Director of Information Security

About The Position

Requirements

• 7+ years of experience in information security, including direct experience leading or building GRC programs.
• Proven expertise in regulatory frameworks such as ISO 27001, SOC 2, GDPR, HIPAA, FedRAMP, TX-RAMP, StateRAMP or similar.
• Experience with FDA regulations is an asset.
• Direct experience working in environments governed by HIPAA and GDPR.
• Hands-on experience with vulnerability management tools, incident response, and security audits.
• Familiarity with DevSecOps principles and working closely with engineering organizations to embed security into software development lifecycles.
• Experience selecting, implementing, and managing security tooling (e.g., SIEM, endpoint, code scanning, etc.).
• Exceptional communication and influencing skills across technical and non-technical teams.
• A high degree of autonomy and ownership—comfortable leading cross-functional efforts and prioritizing in a dynamic environment.
• AI fluency: Familiarity with modern AI tools (e.g., ChatGPT, CodeQL, automated compliance tools), and curiosity about how AI can be applied to simplify and strengthen information security.

Nice To Haves

• Experience with cloud-native environments (AWS preferred), SaaS platforms, and early-stage startups.

Responsibilities

• Own and lead the Proscia Information Security Program, with a focus on governance, risk, and compliance (GRC) across the Concentriq suite of applications and Proscia's business applications.
• Develop, improve, and implement security policies and procedures to strengthen Proscia’s security posture across regulated and non-regulated markets.
• Manage and evolve the tools and workflows for vulnerability management, reporting, and remediation governance.
• Guide the company’s regulatory roadmap—seeking new certifications and frameworks (e.g., ISO 27001, SOC 2, HITRUST) in response to customer and market demands.
• Partner with Engineering to implement developer-friendly security tools that reduce compliance burdens without slowing innovation.
• Oversee incident response preparation, processes, and execution—ensuring rapid, coordinated action and effective communication during events.
• Serve as a consultative security leader for Engineering, Product, and Customer teams—governing system designs, architecture, and implementation through a security-first lens.
• Enable other teams to answer security-related questions from customers, prospects, and partners.
• Stay ahead of industry and regulatory trends, informing company leadership of new or emerging cybersecurity requirements.
• Bring an AI-forward mindset to security—leveraging modern tools and practices to automate and scale security operations in line with Proscia’s broader AI strategy.

Benefits

• Competitive pay
• Savings options
• Schedule options
• Insurance options that promote long-term health and personal growth