Information Technology Director

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field.
• Minimum ten (10) years of progressive IT experience, with at least five (5) years in senior leadership roles.
• Demonstrated experience managing IT operations across multi-site, healthcare, or behavioral health environments.
• Advanced technical knowledge of:
• Microsoft 365, Azure AD, Teams, SharePoint
• Windows Server (2016/2019/2022), virtualization, and cloud services
• HIPAA compliance, NIST CSF, CIS benchmarks
• Firewalls, networking, endpoint security, patch management
• Strong leadership, vendor negotiation, and project management skills.
• Valid Arizona driver’s license and reliable transportation.
• Ability to pass fingerprint clearance, background checks, and pre-employment testing.
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field.
• Minimum five (7) years of progressive IT experience in a leadership capacity managing infrastructure, cybersecurity, and IT operations.
• Demonstrated experience overseeing multi-site and hybrid work environments.
• Proficiency in:
• Microsoft 365, Azure Active Directory, Teams, SharePoint
• Windows Server 2016/2019/2022
• Endpoint security and management platforms
• Network infrastructure (LAN/WAN, VPNs, Wi-Fi)
• HIPAA compliance and cybersecurity frameworks (NIST, CIS, etc.)
• Strong project management, vendor management, and leadership skills.
• Clear, professional communication and interpersonal abilities.
• Valid Arizona driver’s license and reliable transportation.
• Ability to pass all pre-employment testing, including fingerprint clearance and background check.

Nice To Haves

• Master’s degree in Information Technology, Cybersecurity, or Business Administration.
• Professional certifications: CISSP, CISM, CompTIA Security+, Microsoft Certified Azure Administrator/Architect, or PMP.
• Experience in Tribal health, behavioral health, or federal contract-based IT environments.
• Master’s degree in Information Technology, Cybersecurity, Business Administration, or related field.
• Professional certifications such as CISSP, CISM, CompTIA Security+, Microsoft Certified: Azure Administrator, or PMP.
• Experience working in Tribal, healthcare, or behavioral health environments.

Responsibilities

• Serve as ABHS’s senior technology executive, aligning IT strategy with agency mission, compliance requirements, and growth initiatives.
• Develop and execute multi-year IT roadmaps covering infrastructure upgrades, cybersecurity maturity, cloud adoption, and digital innovation.
• Lead the IT Steering Committee, advising the CEO and executive leadership team on technology investments, risk posture, and emerging solutions.
• Develop, manage, and monitor the IT department budget in collaboration with Finance and the CEO, balancing cost control with innovation.
• Represent ABHS in Tribal, state, and national IT consortiums, ensuring advocacy and access to shared resources.
• Establish and enforce IT governance, including change management, technology standards, and agency-wide compliance policies.
• Provide regular IT performance, risk, and compliance reporting to the CEO, Board of Directors, and regulatory agencies.
• Serve as Chief Information Security Officer (CISO) for ABHS, ensuring compliance with HIPAA, IHS, AHCCCS, and Tribal IT security requirements.
• Lead enterprise-wide security frameworks, including NIST CSF and CIS controls, adapting to the needs of healthcare and behavioral health environments.
• Direct incident response, breach investigations, and forensic activities in coordination with Tribal, state, and federal partners.
• Oversee risk assessments, penetration testing, and vulnerability management programs; ensure timely remediation.
• Ensure encryption, MFA, endpoint protection, mobile device management, and secure cloud practices are enforced across ABHS.
• Maintain compliance with cybersecurity insurance requirements and support audits by insurers, regulators, and external entities.
• Develop and maintain ABHS’s Information Security Program Manual and Business Continuity/Disaster Recovery (BC/DR) plans.
• Supervise data governance, data loss prevention (DLP), and secure data exchange practices across all platforms.
• Ensure Business Associate Agreements (BAAs) and vendor security reviews are current and enforceable.
• Oversee day-to-day IT operations for all ABHS facilities, including clinics, shelters, residential facilities, and administrative offices.
• Provide hands-on technical leadership for infrastructure management, including servers, storage, networks, VoIP, firewalls, and wireless systems.
• Ensure continuous uptime and secure operation of ABHS’s EHR (myEvolv), HRIS, and financial systems.
