Director, Security & IT
Tru Staffing Inc, New York, NY, United States
New York , New York| United States Direct Hire
Our client, an AI-driven benefits intelligence platform operating in a highly regulated healthcare environment, is seeking a Director of Security & IT to lead its enterprise security strategy, compliance programs, and IT operations. This role will drive the design and execution of security frameworks, ensure adherence to HIPAA and SOC 2 requirements, and safeguard sensitive health and financial data at scale. The ideal candidate brings deep expertise in security architecture, risk management, and compliance within cloud-based environments, along with experience building and maturing security programs in high-growth technology organizations. This hybrid role is based in NYC.
Responsibilities
Lead the design, implementation, and continuous improvement of a comprehensive security program across application, infrastructure, and data protection
Own and evolve security policies, procedures, and controls aligned to HIPAA and SOC 2 Type II requirements
Drive vulnerability assessments, penetration testing, and security audits to identify and mitigate risk
Oversee incident response including containment, remediation, root cause analysis, and reporting
Own identity and access management strategy, enforcing least-privilege access across systems and cloud environments
Implement safeguards including encryption, audit logging, and access controls to protect data at rest, in transit, and in use
Own SOC 2 Type II compliance efforts including audit preparation, controls documentation, and remediation
Ensure adherence to HIPAA Privacy and Security Rules across all handling of PHI
Develop and maintain a risk management framework to identify, assess, and prioritize security and compliance risks
Conduct ongoing risk assessments and vulnerability scans to proactively address gaps
Prepare for and manage regulatory audits, external reviews, and customer security assessments
Stay current on evolving healthcare data privacy regulations and assess their impact on internal practices
Oversee day-to-day IT operations to ensure systems, networks, and applications function securely and efficiently
Lead the internal help desk function, driving timely issue resolution and clear escalation protocols
Monitor performance metrics and implement improvements aligned to business needs
Manage IT asset lifecycle including procurement, tracking, and maintenance
Ensure secure onboarding and offboarding processes with a focus on access control and compliance training
Evaluate and manage cloud providers, vendors, and third-party partners to ensure compliance with security and privacy standards
Conduct vendor due diligence and security assessments aligned to internal requirements
Negotiate and manage contracts and SLAs to ensure vendors meet security and compliance expectations
Partner cross-functionally with Engineering, Legal, Finance, and People teams to align security and data privacy strategies
Serve as the primary liaison for customers and partners on security and compliance matters
Act as a strategic advisor to leadership on security investments and risk tradeoffs
Provide regular reporting on security initiatives, audit outcomes, and compliance posture
Lead, mentor, and develop a team across security, IT, and compliance
Foster a culture of continuous improvement and strong security practices across the organization
Qualifications
Significant years of experience across security, IT infrastructure, and compliance, including leadership ownership of a security function
Experience within a scaling software or AI company and familiarity with building programs under resource constraints
Deep expertise in HIPAA, healthcare data protection, and SOC 2 Type II compliance
Strong understanding of cloud security architecture, particularly AWS, as well as network and container security
Experience building or significantly maturing security and compliance programs rather than solely operating them
Proven ability to operate cross-functionally and drive structured execution across complex initiatives
Strong program management experience across security, compliance, disaster recovery, access management, and vendor risk
Sound judgment in high-trust environments involving sensitive data and systems
Experience leading and developing technical teams with accountability and ownership
Ability to operate both strategically and hands‑on where needed
Experience in healthcare, benefits, fintech, or other regulated environments
Preferred certifications such as CISSP, CISM, CCSP, AWS Solutions Architect, or similar
Hands‑on technical depth to engage in architecture discussions and assess risk directly
A pragmatic and prioritized approach to reducing risk and improving reliability
Expected salary for this role is $226,000 - $275,000, commensurate with experience, training, skills, qualifications, and other market factors.
#LI-HYBRID #LI-MF1
Job ID: 7466
#J-18808-Ljbffr
Our client, an AI-driven benefits intelligence platform operating in a highly regulated healthcare environment, is seeking a Director of Security & IT to lead its enterprise security strategy, compliance programs, and IT operations. This role will drive the design and execution of security frameworks, ensure adherence to HIPAA and SOC 2 requirements, and safeguard sensitive health and financial data at scale. The ideal candidate brings deep expertise in security architecture, risk management, and compliance within cloud-based environments, along with experience building and maturing security programs in high-growth technology organizations. This hybrid role is based in NYC.
Responsibilities
Lead the design, implementation, and continuous improvement of a comprehensive security program across application, infrastructure, and data protection
Own and evolve security policies, procedures, and controls aligned to HIPAA and SOC 2 Type II requirements
Drive vulnerability assessments, penetration testing, and security audits to identify and mitigate risk
Oversee incident response including containment, remediation, root cause analysis, and reporting
Own identity and access management strategy, enforcing least-privilege access across systems and cloud environments
Implement safeguards including encryption, audit logging, and access controls to protect data at rest, in transit, and in use
Own SOC 2 Type II compliance efforts including audit preparation, controls documentation, and remediation
Ensure adherence to HIPAA Privacy and Security Rules across all handling of PHI
Develop and maintain a risk management framework to identify, assess, and prioritize security and compliance risks
Conduct ongoing risk assessments and vulnerability scans to proactively address gaps
Prepare for and manage regulatory audits, external reviews, and customer security assessments
Stay current on evolving healthcare data privacy regulations and assess their impact on internal practices
Oversee day-to-day IT operations to ensure systems, networks, and applications function securely and efficiently
Lead the internal help desk function, driving timely issue resolution and clear escalation protocols
Monitor performance metrics and implement improvements aligned to business needs
Manage IT asset lifecycle including procurement, tracking, and maintenance
Ensure secure onboarding and offboarding processes with a focus on access control and compliance training
Evaluate and manage cloud providers, vendors, and third-party partners to ensure compliance with security and privacy standards
Conduct vendor due diligence and security assessments aligned to internal requirements
Negotiate and manage contracts and SLAs to ensure vendors meet security and compliance expectations
Partner cross-functionally with Engineering, Legal, Finance, and People teams to align security and data privacy strategies
Serve as the primary liaison for customers and partners on security and compliance matters
Act as a strategic advisor to leadership on security investments and risk tradeoffs
Provide regular reporting on security initiatives, audit outcomes, and compliance posture
Lead, mentor, and develop a team across security, IT, and compliance
Foster a culture of continuous improvement and strong security practices across the organization
Qualifications
Significant years of experience across security, IT infrastructure, and compliance, including leadership ownership of a security function
Experience within a scaling software or AI company and familiarity with building programs under resource constraints
Deep expertise in HIPAA, healthcare data protection, and SOC 2 Type II compliance
Strong understanding of cloud security architecture, particularly AWS, as well as network and container security
Experience building or significantly maturing security and compliance programs rather than solely operating them
Proven ability to operate cross-functionally and drive structured execution across complex initiatives
Strong program management experience across security, compliance, disaster recovery, access management, and vendor risk
Sound judgment in high-trust environments involving sensitive data and systems
Experience leading and developing technical teams with accountability and ownership
Ability to operate both strategically and hands‑on where needed
Experience in healthcare, benefits, fintech, or other regulated environments
Preferred certifications such as CISSP, CISM, CCSP, AWS Solutions Architect, or similar
Hands‑on technical depth to engage in architecture discussions and assess risk directly
A pragmatic and prioritized approach to reducing risk and improving reliability
Expected salary for this role is $226,000 - $275,000, commensurate with experience, training, skills, qualifications, and other market factors.
#LI-HYBRID #LI-MF1
Job ID: 7466
#J-18808-Ljbffr