Director of Security and IT Operations

COMPANY: HealthMark Group is a leading provider of healthcare release of information solutions, dedicated to simplifying and streamlining the exchange of medical data between healthcare providers, payers, and patients. We empower healthcare organizations to securely and efficiently manage the exchange of health information, ensuring compliance with regulatory requirements while maintaining the highest standards of privacy and security.

LOCATION: Remote

POSITION: DIRECTOR OF SECURITY & IT OPERATIONS (SECOPS)

The Director of Security & IT Operations (SecOps) is responsible for leading all Information Security and IT operations of the company, including development, implementation and review of information security & IT Operations policies, procedures, and regulations. The Director of SecOps will be charged with safeguarding all systems, PHI, and intellectual property utilizing the most up-to-date tools and techniques and can lead and support compliance with and achievement of industry certifications (HITRUST, SOC 2, etc.).  This role will manage, document, and improve HealthMark’s home office and production cloud Infrastructure to support current and future business objectives.

HealthMark Group is building the next generation of software for digital health information, including patient engagement and patient records. We focus on reducing the overall administrative burden of healthcare patient data journeys.

PRIMARY ROLE AND RESPONSIBILITIES:

Overall

• Build and lead a team of security, infrastructure and IT Support professionals, attracting and retaining high-performers and fostering a collaborative culture.
• Provide guidance, mentorship, and professional development opportunities to team members, promoting their growth and success.
• Establish and maintain effective communication channels to ensure seamless collaboration across teams and departments.
• Meet financial objectives by forecasting infrastructure and security requirements and assisting in budget planning
• Keep current with the latest Cloud and Security trends

Security

• Perform the role of Information Security Officer responsible for protecting an organization's information, systems, and technology
• Develop security strategy and collaborate with other departments to ensure proper execution protecting information assets without detriment to profitability or productivity; directing system control development and access management, monitoring, control, and evaluation
• Implement robust data privacy and security measures to safeguard sensitive patient health information
• Establish enterprise security standards through architecture, policy, and training
• Select, implement, and maintain security tooling to support our security strategy
• Lead the attainment, and renewal of existing industry certifications or client-required security assessments in a timely, accurate manner including SOC2, and HITrust
• Oversee and support responding to client security assessments 
• Lead risk management, security incident response programs and procedures; Conduct periodic security audits and investigate breaches
• Integrate security into every stage of the Development pipeline providing teams with tools and resources at each phase to create safe and secure code 
• Monitors and recommends improvements to security, compliance, and privacy environment

Infrastructure & IT Operations

• Oversee the design, development, and maintenance of our cloud and corporate infrastructure, ensuring scalability, reliability, and security in accordance with AWS’s Well-Architected Framework and HealthMark Group’s objectives
• Continuously monitor and optimize system performance, leveraging data analytics and performance metrics to drive improvements.
• Develop and improve our security and infrastructure technical practices including Infrastructure as Code (IaC), automation, DevSecOps, and CI/CD

• Lead Disaster Recovery and Data Backup planning, analysis, implementation, testing and execution
• Oversee the design, development, and maintenance of our home office infrastructure, ensuring a reliable, cost-effective and secure end-user and home office environment
• Implement and oversee IT Service Management (ITSM) processes to ensure that incidents, service requests, problems, changes, and IT assets in addition to other aspects of IT services are managed in a streamlined way
• Oversee the internal IT Support (Help Desk) team; equipment purchase & provisioning, user access management, endpoint maintenance, and contributing to the overall improvement of our Corporate (Home Office and End User) IT stack
• Oversee new hire onboarding/offboarding for IT managed equipment, software, and access
• Oversee management of help desk tickets and support daily maintenance tasks ensuring we meet timely response and resolution SLAs

REQUIRED EXPERIENCE AND QUALIFICATIONS:

• Bachelor's degree in Computer Science, Information Technology, or relative experience
• 8+ years of professional infrastructure or security engineering experience
• Proven experience managing, leading, and mentoring a team of security and infrastructure engineers
• In-depth knowledge of architecting and managing Amazon Web Services environments (or other large-scale cloud providers (Azure, GCP))
• Understanding fundamental design principles of a scalable, secure infrastructure
• Expertise in building robust security programs
• Experience with HIPAA, HITrust, or SOC2 security controls
• Excellent troubleshooting and communication skills
• Strategic thinking and problem-solving skills, with the ability to translate business goals into actionable infrastructure & security strategies.
• Strong project management skills, with the ability to prioritize and manage multiple initiatives simultaneously.
• Excellent communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels.
• Results Oriented

ADDITIONAL PREFERRED EXPERIENCE:

• Healthcare technology experience
• Current AWS Certifications (Architect, Security, SysOps, Security)
• Current information security certification (CISSP, CSSLP, CCFP, CISM)
• SaaS experience
• Advanced degrees or certifications are a plus