Director of IT & Security Operations

REALTIME SOFTWARE SOLUTIONS LLC Remote, US,
$150,000 - $160,000Remote

About The Position

RealTime eClinical Solutions is a Global Leader and rapidly growing SaaS technology company that provides comprehensive Software Solutions to the clinical research industry. Our Vision is to reshape the global clinical research industry with innovative solutions that help advance medicine and save lives. Our cloud-based solutions are dedicated to solving complex problems and simplifying clinical research processes to be more organized, efficient, and cost-effective. We are based out of San Antonio, TX, but are truly a remote and telecommuting company. RealTime’s Director of IT & Security Operations owns the security, availability, and compliance of the systems that run RealTime’s multi-tenant clinical-trial platform and corporate environment. The role is accountable for operating and evidencing the controls that keep RealTime HIPAA-compliant and SOC 2 Type 2 audit-ready. This covers protecting Protected Health Information (PHI) across per-customer databases, governing how infrastructure is provisioned as code, and controlling how AI systems access regulated data. The role leads corporate IT and helpdesk and is the subject-matter expert for system and security architecture, uptime, and security posture.

Requirements

  • Deep understanding of operations, systems, network, and cloud security.
  • Experience operating and evidencing controls for SOC 2 Type 2 and the HIPAA Security Rule in a production environment handling regulated data.
  • Hands-on experience with identity and access management, least-privilege design, and privileged access management.
  • Experience with infrastructure as code (Terraform) and change management in a CI/CD pipeline.
  • Experience with SIEM and security monitoring of cloud environments. AWS preferred.
  • Strong leadership and business judgment. Experience managing multiple projects across prioritization, planning, and execution.
  • Experience troubleshooting production workloads using application and system monitoring tools.
  • Experience with replication, federation, and relational databases.

Nice To Haves

  • Security certification such as CISSP, CISM, or CCSP.
  • Experience leading or coordinating a SOC 2 Type 2 examination or HIPAA audit. Two or more years of HIPAA compliance experience.
  • Experience with DLP, database activity monitoring, and data-egress controls in a multi-tenant SaaS environment.
  • Experience governing AI or LLM systems that process regulated data.
  • Experience managing remote employees and supporting corporate IT globally.
  • Working knowledge of Git and source control (GitHub or Subversion). Experience with Kanban or other agile methods.
  • Bachelor’s degree in computer science, software engineering, or equivalent experience.

Responsibilities

  • Operate and evidence the controls required for SOC 2 Type 2 (Security, Availability, and Confidentiality) and the HIPAA Security, Privacy, and Breach Notification Rules.
  • Act as day-to-day lead for external SOC 2 Type 2 and HIPAA audits. Maintain the control narrative, coordinate evidence, and close findings.
  • Run continuous control monitoring (GRC) tooling such as Vanta or Drata so control status and evidence stay current.
  • Maintain the risk register and run an annual risk assessment covering PHI systems, vendors, and infrastructure.
  • Own the Business Associate Agreement (BAA) lifecycle and third-party risk. Execute and track BAAs with every vendor that touches PHI, including cloud and AI vendors, and review vendor security annually.
  • Enforce least privilege of access across corporate and production systems: role-based access control, MFA, and time-bound access to customer databases and PHI.
  • Own the joiner-mover-leaver process and run quarterly access reviews, including privileged access, with evidence retained for audit.
  • Deploy data-leakage controls: data classification, DLP, egress filtering, and database activity monitoring to detect and block unauthorized bulk access.
  • Validate multi-tenant isolation as a standing control and confirm one customer’s data cannot be reached from another tenant. Manage encryption at rest and in transit, with keys held separately from the data.
  • Own secrets management. No credentials, keys, or tokens in source code, container images, or infrastructure-as-code state.
  • Manage cloud hosting vendors and environment changes. Maintain and improve the RTSS database infrastructure architecture in a cloud-hosted environment, including replication, federation, availability, and recoverability.
  • Manage cloud infrastructure as code (Terraform) as the source of truth: peer-reviewed changes, drift detection, and policy-as-code enforced in CI/CD, with separation between the author and approver of a change.
  • Detect and resolve infrastructure performance issues (CPU, memory, disk I/O, resource contention). Design and deploy infrastructure to meet the CIS Critical Security Controls.
  • Own vulnerability and patch management with remediation SLAs by severity, recurring scanning, and annual third-party penetration testing, tracked to closure.
  • Support the team on customer non-code issues such as email and SSO.
  • Monitor the security of corporate and cloud environments. Identify detection gaps and expand log collection, detection, and analytics.
  • Run centralized, tamper-evident logging (SIEM) with anomaly alerting and six-year retention aligned to HIPAA.
  • Maintain and test a documented incident response plan with defined severity levels, escalation, and evidence retention. Run tabletop exercises.
  • Investigate incidents, determine root causes, preserve evidence, and meet HIPAA breach-notification timelines within 60 days.
  • Set and enforce controls for how AI and LLM systems access regulated data, including internal MCP services and cloud AI such as AWS Bedrock. Confirm BAA coverage of AI vendors, prevent PHI exposure to models, and audit AI usage.
  • Set and enforce an acceptable-use policy covering unmanaged AI tools.
  • Manage the team by providing technical support to employees.
  • Manage corporate IT: desktop support, business applications, and procurement and asset management of hardware and software.
  • Provide project management for internal IT deployments, migrations, and mergers.
  • Develop and maintain IT, security, and systems architecture SOPs, and run security-awareness training for the workforce.
  • Design and manage the disaster-recovery and business-continuity process with defined RTO and RPO targets and periodic recovery testing.
  • Define and report security and reliability KPIs: access-review completion, patch and remediation SLA attainment, mean time to detect and respond, control pass rate, and uptime.
  • Participate in technical solution and design discussions. Maintain compliance with company policies on the HIPAA Privacy Rule. This role may view PHI as part of daily duties.

Benefits

  • The company sponsors health insurance, long-term disability, and life insurance.
  • Unlimited Paid Time Off.
  • 10 paid Holidays.
  • Paid Parental Leave.
  • Work Anniversary Bonus.
  • Participation in the Employee of the Quarter Program.
  • Monthly $100 Connectivity Stipend Reimbursement.
  • RealTime matches employee 401K contributions at 100% of the first 3% invested and 50% of the next 2% invested.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service