Avatar for Carrot

Customized fertility benefits for the modern company

InfoSec Engineer

$100k – $150k AngelList Est.
Apply now

About Us

Carrot is reinventing what fertility coverage means, who has it, and how they access it. Our mission: fertility care for all. Carrot makes it easy and affordable for any company to implement a world-class fertility program for employees - regardless of age, sex, sexual orientation, gender identity or marital status. Carrot supports all valid fertility care from basic fertility testing to more complex treatments like fertility preservation, in-vitro fertilization (IVF), adoption, and surrogacy. Companies love Carrot because it’s simple, predictable and helps improve health outcomes. Members get a personalized product experience that meets them wherever they are, and moves them through each achievement with less time and stress.

The Role

As our first Information Security Engineer, you will be responsible for all security efforts at Carrot. You will have the opportunity to take a solid organizational foundation (we recently completed our first SOC 2 Type II and HIPAA audits) and run with it. You will define and prioritize high level objectives and initiatives as well as execute on them both technically and operationally. This includes ensuring that Carrot is meeting security commitments to our customers by implementing industry-standard security and compliance frameworks. This is a chance to make an incredible impact, as you’ll be responsible for protecting the highly-sensitive fertility journey and benefit information of our members.

About You

  • You are passionate and excited about security.
  • You are able to understand and implement the technical aspects of security (e.g. cryptography, cloud security, single sign-on / SAML).
  • You thrive in ambiguous situations and can drive efforts with minimal guidance.
  • You are able to zoom out and make decisions holistically.
  • You have strong opinions based on experience but are able to tailor your recommendations to fit the needs and environment of the business.
  • You are great at prioritizing efforts, accounting not only for security risk but also business risk and estimated effort.
  • You are able to break down high-level objectives into smaller milestones and efforts.
  • You are able to communicate and collaborate with other teams and stakeholders to ensure everyone is informed and working together effectively.
  • You are a top-tier verbal and written communicator, and habitually create documentation to effectively disseminate information.
  • You take pride in our mission: fertility care for all.

You Will

  • Own Carrot’s security roadmap by identifying, prioritizing, and leading new initiatives
  • Be the security point person during the sales process, resolving customer requests and completing security questionnaires in as timely a manner as possible
  • Run project management for implementing and maintaining security and compliance frameworks (e.g. SOC 2, HIPAA, GDPR, CCPA)
  • Organize, implement, and run internal and external security audits and reviews
  • Oversee the maintenance and continual improvement of Carrot’s security policies and procedures
  • Collaborate with the Engineering team to implement secure processes and tooling for our applications and infrastructure
  • Collaborate with IT to technically implement and configure our vendors and network infrastructure to meet our security needs
  • Collaborate with teams such as Legal, Sales, and Customer Success to ensure we are meeting customer obligations and regulatory requirements
  • Run our vendor management process by assessing new and existing vendors for security and compliance
  • Run risk assessments and follow up on key findings to reduce risk in the Carrot organization
  • Provide input and expertise to security-related marketing materials (security page of the website, blog posts, etc.)

Preferred Experience

  • Experience owning and managing a security roadmap
  • Experience owning the security review phase of the sales process
  • Proven ability to communicate and work with customers as well as internal stakeholders
  • Experience with security and compliance frameworks (e.g. SOC 2, HIPAA, GDPR, CCPA)
  • Experience building and maintaining security policies and procedures for a company
  • Experience with technical aspects of security (e.g. cryptography, cloud security, single sign-on / SAML)
  • Experience configuring and managing cloud platforms (e.g. Azure, AWS)
  • Experience running security risk assessments and mitigation
  • Experience identifying and mitigating cloud security vulnerabilities
  • Bachelor's degree in computer science, engineering, or equivalent work experience and 3+ years of security experience

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, or disability status.

Carrot at a glance

Customized fertility benefits for the modern company

Carrot focuses on B2B, Employer Benefits Programs, Fertility, and Digital Health. Their company has offices in San Francisco. They have a small team that's between 11-50 employees.

You can view their website at https://carrotfertility.com

More jobs at Carrot

View all jobs

Product Engineer

Care Navigator

Global Operations Associate

Senior Customer Success Manager

Product Marketing Manager

Senior Business Development Manager, West

Similar jobs to InfoSec Engineer at Carrot

Avatar for CycleSCP
Enabling frequent biking through easy secure bicycle parking
Avatar for Lively
401(k) for healthcare. Invest in Your Health®
Avatar for Publica
Next Generation Connected TV Advertising
Avatar for Winmore
Global Platform to bring Collaboration, Process Management to Logistics companies
Avatar for AMPAworks
AI applications and devices that drive efficiency and cost savings in hospitals
Avatar for AirGarage
We are reimagining the use of parking real estate in cities
Avatar for Kickoff
A remote personal training subscription service powered by ML & a certified trainer in the loop