Logo for Tonal

Director, IT & Security

Role overview

Qualifications

  • 10+ years in IT and security leadership
  • Hands-on HIPAA compliance implementation experience
  • Proven ability to prioritize with a lean team and limited budget
  • Strong people leadership skills

Responsibilities

  • Own end-to-end IT operations and security program
  • Lead the technical controls side of Tonal's HIPAA compliance program
  • Administer Tonal's SaaS portfolio and manage global physical infrastructure
  • Report regularly to senior leadership and the C-suite

About the company

Tonal logo

Tonal

Health, Sport, Wellness & Fitness

Tonal is the most powerful way to be, look, and feel your strongest. Unlike traditional dumbbells and barbells, Tonal uses advanced digital weight that continually adapts workouts so they’re most effective for you—all led by our expert coaches. No matter if you’re a beginner or an expert, you’ll #BeYourStrongest with Tonal. www.tonal.com/careers All official Tonal career communication will come from a @tonal.com email address. If you are ever uncertain of whether a solicitation is from Tonal or an approved recruiting partner of ours, please reach out to careers@tonal.com.

Company details

Company typeScaleup
IndustryHealth, Sport, Wellness & Fitness
Company size501 - 1000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Overview

Tonal is the world's most intelligent strength training system, combining hardware, software, AI, computer vision, and world-class content to help people build strength and live healthier. Tonal is now expanding into healthcare and clinical applications, connecting strength training technology with providers, employers, and payers to deliver measurable health outcomes — raising the bar for what our IT and security function needs to deliver.

We're looking for a Director of IT & Security to own this function end-to-end. This role carries the highest privileges across our most sensitive systems and direct accountability for IT and security outcomes company-wide. You'll report to the VP of Business Technology and work closely with senior leadership. The ideal candidate has a start-up mentality — comfortable moving fast in a lean, resource-constrained environment, while never losing sight of the security and compliance discipline a healthcare-adjacent company requires.

What You Will Do

  • Own end-to-end IT operations, including device lifecycle, onboarding/offboarding, SaaS administration, identity and access management, help desk, and office infrastructure across all locations.

  • Lead the technical controls side of Tonal's HIPAA compliance program, implementing the safeguards required by the HIPAA Security Rule and HITECH Act — encryption, SIEM, MDM/EDR, and role-based access.

  • Own and execute Tonal's security program: penetration testing remediation, security policy, tabletop exercises, vendor security reviews, and incident response.

  • Govern Tonal's AI tool ecosystem, including licensing, spend, API key governance, corporate AI policy, and DLP and prompt injection protections. Drive AI training and best practices across the organization.

  • Administer Tonal's SaaS portfolio, owning contract renewals, license optimization, and vendor negotiations across critical platforms.

  • Drive automation and identity governance maturity, including Okta Identity Governance, expanding SCIM-based provisioning, building & enforcing RBAC frameworks, and driving workflow automation and system integration.

  • Lead and grow the IT & Security team, managing engineers and administrators, overseeing the virtual CISO engagement, owning the budget and aligning org structure to Tonal’s needs.

  • Own IT documentation and process improvement, maintaining runbooks and closing gaps in onboarding, offboarding, and incident response, and driving overall automation.

  • Manage global physical infrastructure — networking, Wi-Fi, AV, and physical access — across a distributed, multi-office footprint.

  • Serve as a trusted operator on Tonal's most sensitive matters, from executive access provisioning to security incidents and legal holds.

  • Report regularly to senior leadership and the C-suite, translating IT & Security roadmap priorities, progress, technical risk and incident management into clear, actionable narratives.

Who You Are

  • 10+ years in IT and security leadership, with full functional ownership and experience across identity and access management, endpoint security, SaaS administration, network infrastructure, and security program management.

  • Hands-on HIPAA compliance implementation experience, beyond writing policies

  • Track record of building a security program from the ground up: policy, penetration testing, and real incident response

  • Broad expertise across identity and access management, endpoint security, SaaS administration, and network infrastructure

  • Equally comfortable configuring technical systems and presenting security risk to executive leadership

  • A start-up mindset: thrives in fast-moving, resource-constrained environments without cutting corners on security

  • Proven ability to prioritize with a lean team and limited budget, with outcomes to show for it.

  • Experience managing a large SaaS portfolio, including contract renewals, vendor negotiation, and license governance

  • Strong people leadership skills, setting clear expectations and developing team members

  • High standards of trust, integrity, and discretion, given access to the company's most sensitive systems

Extra Credit

  • HIPAA compliance roll-out and execution, owning the technical controls end-to-end.

  • Experience with SOC 2 Type II, NIST CSF, or HITRUST in a hands-on implementation capacity

  • Background in healthcare technology, digital health, or clinical-grade software environments

At Tonal, we believe that the unique and varied lived experiences of our teammates contribute to our overall strength. We don’t just appreciate differences, we celebrate them, and we always seek people that represent a wide variety of backgrounds. We’re dedicated to adding new perspectives to the team and designing employee experiences that contribute to your growth as much as you do to ours. If your experience aligns with what we’re looking for (even if you don’t check every single box), send us your application. We would love to hear from you!

 

Tonal is committed to meeting the diverse needs of people with disabilities in a timely manner that is consistent with the principles of independence, dignity, integration, and equality of opportunity. Should you have any accommodation requests, please reach out to us via our confidential email, accessibility@tonal.com. All requests will be addressed and responded to in accordance with Tonal’s Accessibility Policy and local legislation.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

IT Security Manager Related jobs

Other jobs at Tonal

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.