About Anomaly

Founded in 2020, Anomaly uses AI and healthcare transaction data to decode complex payer behavior and close the knowledge gap between providers and payers. Our AI engine, Smart Response, analyzes hundreds of millions of healthcare encounters in real time to detect shifting payer rules and denial patterns. By continuously adapting to payer logic, it helps providers predict denials, reverse revenue loss, and hold payers accountable.

Our Products and Stack

Anomaly builds a suite of machine learning and analytics products designed to uncover health insurance company payment patterns. Our products include:

• Detect - a web front-end product to surface newly discovered insurance payment patterns and behavior changes utilizing time-series analyses.

• Predict - high-throughput API for machine-learning-powered claim denial prediction with configuration and monitoring live in the web front-end.

• Recover - an analytics-driven product to prioritize denied accounts in order to assist our clients in denial recovery using algorithmic ranking and recommended actions that are fine-tuned towards high-dollar denial reversals.

Overview

We are looking for a Head of Security to own and operate our information security program end-to-end. This role is responsible for maintaining a strong security and compliance posture while enabling rapid product development and growth.

The Head of Security reports to the Chief Technology Officer , who also serves as Chief Information Security Officer and provides executive oversight of security strategy and risk management. This role owns the day-to-day operation of the security program and is the primary driver of security initiatives across the company.

This position is ideal for someone who wants to contribute to the foundation of our security best practices, and wants to grow with this company. As we grow, this role is expected to expand in scope and may evolve into a dedicated CISO position.

Responsibilities

• Own the security program: Define and operate the company’s security program, including policies, controls, risk management, and the ISMS

• Lead compliance and customer trust: Own SOC 2 / HIPAA programs, audits, and all customer-facing security processes (questionnaires, diligence, reviews)

• Design pragmatic security controls: Establish scalable security architecture and guardrails across cloud, data, application systems, and internal IT

• Enable the organization: Embed security into the SDLC and internal workflows, including the controlled adoption of AI agents across all aspects of the business

Qualifications

• Experience owning a security program at a startup or growth-stage company (approximately 20–150 employees)

• Strong working knowledge of SOC 2 and HIPAA environments, including running audits end-to-end and working with security vendors

• Ability to design pragmatic security controls across AWS, application, and internal IT environments (Google Workspace + OSX)

• Demonstrated judgment in balancing security, velocity, and business needs, including customer-facing communication