Director, Security & IT

Our client, an AI-driven benefits intelligence platform operating in a highly regulated healthcare environment, is seeking a Director of Security & IT to lead its enterprise security strategy, compliance programs, and IT operations. This role will drive the design and execution of security frameworks, ensure adherence to HIPAA and SOC 2 requirements, and safeguard sensitive health and financial data at scale. The ideal candidate brings deep expertise in security architecture, risk management, and compliance within cloud-based environments, along with experience building and maturing security programs in high-growth technology organizations. This hybrid role is based in NYC.

Responsibilities

• Lead the design, implementation, and continuous improvement of a comprehensive security program across application, infrastructure, and data protection
• Own and evolve security policies, procedures, and controls aligned to HIPAA and SOC 2 Type II requirements
• Drive vulnerability assessments, penetration testing, and security audits to identify and mitigate risk
• Oversee incident response including containment, remediation, root cause analysis, and reporting
• Own identity and access management strategy, enforcing least-privilege access across systems and cloud environments
• Implement safeguards including encryption, audit logging, and access controls to protect data at rest, in transit, and in use
• Own SOC 2 Type II compliance efforts including audit preparation, controls documentation, and remediation
• Ensure adherence to HIPAA Privacy and Security Rules across all handling of PHI
• Develop and maintain a risk management framework to identify, assess, and prioritize security and compliance risks
• Conduct ongoing risk assessments and vulnerability scans to proactively address gaps
• Prepare for and manage regulatory audits, external reviews, and customer security assessments
• Stay current on evolving healthcare data privacy regulations and assess their impact on internal practices
• Oversee day-to-day IT operations to ensure systems, networks, and applications function securely and efficiently
• Lead the internal help desk function, driving timely issue resolution and clear escalation protocols
• Monitor performance metrics and implement improvements aligned to business needs
• Manage IT asset lifecycle including procurement, tracking, and maintenance
• Ensure secure onboarding and offboarding processes with a focus on access control and compliance training
• Evaluate and manage cloud providers, vendors, and third-party partners to ensure compliance with security and privacy standards
• Conduct vendor due diligence and security assessments aligned to internal requirements
• Negotiate and manage contracts and SLAs to ensure vendors meet security and compliance expectations
• Partner cross-functionally with Engineering, Legal, Finance, and People teams to align security and data privacy strategies
• Serve as the primary liaison for customers and partners on security and compliance matters
• Act as a strategic advisor to leadership on security investments and risk tradeoffs
• Provide regular reporting on security initiatives, audit outcomes, and compliance posture
• Lead, mentor, and develop a team across security, IT, and compliance
• Foster a culture of continuous improvement and strong security practices across the organization

Qualifications

• Significant years of experience across security, IT infrastructure, and compliance, including leadership ownership of a security function
• Experience within a scaling software or AI company and familiarity with building programs under resource constraints
• Deep expertise in HIPAA, healthcare data protection, and SOC 2 Type II compliance
• Strong understanding of cloud security architecture, particularly AWS, as well as network and container security
• Experience building or significantly maturing security and compliance programs rather than solely operating them
• Proven ability to operate cross-functionally and drive structured execution across complex initiatives
• Strong program management experience across security, compliance, disaster recovery, access management, and vendor risk
• Sound judgment in high-trust environments involving sensitive data and systems
• Experience leading and developing technical teams with accountability and ownership
• Ability to operate both strategically and hands-on where needed
• Experience in healthcare, benefits, fintech, or other regulated environments
• Preferred certifications such as CISSP, CISM, CCSP, AWS Solutions Architect, or similar
• Hands-on technical depth to engage in architecture discussions and assess risk directly
• A pragmatic and prioritized approach to reducing risk and improving reliability

Expected salary for this role is $226,000 - $275,000, commensurate with experience, training, skills, qualifications, and other market factors.

#J-18808-Ljbffr