Director Information Security & Governance

Duly Health and CareDowners Grove, IL
$140,000 - $180,000Hybrid

About The Position

At Duly Health and Care, you are supported to do your best work and make a meaningful impact every day. You will be part of a collaborative, physician-led team that works as one and puts patients at the center of everything we do. With a connected network of providers, care teams, and services across primary and specialty care, surgery centers, imaging, lab, and therapy, you are part of a system designed to deliver high-quality, coordinated care. Together, we create an environment where you can grow, contribute, and help improve the experience and outcomes for every patient we serve. Position Summary - We are seeking a dynamic and experienced Director of Cybersecurity to lead our enterprise security program and governance, risk, and compliance (GRC) function. Reporting to the CTO, this leader will be responsible for protecting the confidentiality, integrity, and availability of patient data, clinical systems, and enterprise assets across our large healthcare organization. The Director will serve as a strategic partner to clinical, operational, and IT leadership and ensuring patient/employee data and enterprise assets are effectively protected.

Requirements

  • 10+ years of progressive experience in information security, with at least 3 years in a leadership role managing a team.
  • Demonstrated expertise in GRC — including policy development, risk management, and regulatory compliance.
  • Deep knowledge of healthcare-specific security and privacy regulations, particularly HIPAA/HITECH.
  • Experience in large, complex enterprise environments; healthcare industry experience strongly preferred.
  • Proven ability to build trusted relationships with executive stakeholders and communicate risk in business terms.
  • Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or a related field (or equivalent experience).

Nice To Haves

  • Master's degree in a relevant discipline.
  • Active certifications such as CISSP, CISM, CRISC, HCISPP, or equivalent.
  • Hands-on experience with EHR platforms (Epic, Cerner) and their security architecture.

Responsibilities

  • Lead, mentor, and develop a team of 5 security architects and specialists, fostering a culture of excellence, accountability, and continuous learning.
  • Define and execute the enterprise cybersecurity strategy in alignment with organizational goals and the CISO's vision.
  • Oversee security architecture design and review for enterprise systems, clinical applications, cloud environments, and third-party integrations.
  • Drive the maturation of security operations including threat detection, incident response, and vulnerability management programs.
  • Serve as a primary escalation point and decision-maker during significant security incidents or breaches.
  • Own and evolve organizations Governance, Risk & Compliance (GRC) program, ensuring alignment with HIPAA, HITECH, NIST CSF, SOC 2, and other applicable frameworks.
  • Lead risk assessment processes including third-party vendor risk assessments, enterprise risk registers, and ongoing risk treatment planning.
  • Oversee preparation for and response to regulatory audits, assessments, and examinations.
  • Develop, maintain, and enforce enterprise security policies, standards, and procedures.
  • Coordinate privacy and security initiatives in partnership with Legal, Compliance, and Privacy Office stakeholders.
  • Partner with clinical informatics, revenue cycle, HR, and other business units to embed security practices into workflows and new initiatives.
  • Present security risk posture, program metrics, and GRC status updates to executive leadership and the Board of Directors as needed.
  • Lead security awareness and training programs across the organization.
  • Evaluate and guide investment in security tooling including SIEM, EDR, CASB, DLP, identity governance, and zero trust capabilities.
  • Ensure robust identity and access management controls across EHR systems, cloud platforms, and enterprise applications.
  • Stay current on emerging threats specific to the healthcare sector (ransomware, medical device vulnerabilities, supply chain risks) and adapt program accordingly.

Benefits

  • Comprehensive medical, dental, and vision benefits that include healthcare navigation assistance.
  • Access to a mental health benefit at no cost.
  • Employer provided life and disability insurance.
  • $5,250 Tuition Reimbursement per year.
  • Immediate 401(k) match.
  • 40 hours paid volunteer time off.
  • A culture committed to community engagement and social impact.
  • Up to 12 weeks parental leave at 100% pay and a financial benefit for adoption and surrogacy for non-physician team members once eligibility requirements are met.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service