Director of Information Security and Principal Cloud Security Architect

About the Opportunity
We are seeking an experienced Director of Information Security & Principal Cloud Security Architect to lead Flywheel’s security strategy and execution. This dual-role position is responsible for driving information security leadership at the organizational level while also providing hands-on technical expertise in cloud security architecture.  This role requires deep expertise in cloud security (AWS and Azure) to safeguard cloud-based infrastructure and applications. 
Environment
We’re highly responsive to customer needs and constantly strive to make a positive contribution to the biomedical and life sciences communities we serve. Team members are recognized and rewarded when advocating for customer success and satisfaction over other concerns. We value self-motivated, creative individuals who work well in a collaborative environment – constantly generating and sharing new ideas and solutions with the team.  
Flywheel has a comprehensive benefits package and encourages a balanced work life and home life. 

Responsibilities

• Manage all aspects of Security Strategy and Operations for a SaaS platform in medical imaging space.
• Security Strategy & Leadership: Define, communicate and execute a comprehensive security strategy aligned with Flywheel’s business objectives, industry standards, and regulatory requirements. Stay up to date with the latest cloud security trends, tools, and services applying them to our cloud security strategy. 
• Secure SDLC: develop and recommend design patterns, tools and security best practices for Product Architecture, Development and Testing, with a goal of building securely by shifting left. 
• Security Controls: Establish and enforce security policies, standards, and procedures to protect customer and internal assets and data. Architect and implement security controls for cloud environment leveraging best practices for securing Kubernetes, AWS and Azure infrastructure, services and applications. 
• Risk and Threat Management:Develop threat models, conduct regular risk assessments, vulnerability analyses, and penetration testing to identify and mitigate potential threats. Implement proactive security controls and remediation plans. 
• Compliance: Ensure ongoing adherence to SOC2 and HITRUST certifications and stay abreast of evolving regulatory landscapes affecting the medical imaging industry.
• Incident Response & Forensics: Develop and execute incident response plans, lead real-time threat mitigation and forensic investigations. 
• Team Leadership: Manage and mentor the security team, fostering professional growth and ensuring the team’s effectiveness. 
• Cloud Security Architecture: Design, implement, and manage secure architectures for Flywheel’s product infrastructure and applications across AWS and Azure environments, and internal corporate systems. Work directly with Software Architects and Engineers to ensure system design meets security requirements. 
• Automation & Security Engineering: Develop internal applications and scripts to continuously test, monitor, and enhance security defenses. 
• Customer-Facing Security Advisory: Represent Flywheel’s security strategy and architecture to customers and prospects, ensuring trust and transparency in security operations. 
• Secure Deployment into Customer Ecosystem: Work with Flywheel customers to ensure secure deployment and integration of Flywheel's platform into customer ecosystem and customer managed cloud environments. 
• Advanced Security Incident Handling: Lead deep technical investigations for security incidents, applying advanced analysis, forensic research, and mitigation techniques. 

What would make you a great fit

• Bachelor’s degree in Computer Science, Information Security, or a related field; advanced degree preferred.
• Minimum of 8 years in software engineering with focus on information security, with at least 3 years in a leadership role within a SaaS or healthcare technology environment.
• In-depth hands-on knowledge of security frameworks, Kubernetes, encryption standards, SIEM platforms, DevSecOps tools, and cloud security automation. Deep understanding of defense-in-depth strategies, zero-trust models, identity and access management (IAM), threat modeling, key management techniques, vulnerability assessment techniques, and secure coding practices. Excellent knowledge of WAF, intrusion detection/prevention systems (IDS/IPS), network segmentation, VPNs and network access control (NAC).
• Expert level practical knowledge of AWS and Azure Cloud Platforms, especially Managed Kubernetes, Cloud Storage, VPC, KMS, VM Services.
• AWS, Azure and relevant security certifications are highly desirable.
• Expertise in security regulations and frameworks (e.g., NIST, ISO 27001, SOC2, HITRUST, HIPAA, GDPR) to design systems and processes that protect data and demonstrate adherence to industry standards.
• Proven ability to lead and develop high-performing security teams.
• Excellent verbal and written communication skills, with the ability to convey complex security concepts to both internal and external audiences.
• Exceptional analytical skills and the ability to make decisions under pressure and resolve ambiguity.