Director, IT Security and Infrastructure

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field.
• A minimum of 7 years in IT infrastructure administration and architecture.
• A minimum of 3 years in a security-focused role (e.g., Security Engineer, Security Architect, or similar).
• Experience managing hybrid environments (AWS + on-prem AD + Microsoft 365).
• Management experience is required
• Must be a U.S. Citizen
• Strong knowledge of Windows Server, Active Directory, AWS EC2, and Microsoft 365 administration.
• Expertise in security frameworks (NIST, ISO 27001, CIS Controls).
• Familiarity with SIEM, EDR, MFA, and cloud security tools.
• Ability to pass federal background check and legally authorized to work in the U.S. without the need for Visa sponsorship.
• Strong understanding of cybersecurity frameworks, risk management, and regulatory compliance
• Expertise in secure software development practices
• Understanding of artificial intelligence and machine learning applications in security
• Ability to lead cross-functional teams
• Excellent communication, analytical, and decision-making skills
• Strategic thinker with hands-on problem-solving ability.

Nice To Haves

• CISSP, CISM, AWS Certified Security Specialty, Microsoft Certified: Security Administrator Associate.

Responsibilities

• Ensure existing security plans, policies and procedures are consistently followed and updated when necessary
• Develop and enforce security policies, standards, and best practices across all systems and applications.
• Identify, evaluate, and mitigate cybersecurity risks across systems, networks, and data access points
• Oversee incident response planning and execution, including post-incident analysis and reporting
• Ensure compliance with relevant laws, regulations, and standards (e.g., HIPAA, NIST)
• Manage security technologies and tools, including firewalls, intrusion detection systems, and endpoint protection
• Conduct security awareness training and initiatives for employees and contractors (as applicable)
• Collaborate with HMS Compliance team and Executive leadership to align security with business objectives
• Work with the Audit, Risk, and Compliance Committee (ARCC) to monitor and minimize security risk, regulatory compliance, audit support, governance alignment, and incident reporting
• Monitor security metrics and report on security posture, risks, and initiatives to HMS Executive team
• Stay current on cybersecurity trends, technologies, and best practices to enhance security measures proactively
• Implement and manage identity and access management (IAM), endpoint security, and compliance frameworks.
• Conduct regular vulnerability assessments, penetration tests, and risk analysis.
• Oversee the design, implementation, and maintenance of IT infrastructure, including on-premises Active Directory, AWS EC2 Windows servers, and Microsoft 365 environment.
• Manage and optimize network architecture, storage, and virtualization solutions.
• Ensure high availability and performance of internal and external-facing applications hosted on AWS.
• Supervise and mentor IT infrastructure team members.
• Coordinate cross-functional efforts between development, operations, and security teams.
• Drive continuous improvement initiatives for infrastructure and security processes.
• Prepare roadmaps for infrastructure scalability and security maturity.