Director of Security Engineering and Operations at Aeroflow Health

Aeroflow Health – Director of Cybersecurity

Aeroflow Health is made up of creative and talented associates who are transforming the home medical equipment industry. Our patient-centric business model is founded on innovation through technology and cutting-edge delivery platforms. We have grown to be a leader in the home medical equipment segment of the healthcare industry, are among the fastest-growing healthcare companies in the country and recognized on Inc. 5000’s list of fastest-growing companies in the U.S. As Aeroflow has grown, our needs to curate an amazing employee environment and experience have grown as well. We’re working hard to ensure that Aeroflow remains a premier employer in Western North Carolina, thus bettering the everyday lives of the employees that work so hard to service our patients.

The Opportunity

We are seeking an experienced and highly capable Director of Cybersecurity to lead all aspects of our security program—technical, operational, and strategic. This leader will take ownership of an established security roadmap and drive execution across the organization to ensure Aeroflow Health is protected from internal and external threats.

This role is ideal for a hands-on, highly technical security leader who can roll up their sleeves, guide engineers, implement tools and processes, and build strong partnerships across Engineering, IT, Compliance, Legal, Shared Services, and Executive leadership. The Director will oversee a small but highly skilled security team, including Security Engineering, Security Operations, and IT Risk & Compliance, while maintaining direct involvement in core security projects and incident response.

This is a high-visibility, business-critical role responsible for safeguarding the organization, maturing our security posture, and ensuring we remain compliant, resilient, and ahead of emerging threats.

Your Primary Responsibilities

We are currently seeking a Director of Cybersecurity to:

• Own and execute the enterprise security roadmap—ensuring planned initiatives are delivered, measured, and continuously improved.
• Provide strong, clear leadership to the Security Engineering and Security Compliance functions.
• Serve as the primary point of accountability for organizational security posture, reporting to senior leadership and key stakeholders.
• Develop, document, and enforce security policies, procedures, standards, and best practices.
• Actively participate in daily security engineering tasks, including tool implementation, security monitoring, incident investigation, and vulnerability management.
• Lead the architecture, deployment, and optimization of security technologies (SIEM, EDR, IAM, DLP, cloud security tools, network security solutions, etc.).
• Oversee access management strategy and operations, ensuring strong identity, authorization, and least-privilege controls across all systems and environments.
• Partner with Engineering to secure systems, applications, and infrastructure.
• Oversee periodic penetration tests, threat modeling exercises, incident simulations, and red/blue team activities.
• Manage and mature third-party security risk practices, including vendor security reviews, ongoing monitoring, and contractual security requirements.
• Ensure regulatory and audit compliance (HIPAA, SOC2, HITRUST, and other healthcare/security frameworks).
• Partner with Legal and Compliance teams to ensure security programs, tools, and practices meet contractual, regulatory, and industry expectations.
• Maintain documentation for compliance requirements and support internal and external audit efforts.
• Serve as a trusted advisor to leadership and technical teams regarding risk, architecture, and security-by-design.
• Drive companywide education, awareness, and accountability to embed security into every function.
• Manage and grow a high-performing security team, including a Security Engineer and a Security Compliance Specialist.
• Set clear expectations, provide coaching, and empower team members to execute and grow into subject-matter experts.
• Foster a collaborative and transparent culture centered on accountability, communication, and continuous improvement.
• Compliance is a condition of employment and is considered an element of job performance
• Maintain HIPAA/patient confidentiality
• Other job duties assigned
  
  

Key Factors for Success

• A secure, compliant, and resilient environment—and clear visibility into risks.
• A proactive, structured, and well-governed security program.
• Strong execution against the roadmap with measurable progress.
• Leaders across the company view you as a trusted partner and advisor.
• A high-performing security team that is supported, empowered, and aligned.
• A meaningful reduction in risk, increased preparedness, and a culture in which “security is everyone’s responsibility”
  
  

Required Qualifications

• 10+ years of progressive security experience, including hands-on technical security work and leadership responsibilities.
• Proven ability to lead security functions in a fast-moving, high-growth environment—preferably healthcare, SaaS, or regulated industries.
• Deep technical expertise in security engineering, cloud security (Azure/AWS), identity and access management (IAM), endpoint protection, network security, and modern DevSecOps practices.
• Experience leading incident response, vulnerability management, and risk mitigation efforts.
• Demonstrated experience assessing and managing third-party security risks and vendor access.
• Strong communication skills—able to translate complex technical concepts to leadership and non-technical teams.
• Experience partnering with cross-functional teams including Legal, Compliance, Engineering, and executive leadership.
• Must be onsite in Asheville, NC or willing to relocate (relocation support available for the right candidate).
  
  

You might also have

• Experience in HIPAA, SOC2, HITRUST, or other compliance-heavy environments.
• Prior experience scaling a security function or building programs from the ground up.
• Relevant certifications (CISSP, CISM, CCSP, etc.).
  
  

What Aeroflow Offers

Competitive Pay, Health Plans with FSA or HSA options, Dental, and Vision Insurance, Optional Life Insurance, 401K with Company Match, 12 weeks of parental leave for birthing parent/ 4 weeks leave for non-birthing parent(s), Additional Parental benefits to include fertility stipends, free diapers, breast pump, Paid Holidays, PTO Accrual from day one, Employee Assistance Programs and SO MUCH MORE!!

Here at Aeroflow, we are proud of our commitment to all of our employees. Aeroflow Health has been recognized both locally and nationally for the following achievements:

• Family Forward Certified
• Great Place to Work Certified
• 5000 Best Place to Work award winner
• HME Excellence Award
• Sky High Growth Award
  
  

If you’ve been looking for an opportunity that will allow you to make an impact, and an organization with unlimited growth potential, we want to hear from you!

Aeroflow Health is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.