Information Technology Director

About The Position

Requirements

• 7–12 years of progressive IT experience, including at least 3 years in a leadership or management role, with a demonstrated readiness to scale into advanced enterprise management.
• Bachelor’s degree in Computer Science, Information Systems, or a related technical discipline, or equivalent practical experience.
• Experience leading IT operations in a healthcare, non-profit, or other regulated environment.
• Working knowledge of information security principles and the role IT plays in maintaining a defensible, well-monitored environment.
• Working knowledge of HIPAA Privacy Rule requirements and the operational role IT plays in supporting privacy, compliance, and regulated data handling.
• Experience managing and developing a small-to-mid-sized IT team while balancing strategic planning with hands-on operational oversight.
• Strong experience with cloud-based workplace technologies, preferably Google Workspace and related SaaS platforms.
• Experience working directly with executive leadership and communicating effectively with non-technical stakeholders.
• Experience coordinating with external advisors or partners such as a vCISO, legal counsel, managed service providers, auditors, or compliance consultants.
• Experience developing or maintaining business continuity and disaster recovery plans in a multi-site or regulated setting.
• Experience developing policies, managing vendors, supporting audits or assessments, and driving operational improvements in a regulated setting.
• Experience hiring, developing organizational design with defined areas of responsibility, and building out a team.

Nice To Haves

• Experience serving as, supporting, or partnering closely with a HIPAA Privacy Officer function.
• Experience in a California healthcare environment, including familiarity with applicable state privacy requirements.
• Experience leading IT operations in a multi-site environment.
• Experience in a mission-driven or community-based non-profit organization.
• Familiarity with common control frameworks or operational good practices such as NIST CSF or CIS Controls.

Responsibilities

• Lead day-to-day multi-site IT operations for a 250-person non-profit healthcare organization, including infrastructure, end-user support, business applications, vendor coordination, and service delivery.
• Manage and develop a team of 6–8 IT staff, setting priorities, monitoring performance, and building a culture of accountability and responsive support.
• Serve as the senior internal IT leader and trusted advisor to the CEO, COO, and CMO, translating organizational needs into practical technology plans and operational improvements.
• Partner with the COO and executive leadership to support information security, risk management, and ongoing policy development, surfacing complex regulatory issues that require escalation to specialized legal counsel or cyber liability brokers.
• Oversee the organization's Google Workspace and Microsoft 360 environments and other cloud technologies, including administration, optimization, access management, and user enablement.
• Serve as the designated HIPAA Privacy Officer, with responsibility for privacy-related policies, workforce privacy training, privacy incident coordination, and support for patient rights processes.
• Operationalize the HIPAA Privacy Officer function by collaborating closely with the clinical services department to ensure privacy training, policies, and patient rights processes align with clinical operations.
• Manage relationships with external security advisors, managed service providers, and compliance vendors (including the current vCISO engagement), with the long-term goal of maturing internal capabilities and optimizing external spend.
• Maintain responsibility for infrastructure that supports the organization’s internally-developed applications, including coordination with the Data & Analytics team and contracted software developers on security, access, and infrastructure decisions.
• Establish and maintain clear areas of ownership between IT and the Data & Analytics team for internally-developed application support
• Partner with the external vCISO, legal counsel, and executive leadership to support information security, HIPAA compliance, California privacy obligations, risk management, incident response coordination, and ongoing policy development.
• Manage privacy-related vendor coordination, including support for Business Associate Agreement processes and third-party accountability in collaboration with legal and compliance stakeholders.
• Develop, maintain, and improve IT and privacy policies, procedures, standards, and documentation appropriate for a regulated healthcare environment.
• Oversee the organization’s device lifecycle management program, including provisioning, patching, mobile device management, and decommissioning.
• Develop and maintain IT disaster recovery and business continuity plans, ensuring critical systems and data can be restored within defined recovery objectives.
• Lead IT budgeting, planning, procurement, and prioritization to align technology investments with organizational strategy, mission needs, and operational realities.
• Support audits, assessments, and compliance reviews by organizing documentation, coordinating stakeholders, and tracking remediation activities.