Director, Security & IT

About The Position

Requirements

• 10+ years of progressive experience in information security, including 3+ years in a people leadership role.
• Strong familiarity with operating IT and telecommunications systems.
• Deep expertise in HIPAA/HITRUST compliance and healthcare data privacy requirements; experience operating in a regulated healthcare or health tech environment is strongly preferred.
• Strong knowledge of security frameworks such as NIST CSF, ISO 27001, and SOC 2 Type II.
• Hands-on experience securing cloud-based environments and SaaS platforms (AWS preferred).
• Proven track record leading incident response, forensic investigations, and disaster recovery planning.
• Familiarity with secure software development practices and ability to partner effectively with engineering teams.
• Experience with IAM platforms, endpoint detection and response (EDR) tools, and SIEM/log management solutions.
• Exceptional communication skills; able to translate complex technical risk into clear business language for non-technical stakeholders including executive leadership.
• Bachelor's degree in a related field or equivalent work experience; CISSP, CISM, CISA certification preferred.

Responsibilities

• Own and continuously mature Careforth's information security program, ensuring policies and standards align with HIPAA, HITRUST, and applicable state privacy regulations.
• Serve as the primary point of accountability for security risk management, threat monitoring, vulnerability management, and incident response.
• Lead preparation for security audits and regulatory examinations, managing remediation of findings.
• Partner with Legal and Compliance to maintain a robust data governance and privacy framework, including Business Associate Agreements (BAAs) and breach notification procedures.
• Define and execute the IT roadmap, encompassing cloud infrastructure, end-user computing, enterprise applications, and systems reliability.
• Manage vendor risk assessments and third-party security reviews; maintain an up-to-date vendor risk register.
• Oversee IT operations including helpdesk, asset management, identity and access management (IAM), endpoint protection, and network security.
• Drive the adoption of cloud-first and zero-trust architecture principles across the organization (AWS preferred).
• Lead and mentor a high-performing team, fostering a culture of accountability and continuous improvement.
• Develop and present security metrics, KPIs, and risk dashboards to executive leadership and the Board as appropriate.
• Champion security awareness through training programs, phishing simulations, and a culture of shared responsibility.
• Manage IT vendor relationships, contracts, and technology spend to ensure cost-effective, resilient operations.
• Collaborate with the Software Engineering team to embed secure development practices.
• Maintain and regularly test business continuity and disaster recovery plans.
• Perform other duties as assigned

Benefits

• flexible schedules
• remote-first culture
• nationally recognized wellness program