• Lead agency-wide cloud strategy, optimizing Microsoft 365, Azure AD, Teams, SharePoint, OneDrive, and hybrid integrations.
• Direct system monitoring, patch management, and lifecycle refresh planning for hardware, software, and network devices.
• Maintain centralized configuration management, CMDB accuracy, and IT asset inventory.
• Ensure effective vendor and managed services coordination for mission-critical infrastructure projects.
• Lead IT support for telehealth platforms, remote staff, and hybrid work environments.
• Oversee agency-wide audiovisual and conferencing systems for clinical and administrative use.
• Personally intervene in escalated IT support issues, providing direct technical expertise.
• Negotiate contracts, SLAs, and renewals with technology vendors, MSPs, and cloud providers.
• Direct IT capital projects (network upgrades, cloud migrations, cybersecurity implementations), ensuring timelines, budgets, and compliance.
• Enforce vendor compliance with HIPAA, Tribal, and ABHS standards through BAAs and ongoing audits.
• Oversee vendor risk assessments and remediation for third-party hosted systems.
• Ensure knowledge transfer from vendors to internal staff upon project completion.
• Manage procurement and licensing compliance for agency-wide hardware and software.
• Provide mentorship, professional development, and performance oversight for IT staff, fostering a culture of accountability and service.
• Ensure adequate IT staffing coverage for multi-site operations, after-hours support, and emergency response.
• Lead annual security awareness and phishing simulation training for all ABHS employees.
• Model hands-on leadership by actively participating in troubleshooting, system deployments, and complex IT challenges.
• Develop succession planning and career pathways for IT personnel to promote growth and retention.
• Serve as IT liaison to Tribal government, IHS, AHCCCS, and external regulators.
• Communicate IT strategies, risks, and initiatives in accessible language for staff, leadership, and community stakeholders.
• Support all Board and executive meetings requiring IT, audiovisual, or cybersecurity support.
• Maintain culturally competent and professional relationships with Tribal leaders, community members, and external partners.
• Provide leadership for ABHS’ overall IT strategy, infrastructure management, cybersecurity posture, and operational excellence.
• Supervise all internal IT staff, including IT Supervisors, Specialists, and Helpdesk teams.
• Manage contracts and relationships with outsourced IT partners (Managed Services Providers) and technology vendors.
• Develop and monitor the annual IT budget in collaboration with the CEO and Finance.
• Advise executive leadership on technology solutions aligned to agency growth, compliance, and operational needs.
• Lead IT participation in strategic agency initiatives, including expansions, facility upgrades, and telehealth deployments.
• Coordinate IT operations across all ABHS offices, residential facilities, field operations, and remote environments.
• Lead IT Disaster Recovery and Business Continuity Planning (DR/BCP), ensuring resiliency of critical systems including EHR, finance, and HRIS platforms.
• Oversee cybersecurity compliance programs, including HIPAA Security Rule adherence, risk analysis, and security incident response.
• Develop long-term IT infrastructure and systems upgrade roadmaps, ensuring secure and scalable solutions.
• Develop annual IT goals and objectives aligned to ABHS’s strategic plan and report progress quarterly to executive leadership.
• Maintain and enforce policies regarding appropriate use of agency technology and internet resources.
• Lead or assist with investigations of technology misuse, security breaches, or compliance violations.
• Design, implement, and test backup, replication, and disaster recovery systems to protect agency data.
• Approve standard operating environments (SOEs) for endpoint device imaging and deployment.
• Manage onboarding/offboarding technology processes to ensure secure access and data protection.
• Coordinate periodic HIPAA Security Risk Assessments and ensure timely completion of corrective actions.
• Ensure configuration management database (CMDB) accuracy and oversee IT asset audits.
• Lead annual network penetration testing with third-party vendors and implement remediation plans.
• Supervise IT helpdesk knowledgebase development to ensure consistent, accurate, and timely technical support.
• Maintain up-to-date documentation of IT infrastructure, systems architecture, and vendor configurations.
• Prepare technology investment proposals for leadership and Board approval, providing cost-benefit analyses and security implications.
• Coordinate quarterly IT steering committee meetings involving senior leadership and department heads.
• Lead annual IT staff security awareness training and phishing simulations.
• Manage email security gateway and filtering systems to protect against spam, phishing, and malware threats.
