Director, IT, Security & Compliance
Job Type
Full-time
Description

The Director, Information Technology & Security/Compliance is responsible for the day-to-day management of the company's IT operations and security/compliance programs. This includes overseeing the relationship with the company's managed IT service provider, ensuring the security and reliability of IT systems, and leading the company's compliance efforts under frameworks including HIPAA, SOC 2, and HiTrust. This role reports to the VP, Information Technology and serves as the primary operational lead for IT infrastructure and regulatory compliance.


  • Manage the day-to-day relationship with the company's managed IT service provider, serving as the primary point of contact for service delivery, escalations, and performance management.
  • Oversee IT operations including cloud operations, endpoint management, and identity and access management.
  • Lead a group of dev ops and system reliability engineers for cloud operations.
  • Lead and maintain the company's HiTrust certification program, including gap assessments, remediation tracking, and audit coordination.
  • Own and manage the SOC 2 compliance program, including evidence collection, control monitoring, and coordination with external auditors.
  • Develop, implement, and maintain IT security policies, procedures, and controls in alignment with applicable regulatory and contractual requirements.
  • Conduct and coordinate risk assessments, such as penetration testing; develop and track remediation plans for identified vulnerabilities and gaps.
  • Manage incident response activities including identification, containment, investigation, and documentation of security events.
  • Maintain and test disaster recovery (DR) and business continuity plans.
  • Ensure ongoing HIPAA compliance across systems, processes, and third-party relationships.
  • Manage IT vendor relationships and contracts, including software licensing, cloud services, and security tooling.
  • Prepare and maintain compliance documentation.
  • Perform other duties as assigned to support business needs and company objectives.
Requirements
  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity or a related field is required.
  • 5+ years of experience in IT operations, security, or compliance roles, with at least 2 years in a management or leadership capacity.
  • Demonstrated experience managing a HiTrust certification program (HITRUST CSF).
  • Demonstrated experience managing a SOC 2 audit and compliance program.
  • Experience managing a third-party managed IT services or helpdesk provider.
  • Strong working knowledge of HIPAA Security and Privacy Rules.
  • Experience conducting risk assessments and implementing security controls.
  • Experience with incident response and disaster recovery planning.
  • Strong understanding of cloud computing security and infrastructure (AWS, Azure, or GCP).
  • Strong analytical and problem-solving skills.
  • Excellent communication and interpersonal skills; ability to translate technical risk into business terms.
  • Experience in healthcare, life sciences, or health data industries strongly preferred.
  • Relevant certifications (CISSP, CISM, CRISC, HITRUST CCSFP, or equivalent) a plus.
Salary Description
165,000-185,000