHave companies apply to you
Back to jobs

Fractional CISO / CSO (Remote)

Braintrust
United States
Part-time
AI tools:
Claude
Applications go directly to the hiring team

Full Description

Handl Health is a post-Series A healthcare technology company building AI-powered care navigation and cost estimation products. We handle PHI and operate under HIPAA, and we’re scaling fast — which means our security and compliance posture needs to scale with us.

We’re looking for a fractional CSO to take full ownership of our security program. Today, security is carried by our Head of Engineering alongside everything else. We need a dedicated leader who can establish the frameworks, policies, and operational practices that let us move fast without accumulating risk.

This is a hands-on leadership role, not an advisory engagement. You’ll own outcomes, not just recommendations.

* Please note:

* This is a fractional / part-time role expected for up to 20-hours per week for an initial 6-month contract

* We are moving quickly on this search. Selected applicants should be available to interview promptly and, if selected, onboard quickly.

What You’ll Do

* Own the end-to-end security posture including HIPAA compliance, SOC 2, and vendor risk management

* Conduct a security assessment of our current infrastructure (AWS, S3 data lake, AI integrations) and build a prioritized remediation roadmap

* Establish and maintain security policies, incident response procedures, and access control frameworks

* Evaluate and manage risk across our AI toolchain including Claude Enterprise, MCP integrations, and third-party connectors (Slack, Gmail, Google Drive)

* Own DLP strategy for our data lake, including PHI quarantine architecture and access controls

* Manage our JAMF instance and endpoint security across the organization

* Lead security reviews for new product features and AI capabilities before they ship

* Interface with customers and partners on security questionnaires, audits, and compliance requirements

* Build the security culture — training, awareness, and lightweight processes that engineers actually follow

What You Bring

* 10+ years in information security with at least 3 years in a CISO or senior security leadership role

* Deep HIPAA experience — you’ve built or led compliance programs for companies handling PHI

* Hands-on knowledge of AWS security (IAM, S3 policies, Lake Formation, CloudTrail, GuardDuty)

* Hands-on experience securing AI/ML systems — you’ve evaluated prompt injection, data exfiltration, model safety, and supply chain risks in LLM-based architectures and can build policy around them

* Track record of building security programs at startups or growth-stage companies, not just maintaining them at large enterprises

* Comfortable operating as a fractional executive — you know how to prioritize ruthlessly and drive outcomes with limited hours

Nice to Have

* SOC 2 Type II audit experience

* Familiarity with healthcare payer or TPA ecosystems

* Background in securing API products and B2B data integrations

Why Handl Health

* High-impact role where your work directly protects patients’ data and enables the company to scale confidently

* Work alongside a technical leadership team that understands security and won’t fight you on doing the right thing

* Post-Series A company with the resources to invest in security properly

* Flexible fractional engagement designed to respect your time and maximize your impact

Applications go to the hiring team directly