• Oversee the protection of mobile devices, including laptops and phones, using MDM solutions.
• Ensure secure remote access technologies (VPN, MFA) are fully operational and monitored.
• Supervise agency data loss prevention (DLP) efforts across email, network, and storage environments.
• Maintain oversight of electronic health record (EHR) data security, access control, and user activity monitoring.
• Develop and test business continuity procedures for mission-critical services, including EHR and telehealth platforms.
• Participate in crisis response teams to support operational technology continuity during emergencies.
• Coordinate software development or customization projects supporting agency operations or reporting needs.
• Ensure compliance with federal, state, and Tribal regulations related to electronic records, privacy, and security.
• Supervise user rights reviews to ensure staff have minimum necessary access under HIPAA Privacy Rule standards.
• Manage centralized log collection, retention, and monitoring processes for audit and compliance reporting.
• Facilitate annual hardware refresh planning to replace aging systems proactively.
• Participate in external technology consortiums or Tribal IT networks to share knowledge and resources.
• Create and maintain IT service catalogs for internal stakeholders, clearly outlining available services and support channels.
• Collaborate with Facilities Department regarding physical security systems, including badge access and video surveillance integration.
• Serve as lead to the Information Security Officer (ISO), ensuring implementation of cybersecurity frameworks and agency security policies.
• Manage HIPAA compliance related to technology systems, including annual security risk assessments and mitigation activities.
• Oversee endpoint protection, encryption, multifactor authentication (MFA), patch management, and network security monitoring.
• Coordinate regular IT security audits, vulnerability assessments, and penetration testing with external providers.
• Ensure accurate tracking and reporting of PHI security incidents and breaches in compliance with HIPAA regulations.
• Implement cybersecurity awareness training programs for all ABHS employees.
• Ensure continuous compliance with the HIPAA Security Rule across all technology systems.
• Implement and enforce encryption at rest and in transit for all sensitive agency data.
• Conduct quarterly security awareness training for all employees, covering phishing, password management, and data handling.
• Ensure agency compliance with National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) controls where applicable.
• Manage and monitor endpoint detection and response (EDR) or extended detection and response (XDR) solutions across the network.
• Ensure multi-factor authentication (MFA) is enforced for all systems accessing PHI and financial data.
• Perform role-based access control (RBAC) reviews quarterly, ensuring minimum necessary access levels.
• Manage Secure File Transfer Protocol (SFTP) systems or equivalent for sensitive data exchanges.
• Enforce patch management policies to remediate vulnerabilities within defined timelines based on criticality.
• Maintain full asset inventory for IT hardware and software per HIPAA and cybersecurity insurance requirements.
• Ensure that Electronic Health Record (EHR) audit logs are active, maintained, and reviewed as required.
• Manage and test secure data backup and recovery protocols with offsite or cloud-based storage redundancy.
• Maintain and review vendor risk assessments to ensure third-party compliance with security standards.
• Supervise the application of Data Loss Prevention (DLP) technologies to prevent unauthorized data exfiltration.
• Require encrypted email transmission for all PHI and sensitive data communications.
• Ensure data retention policies align with federal, state, and tribal regulatory standards.
• Maintain and document Business Associate Agreements (BAAs) with all vendors handling PHI or sensitive data.
• Manage vulnerability management systems for continuous threat identification and remediation tracking.
• Oversee firewall configurations and access control list (ACL) reviews at least quarterly.
• Require use of agency-approved password managers for storage of complex passwords.
• Ensure completion of annual HIPAA Privacy and Security Training for all ABHS staff.
• Supervise quarterly access rights reviews for Microsoft 365, Azure AD, and all EHR systems.
• Monitor and restrict the use of USB drives and other removable media unless explicitly authorized and encrypted.
• Ensure compliance with cybersecurity insurance provider requirements, including proof of security controls.
• Document cybersecurity governance procedures and security policies in an annually updated Information Security Program Manual.
• Serve as liaison to federal or tribal law enforcement agencies in the event of cyber incidents involving criminal activity.
• Oversee Microsoft 365, Azure Active Directory, SharePoint, and endpoint management systems across all agency devices.
• Ensure uptime, functionality, and security of network infrastructure (LAN/WAN, Wi-Fi, VPN), telecommunications (VoIP), and audiovisual systems.
