onsite

Security and Compliance Lead - AI Agents Healthcare - 100ms

Software Engineer

Lead security and compliance for an AI-driven healthcare automation platform, ensuring HIPAA compliance, secure data storage, and robust security operations while managing LLM-based agent infrastructure.

About the role

About 100ms

100ms is building AI agents that automate complex patient access workflows in U.S. healthcare—starting with benefits verification, prior authorisation, referral intake, appointment scheduling, and patient intake. We help care teams reduce delays and administrative burden so that patients can start treatment faster.

Our automation platform combines deep healthcare domain knowledge with LLM-based agents and robust ops infrastructure.

We are fully HIPAA-compliant with secure, U.S.-based data storage, and we serve hospitals, health systems, payers, and specialty pharmacies across the country.

The Role

We’re looking for a Lead, Compliance & Security to own and operationalise 100ms’s entire security posture, regulatory compliance programmes, and privacy framework. Reporting to the CTO (or CEO), you will be the single-threaded owner of HIPAA compliance, SOC 2 certification, and enterprise security—building policies, tooling, and a culture of security from scratch.
This is a foundational, high-impact role. You’ll work cross-functionally with Engineering, Product, Legal, and Customer Success to make security a competitive advantage with U.S. healthcare enterprise customers.

What you’ll do

Regulatory Compliance & Privacy
Design, implement, and maintain a comprehensive HIPAA compliance programme covering the Privacy Rule, Security Rule, and Breach Notification Rule.
Serve as the designated Privacy Officer and/or Security Officer for the organisation.
Develop and enforce Business Associate Agreements (BAAs) with all vendors and partners handling PHI.
Conduct periodic Security Risk Assessments (SRA) and maintain a risk register with clear remediation timelines.
Monitor evolving U.S. healthcare regulations (HITECH, state privacy laws, CMS interoperability rules, 21st Century Cures Act) and update policies accordingly.
Lead external audit readiness for SOC 2 Type II, HITRUST CSF, and customer-required security assessments.
Security Architecture & Engineering
Define and enforce 100ms’s security architecture across cloud infrastructure (AWS / GCP / Azure), application layer, AI agent pipelines, and U.S.-based data storage.
Implement IAM policies, encryption standards (at rest and in transit), and network segmentation controls.
Own vulnerability management: scanning, triage, SLA-driven patching, and penetration testing schedules.
Establish and manage a Security Incident Response Plan (SIRP), including tabletop exercises and on-call rotation.
Evaluate and deploy security tooling (SIEM, EDR, DLP, CSPM) appropriate for a startup—balancing rigour with speed.
Ensure security of LLM-based agent workflows, including prompt injection defences, data leakage prevention, and PHI handling in AI pipelines.
Governance, Risk & Trust
Build 100ms’s s

About the role

About 100ms

Our automation platform combines deep healthcare domain knowledge with LLM-based agents and robust ops infrastructure.

We are fully HIPAA-compliant with secure, U.S.-based data storage, and we serve hospitals, health systems, payers, and specialty pharmacies across the country.

The Role

We’re looking for a Lead, Compliance & Security to own and operationalise 100ms’s entire security posture, regulatory compliance programmes, and privacy framework. Reporting to the CTO (or CEO), you will be the single-threaded owner of HIPAA compliance, SOC 2 certification, and enterprise security—building policies, tooling, and a culture of security from scratch.
This is a foundational, high-impact role. You’ll work cross-functionally with Engineering, Product, Legal, and Customer Success to make security a competitive advantage with U.S. healthcare enterprise customers.

What you’ll do

Regulatory Compliance & Privacy
Design, implement, and maintain a comprehensive HIPAA compliance programme covering the Privacy Rule, Security Rule, and Breach Notification Rule.
Serve as the designated Privacy Officer and/or Security Officer for the organisation.
Develop and enforce Business Associate Agreements (BAAs) with all vendors and partners handling PHI.
Conduct periodic Security Risk Assessments (SRA) and maintain a risk register with clear remediation timelines.
Monitor evolving U.S. healthcare regulations (HITECH, state privacy laws, CMS interoperability rules, 21st Century Cures Act) and update policies accordingly.
Lead external audit readiness for SOC 2 Type II, HITRUST CSF, and customer-required security assessments.
Security Architecture & Engineering
Define and enforce 100ms’s security architecture across cloud infrastructure (AWS / GCP / Azure), application layer, AI agent pipelines, and U.S.-based data storage.
Implement IAM policies, encryption standards (at rest and in transit), and network segmentation controls.
Own vulnerability management: scanning, triage, SLA-driven patching, and penetration testing schedules.
Establish and manage a Security Incident Response Plan (SIRP), including tabletop exercises and on-call rotation.
Evaluate and deploy security tooling (SIEM, EDR, DLP, CSPM) appropriate for a startup—balancing rigour with speed.
Ensure security of LLM-based agent workflows, including prompt injection defences, data leakage prevention, and PHI handling in AI pipelines.
Governance, Risk & Trust
Build 100ms’s s

Security and Compliance Lead - AI Agents Healthcare - 100ms

About the role

Security and Compliance Lead - AI Agents Healthcare - 100ms

About the role

Skills