Customized fertility benefits for the modern company
Carrot is reinventing what fertility coverage means, who has it, and how they access it. Our mission: fertility care for all. Carrot makes it easy and affordable for any company to implement a world-class fertility program for employees - regardless of age, sex, sexual orientation, gender identity or marital status. Carrot supports all valid fertility care from basic fertility testing to more complex treatments like fertility preservation, in-vitro fertilization (IVF), adoption, and surrogacy. Companies love Carrot because it’s simple, predictable and helps improve health outcomes. Members get a personalized product experience that meets them wherever they are, and moves them through each achievement with less time and stress.
As our first Information Security Engineer, you will be responsible for all security efforts at Carrot. You will have the opportunity to take a solid organizational foundation (we recently completed our first SOC 2 Type II and HIPAA audits) and run with it. You will define and prioritize high level objectives and initiatives as well as execute on them both technically and operationally. This includes ensuring that Carrot is meeting security commitments to our customers by implementing industry-standard security and compliance frameworks. This is a chance to make an incredible impact, as you’ll be responsible for protecting the highly-sensitive fertility journey and benefit information of our members.
- You are passionate and excited about security.
- You are able to understand and implement the technical aspects of security (e.g. cryptography, cloud security, single sign-on / SAML).
- You thrive in ambiguous situations and can drive efforts with minimal guidance.
- You are able to zoom out and make decisions holistically.
- You have strong opinions based on experience but are able to tailor your recommendations to fit the needs and environment of the business.
- You are great at prioritizing efforts, accounting not only for security risk but also business risk and estimated effort.
- You are able to break down high-level objectives into smaller milestones and efforts.
- You are able to communicate and collaborate with other teams and stakeholders to ensure everyone is informed and working together effectively.
- You are a top-tier verbal and written communicator, and habitually create documentation to effectively disseminate information.
- You take pride in our mission: fertility care for all.
- Own Carrot’s security roadmap by identifying, prioritizing, and leading new initiatives
- Be the security point person during the sales process, resolving customer requests and completing security questionnaires in as timely a manner as possible
- Run project management for implementing and maintaining security and compliance frameworks (e.g. SOC 2, HIPAA, GDPR, CCPA)
- Organize, implement, and run internal and external security audits and reviews
- Oversee the maintenance and continual improvement of Carrot’s security policies and procedures
- Collaborate with the Engineering team to implement secure processes and tooling for our applications and infrastructure
- Collaborate with IT to technically implement and configure our vendors and network infrastructure to meet our security needs
- Collaborate with teams such as Legal, Sales, and Customer Success to ensure we are meeting customer obligations and regulatory requirements
- Run our vendor management process by assessing new and existing vendors for security and compliance
- Run risk assessments and follow up on key findings to reduce risk in the Carrot organization
- Provide input and expertise to security-related marketing materials (security page of the website, blog posts, etc.)
- Experience owning and managing a security roadmap
- Experience owning the security review phase of the sales process
- Proven ability to communicate and work with customers as well as internal stakeholders
- Experience with security and compliance frameworks (e.g. SOC 2, HIPAA, GDPR, CCPA)
- Experience building and maintaining security policies and procedures for a company
- Experience with technical aspects of security (e.g. cryptography, cloud security, single sign-on / SAML)
- Experience configuring and managing cloud platforms (e.g. Azure, AWS)
- Experience running security risk assessments and mitigation
- Experience identifying and mitigating cloud security vulnerabilities
- Bachelor's degree in computer science, engineering, or equivalent work experience and 3+ years of security experience
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, or disability status.
Carrot at a glance
Carrot focuses on B2B, Employer Benefits Programs, Fertility, and Digital Health. Their company has offices in San Francisco. They have a small team that's between 11-50 employees.
You can view their website at https://carrotfertility.com