• Manage agency hardware/software procurement processes and asset lifecycle management.
• Approve and oversee all software deployments, updates, and license management.
• Monitor IT service desk operations and ensure service-level agreements (SLAs) are met by internal and external support teams.
• Supervise maintenance of agency EHR systems (myEvolv) and related clinical support platforms.
• Direct IT infrastructure projects, from cloud migrations to cybersecurity initiatives, from planning through execution.
• Oversee remote/hybrid work technologies, ensuring secure operations for remote staff.
• Develop and maintain standardized operating procedures (SOPs) for all IT systems administration tasks.
• Ensure agency-wide compliance with data backup schedules and regularly test restore processes to validate recoverability.
• Manage the agency’s Microsoft 365 environment, including email, Teams, SharePoint, OneDrive, and security configurations.
• Oversee the configuration and management of Azure Active Directory (AAD) for identity and access management.
• Supervise automated system imaging processes for standard workstation deployments.
• Ensure licensing compliance for all software platforms, including Microsoft, Adobe, and EHR-related tools.
• Monitor and maintain server and network hardware performance, capacity planning, and resource utilization reports.
• Manage patch deployment for operating systems, endpoint software, and server applications through centralized management tools.
• Administer firewall, router, and switch configurations to ensure secure and optimal network traffic flow.
• Develop and maintain accurate network documentation, including IP schemas, VLAN configurations, and wireless network topologies.
• Oversee cloud services management, including backups, security configurations, and cost optimization strategies.
• Ensure monitoring of agency-wide internet bandwidth utilization and coordinate with ISP vendors to address performance issues.
• Oversee VoIP and unified communications systems, ensuring availability, security, and call quality.
• Monitor uptime, health, and service levels of cloud-hosted and on-premises systems using centralized monitoring tools.
• Ensure proper lifecycle management for servers, storage systems, and core network infrastructure.
• Implement and monitor network segmentation strategies to isolate sensitive systems and minimize cybersecurity risks.
• Manage network cabling infrastructure, including documentation, maintenance, and upgrades as necessary.
• Oversee secure configuration and management of wireless networks, ensuring segmentation between staff and guest access.
• Manage print servers and multi-function device integrations, ensuring secure print release features and cost controls.
• Enforce endpoint encryption standards using full disk encryption solutions across all workstations and laptops.
• Maintain administrative access control lists, ensuring removal of ex-employees and reassignment of orphaned accounts.
• Track and respond to system alerts or failures from automated monitoring systems, escalating critical incidents appropriately.
• Manage and enforce secure configurations for remote desktop services or virtual desktop infrastructures (VDI).
• Ensure controlled and audited access to physical server rooms and telecommunications closets.
• Manage digital certificate issuance, renewal, and deployment for securing websites, email, and internal systems.
• Review and approve technical documentation and system diagrams created by IT staff for consistency and accuracy.
• Coordinate multi-site IT infrastructure support, ensuring standardized configuration and operations across all agency locations.
• Oversee all IT-related vendor agreements, ensuring contract compliance and performance monitoring.
• Manage vendor assessments and selection for hardware, software, and managed services.
• Coordinate implementation of new technologies or systems upgrades with vendors, consultants, and internal teams.
• Lead IT capital improvement projects, providing regular updates to executive leadership.
• Approve and monitor vendor work orders, project scopes, and deliverables.
• Oversee vendor onboarding, ensuring compliance with security, insurance, and data handling standards prior to engagement.
• Manage vendor contracts to ensure scope, service levels, and cybersecurity clauses are clearly defined and enforced.
• Track vendor performance through regular reviews, measuring against service-level agreements (SLAs) and key performance indicators (KPIs).
• Negotiate contracts, renewals, and pricing with technology vendors, ensuring fiscal responsibility and competitive costs.
• Coordinate vendor-supplied security audits and remediation plans for hosted/cloud-based services.
• Lead vendor project kickoff meetings, defining deliverables, timelines, and quality expectations.
• Maintain centralized documentation of vendor contacts, contract terms, support procedures, and escalation processes.
• Ensure third-party vendors adhere to agency change management procedures when working on live production systems.
• Review and approve vendor Statements of Work (SOWs) and project scopes before project initiation.
