Senior Director, Head of Information Security

Reimagine the infrastructure of cancer care within a community that values integrity, inspires growth, and is uniquely positioned to create a more modern, connected oncology ecosystem. 

We’re looking for a strategic, product-minded Head of Security to lead our information security program to help us accomplish our mission to improve and extend lives by learning from the experience of every person with cancer. In this role you will be responsible for defining and executing a security strategy that protects patient, customer, and company data—while enabling innovation across our data products, services, and platforms. Are you ready to be the next changemaker in cancer care?

What You'll Do

As the Head of Security, you will report to the VP, Chief Risk & Compliance Officer and oversee the development, strategy, and performance of the information security program. You will play a critical role in defining our security standards. You will embed security in the development lifecycle, communicate risk in business terms, and drive alignment across engineering, product, and other technical teams. This is a unique opportunity to shape the future of security at a mission-driven company operating at the intersection of healthcare, AI, data, and technology. Your key responsibilities will be as follows:

• Define and lead Flatiron’s enterprise-wide information security strategy, ensuring alignment with business goals, regulatory requirements, and risk appetite.
• Develop a strategy that is global in scope, balancing enterprise-wide consistency and local complexity. 
• Oversee product and cloud security engineering, GRC (governance, risk management, compliance), and incident detection and response functions.
• Implement scalable “shift-left” security processes and tooling to integrate security early in the product and infrastructure development lifecycle.
• Develop frameworks to translate technical security risks into business impact, enabling informed prioritization and decision-making.
• Launch and maintain security risk and performance metrics dashboards to track areas of risk and progress over time.
• Collaborate with product and platform leaders to ensure security initiatives are aligned with business priorities and delivery timelines.
• Guide the secure development and delivery of Flatiron’s data products and services, including oversight of AI governance frameworks.
• Ensure security practices support the safe, compliant, and scalable use of confidential data (including PHI/PII).
• Lead security efforts across both modern cloud-native stacks (e.g., Kubernetes, Snowflake, GitLab CI/CD) and legacy monolithic/on-premises systems, driving secure modernization.
• Foster a strong security culture through education, tooling, cross-functional collaboration, and the development of a high-performing, customer-oriented security team.

Who You Are

You're a kind, passionate and collaborative problem-solver who values the opportunity to think beyond the way things are. In addition, you’re an experienced leader with 10+ years of progressive experience in information security, including 5+ years in a senior leadership role (e.g., CISO, Head of Security Engineering, Director of Security).

• You have experience building and mentoring high-performing, cross-functional security teams.
• Proven track record of leading security at a product-focused, data-driven technology company, ideally in healthcare, life sciences, or another regulated industry.
• Experience securing data products and services.
• Demonstrated success in integrating security into agile development processes and influencing product and engineering roadmaps.
• Deep understanding of programmatic security, including automation, infrastructure-as-code, and secure CI/CD practices.
• Hands-on experience with both modern cloud-native architectures and legacy technology stacks, with a pragmatic approach to modernization and risk management.
• You have excellent communication and stakeholder management skills, with the ability to translate risk into business terms and influence prioritization decisions.

Extra Credit

• You have a Bachelors or an advanced technical degree in such fields as security or engineering
• You have strong knowledge of regulatory frameworks such as HIPAA, GDPR, and other data privacy laws.
• You have supported an international business and applied global security standards

Where you’ll work

This role will either be remote or hybrid, depending on the candidate. In a hybrid role, you’ll have a defined work location that includes work from home and 3 office days set by you and your team. For more information on our approach to hybrid work, please visit the  how we work website.

Life at Flatiron 

At Flatiron Health, we offer a full range of benefits to support you and your loved ones so you can focus your working hours on improving cancer care and accelerating cancer research, and your non-working hours on everything else life has to offer: 

• Work/life autonomy via flexible work hours and flexible paid time off
• Comprehensive compensation package
• 401(k) contribution to help you reach your retirement planning goals
• Financial health resources including 1:1 financial advice
• Mental well-being tools and services 
• Parental benefits and policies including family-building care and generous leave
• Path to parenthood programs supporting fertility, adoption and surrogacy
• Travel support for safe healthcare services

In addition to our robust benefit offerings, visit our Life at Flatiron page to learn how we support continuous learning and celebrate inclusion and belonging in the workplace.

Job Compensation Range

Salary Range: $212,000 - $319,000
Preferred Primary Location: Durham hub

An important note on compensation

During the interview process, you will have an opportunity to speak with a recruiter to better understand the range based on your location. The pay range for this position is based on the preferred primary location of the role which is listed above. If you are applying to this role at a location that is not the preferred primary location, please keep in mind the salary range will vary and may fall outside of what is listed. Base pay offered may vary depending on job-related knowledge, skills, and experience. An annual bonus and equity may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, depending on the position offered.