Senior Director, Security, CCS

Overview: The Senior Director, Security is responsible for strategic direction, leadership and execution of the company's security strategy. This leader will be the Information Security Officer for the company and will have an overarching objective of safeguarding our organization's assets and reputation. The Sr. Director, Security will oversee the security of our digital infrastructure, data and physical security operations, security governance, risk, and compliance for the company. The ideal candidate will be a seasoned leader with experience in cybersecurity, data privacy, risk management, and regulatory compliance in the healthcare sector. This role will work closely with the CEO, VP, Technology, and other executives to integrate security practices across all business functions. This role will serve as the subject matter expert and support client interactions related to our security program.

Key Responsibilities:

• Leadership and Strategy:
  
  
  
  • Design and implement a comprehensive security strategy across the organization, including IT security, physical security, and risk management for health data. Ensure alignment between security objectives and the organization's overall business goals.
  • Establish and maintain a security governance framework to ensure policies, procedures, and standards align with industry best practices, regulations and compliance requirements (ie. HIPAA, SOC-2, etc.).
  • Provide exceptional leadership to the security team, including hiring, mentoring and developing security (and IT professionals) across the organization.
  • Develop and maintain strong relationships with executive leadership, IT, Operations, Legal and Compliance teams to integrate security principles into business practices.
  • Communicate security-related issues, risks, and success to executive leadership and the board of directors.
  
  
  
  
• Cyber Security and Risk Management:
• Identify, assess and mitigate potential threats to the organization's technology infrastructure and patient/customer data.
• Oversee the design and implementation of robust security measures to protect against data breaches, cyberattacks, and other security risks, inclusive of security architecture.
• Ensure a proactive approach to risk management by conducting regular vulnerability assessments, penetration testing, and incident response exercises.
• Develop and implement disaster recovery and business continuity plans to safeguard the organization's critical systems and data.
• Ensure software changes align with security policies by overseeing code reviews, vulnerability scanning, risk assessments, and compliance validation before approval.
• Compliance and Regulatory Oversight:
• Ensure the organization adheres to all applicable healthcare privacy regulations, including HIPAA and other security regulations.
• Lead efforts to maintain third-party security certifications (ie. SOC-2) and manage regular audits to demonstrate compliance.
• Oversee the implementation of security policies, training programs, and awareness initiatives to ensure staff at all levels understand their role in protecting sensitive data.
• Lead the audit program and ensure continued compliance with SOC-2 Controls
• Establishes and oversees a security vendor risk tiering framework by evaluating vendors based on risk factors such as data sensitivity, regulatory impact, security posture, and business criticality.
• Incident Response and Crisis Management:
• Lead the development and execution of incident response strategies and protocols to quickly identify and mitigate security breaches and cyber incidents.
• Oversee investigations and reporting of security incidents, ensuring all appropriate actions are taken and stakeholders internally and externally are notified promptly.

Qualifications:

• 10+ years of progressive leadership in information security, with a proven track record in healthcare or a highly regulated industry.
• In-depth knowledge of healthcare compliance and regulatory requirements.
• Expertise in cybersecurity best practices, threat detection and incident response.
• Strong leadership, communication, and interpersonal skills, with experience managing cross-functional teams. Ability to interact with clients.
• Security certifications (e.g. CISSP, CISM, CISA, or equivalent) are strongly preferred.
• Experience with security tools and technologies including firewalls, intrusion detection prevention systems, endpoint security, SIEM solutions, and cloud security.
• Strong business acumen with the ability to balance security needs with organizational goals.

Education:

• Bachelor's degree in computer science, Information Technology or a related field.
• Master's Degree in technology or related field preferred.

Location:

• This position is remote, but candidates must be based in the U.S.