Director Information Security

The Opportunity

Our client is a healthcare organization serving a large national membership base. They manage member health and payment data at scale and operate in a regulated compliance environment spanning PCI-DSS and HIPAA-adjacent requirements. The organization is actively investing in its technology function: modernizing infrastructure and building a forward-looking AI governance strategy.

This is a program-building role. You will inherit a small team and own the full security function: strategy, execution, compliance, budget, and board-level reporting. The right candidate wants to build, not maintain.

Essential Job Duties & Responsibilities

• Develop and maintain IT Security Roadmap, including timelines and budgets
• Lead IT Security plans for Artificial Intelligence, including Agentic AI for software development and business process automation
• Provide IT Security expertise for, and actively participate in, the AI Oversight Committee
• Plan, design, develop, and implement Information Security policies and practices across the company's hybrid infrastructure environment using common security tools
• Lead a team of Information Security professionals to drive vision, goals, and objectives including managing staffing, performance, and budgets
• Maintain IT Compliance and Information Security framework, including risk management policies, standards, and guidelines
• Conduct regular security monitoring and reporting to ensure adequate security defenses, systems, and settings are in place to protect against intrusion, theft, destruction, or misuse of company information
• Coordinate and execute proactive information security consulting to business and IT teams covering cybersecurity, electronic data management, network architecture, and access management
• Lead the security incident response process
• Adhere to and enforce system security policies and comply with applicable laws and regulations, including banking laws, PCI/PHI, and HIPAA
• Monitor internal control systems to ensure appropriate information access levels are maintained; perform security audits on software, networks, and hybrid environments (on-premises, public cloud, private cloud, SaaS)
• Perform information security risk analysis and periodic information system activity reviews
• Develop and maintain an executive scorecard based on IT organization OKRs for IT Security
• Lead all IT Security audit responses, management responses, and action plans
• Provide Board-level input to the CIO for Board presentations
• All other duties as assigned

Essential Skills & Abilities

• Ability to work as part of a multidisciplinary team and collaborate across functions
• Advanced skill in administering data security programs
• Advanced skill in disaster recovery planning
• Strong interpersonal and verbal communication skills
• Knowledge of security implications of cloud-based information systems and experience driving transformational change within cloud-based, secure environments with control systems
• Experience working with the security needs and compliance requirements of financial and/or healthcare institutions
• Demonstrated experience deploying and operating the following tools: CrowdStrike, KnowBe4, Qualys, Rapid7, Orca, ThreatLocker, Thycotic, Trend Micro Email Security, Directory Synchronization Tool, Trend Micro Full Disk Encryption, Pentera, Immersive Labs, or equivalent
• Ability to effectively manage problems involving multiple variables
• Leadership ability — coaching, training, performance management, budget planning, and staffing in support of a high-performing team

Education and/or Experience

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a closely related field with 8 years of progressive experience required, preferably in a healthcare payer or financial services organization of similar size or larger
• 5 years of experience working with IT guidelines and requirements compliant with at least two of the following: HIPAA, PCI-DSS, HITRUST, SOC 1/2/3
• Prior supervisory experience leading IT security professionals required