Director, IT & Security

About The Position

Requirements

• Deep expertise across enterprise security, cloud infrastructure, networking, and IT systems.
• Strong background in security governance, risk management, and compliance frameworks (HIPAA, SOC 2, or similar).
• Proven ability to set strategy and influence executive stakeholders, translating technical concepts into business impact.
• Demonstrated success building and leading high-performing, multi-functional teams.
• Strong cross-functional leadership and systems thinking in complex environments.
• Experience developing AI governance frameworks, acceptable use policies, or responsible AI programs.
• Excellent communication skills, including experience with executive-level presentations and company-wide initiatives.
• Expertise in identity and access management and enterprise tooling (Google Workspace, JAMF/MDM, Okta/OneLogin, Slack, etc.).
• Experience defining and operationalizing metrics and performance frameworks.
• Minimum 10 years of IT or technical security experience, with at least 6 years in a leadership role.
• Proven track record of scaling enterprise IT and security programs in high-growth startup environments.
• Experience partnering with executive teams on strategic technology decisions.
• Hands-on experience managing enterprise security operations, cloud environments, and IT infrastructure.
• Proven track record of leading security audits, risk assessments, and compliance initiatives.
• Experience with scripting, automation, and system integrations to streamline IT operations.
• Must be eligible to work in the United States without sponsorship now or in the future.

Nice To Haves

• IT or security certifications (CISSP, CISM, CompTIA Security+, or equivalent).
• Prior experience in healthcare or HIPAA-regulated environments.
• Experience leading remote or hybrid IT teams.
• Advanced knowledge of security automation, threat detection, and response tools.

Responsibilities

• Define and own the company IT and security strategy, aligning infrastructure, systems, and risk posture with company growth, product evolution, and regulatory requirements.
• Build, lead, and scale a high-performing IT and Security organization, establishing clear operating models, priorities, and accountability across IT and security operations.
• Oversee end-to-end IT operations and employee technology experience, including onboarding/offboarding, identity and access management, device lifecycle, and enterprise tooling.
• Own and mature the security program, including governance, risk management, security architecture, vulnerability management, and threat detection and response (SOC).
• Drive the management —in partnership with our compliance committee — of risk, compliance, and audit, leading HIPAA and SOC 2 readiness, managing audits, and ensuring continuous compliance through strong policies, controls, and documentation.
• Partner cross-functionally with Engineering, Product, Data, Legal, and People teams to embed security and IT best practices into systems, development lifecycles, and business operations.
• Drive company initiatives to enhance system reliability, scalability, security, and business continuity, including disaster recovery planning and resilience of critical systems.
• Own the IT vendor and partner strategy, including selection, negotiation, performance management, and cost optimization while maintaining high security and service standards.
• Establish and report on KPIs and metrics for IT performance, security posture, and risk, providing actionable insights to executive leadership.
• Act as a trusted advisor to leadership, guiding decisions on technology investments, emerging threats, and trade-offs between risk, cost, and speed.
• Own the company's AI governance framework, including acceptable use policies, tool evaluation processes, and an enterprise-wide AI inventory and risk register.
• Define standards for embedding AI tools into workflows and business processes, ensuring integration architecture, data flows, and security controls align with compliance obligations.
• Own data classification standards and data loss prevention strategy, ensuring sensitive data — including PHI — is identified, categorized, and protected in alignment with HIPAA and other regulatory requirements.

Benefits

• company sponsored life insurance
• disability and AD&D plans
• Voluntary benefits such as 401k retirement, medical, dental, vision, FSA, HSA, dependent care and commuter/parking options are also available.
• Octave offers generous Paid Time Off as well as paid parental leave benefits.