• Monitor outsourced Managed Services Provider (MSP) support metrics and hold quarterly performance review sessions.
• Track and approve vendor invoices against contracted rates and project milestones prior to Accounts Payable submission.
• Develop contingency plans for critical vendor service interruptions or non-performance.
• Participate in vendor compliance reporting for HIPAA Security, SOC 2, or other regulatory frameworks as required.
• Coordinate knowledge transfer sessions from vendors upon project closeouts to ensure internal IT staff self-sufficiency.
• Approve vendor maintenance windows and system downtimes, ensuring proper stakeholder communication.
• Ensure vendors are informed of and comply with Tribal, federal, and 638 contract regulations impacting service delivery.
• Supervise co-managed project execution with vendors and internal IT staff, ensuring clear role delineation.
• Review vendor-provided security incident reports to verify adequate corrective actions have been implemented.
• Conduct vendor debriefs following project failures, missed SLAs, or significant service disruptions to implement improvements.
• Ensure appropriate Business Associate Agreements (BAAs) are executed with vendors handling Protected Health Information (PHI).
• Assess vendor-hosted data centers or cloud services for geographic restrictions, redundancy, and disaster recovery planning.
• Direct project resource planning, assigning appropriate internal staff or contractors based on project requirements.
• Report major vendor project status updates regularly to executive leadership and key agency stakeholders.
• Approve vendor-provided training for ABHS IT staff on new technologies or solutions adopted.
• Ensure vendor personnel working onsite are appropriately screened, badged, and follow agency physical security protocols.
• Oversee external consultants or contractors working on IT strategic planning, security reviews, or infrastructure upgrades.
• Coordinate with Procurement and Legal Departments for new technology vendor acquisitions.
• Manage agency-wide software license true-ups and renewals in coordination with vendors.
• Provide coaching, mentorship, and leadership development to IT Supervisors and staff.
• Evaluate IT team performance, developing corrective action or professional development plans as needed.
• Foster a collaborative IT team culture prioritizing customer service, cybersecurity, and operational reliability.
• Maintain staff coverage for multi-site, field-based, and emergency IT support needs.
• Lead IT team meetings, setting priorities and goals aligned with agency strategy.
• Ensure HIPAA Security Rule compliance across all technology systems.
• Enforce encryptions for all sensitive agency data.
• Conduct quarterly cybersecurity awareness training.
• Implement NIST Cybersecurity Framework (CSF) where applicable.
• Monitor endpoint protection systems.
• Maintain an Incident Response Plan.
• Enforce multi-factor authentication (MFA).
• Perform quarterly role-based access control reviews.
• Coordinate external cybersecurity audits and corrective actions.
• Manage secure data transfer protocols.
• Maintain patch management compliance.
• Track IT asset inventory.
• Monitor EHR audit logs.
• Test and maintain secure backup and recovery systems.
• Conduct annual cybersecurity incident simulations.
• Maintain vendor risk assessments.
• Apply Data Loss Prevention (DLP) technologies.
• Require encrypted email communications.
• Align data retention policies with regulations.
• Maintain Business Associate Agreements (BAAs).
• Use vulnerability management systems.
• Review firewall configurations.
• Enforce Mobile Device Management (MDM).
• Require password manager usage.
• Restrict and audit use of removable media.
• Comply with cybersecurity insurance requirements.
• Maintain an Information Security Program Manual.
• Act as liaison with law enforcement on cyber incidents.
• Report directly to the CEO, providing regular updates on IT operations, cybersecurity status, and strategic projects.
• Prepare and present IT key performance indicators (KPIs), audit results, and compliance reports to executive leadership.
• Serve as the primary liaison between the IT Department and external auditors, regulators, and oversight bodies.
• Develop and communicate IT policies and standards across the organization.
• Maintain professional and culturally competent relationships with Tribal stakeholders, community members, and business partners.
• Ensure IT support for all ABHS Board, executive, and large-scale agency meetings requiring audiovisual or technology facilitation.
• Maintain clear and effective communication in all matters of attendance and work progress with the CEO.
• Abide by ABHS, Tribal, IHS, AHCCCS, and 638 Contract technology compliance policies.
• Ensure participation in all required ABHS trainings, including HIPAA, cybersecurity, and leadership development.
• Perform other duties as assigned by the CEO.