Director, IT Security

Overview

Position Overview:  

The Director, IT Security will lead and manage a team responsible for safeguarding the company's healthcare data, infrastructure, and platforms. Reporting to the CISO/Head of IT, you will contribute to and execute the strategy for the highest standards of product security, enterprise architecture, cloud security, vulnerability management, third party risk management, and the monitoring of compliance with industry standards and regulatory requirements such as HIPAA and HITRUST. This role is critical in protecting sensitive healthcare data and ensuring the security of HealthEdge and our customers. 

About Center of Excellence:

Centers of Excellence (COE) are teams whose primary goal is to provide expertise in a specific field. COEs will usually provide support through training, research, and skilled leaders. In the case of HealthEdge, our Centers of Excellence incorporate the Human Resources, IT, Legal and Financial fields, all of which provide support to our Product divisions and allows the enterprise to move forward and achieve its goals.

Your Impact:  

Leadership and Team Management: 

• Lead, mentor, and develop a team of security professionals, fostering a culture of enthusiasm and accountability for continually raising the bar. You’ll drive results via clear objectives and promote autonomy, emphasizing identification of challenges and creative ideation to elevate business value. 

• Contribute to the design and execution of a comprehensive security strategy in alignment with the company’s overall cybersecurity goals, while ensuring we’re as nimble as the threat actors we defend against daily. Being adept at long-term planning and the ability to scale is crucial. 

• Leverage your propensity for bridge building and your passion for continual improvement to provide the highest quality user experience for HealthEdge’s employees.  

• Embrace and promote change agility not only within the Security Team, but throughout the broader organization. Transform existing processes and evolve growth in a manner that seamlessly provides the best employee experience, particularly with SDLC, product security, and enterprise design engineering. 

• Adopt an educator’s headspace, empower our employees to understand what we’re up against and build processes for our employees to embody a “see something, say something” ethos.   

Security Tooling and Automation: 

• Drive the evaluation, implementation, and management of security tools and technologies that enhance the company’s security posture; application security, SDLC automation, JIT, CSPM, DSPM, access control, infra as code, vulnerability management platforms, observability, and more.

• Bring our AI-First objectives to bear. Continually be on the lookout for emerging GenAI and Agentic AI capabilities that enhance efficiency and efficacy. Be a SME in requirements gathering, stakeholder management, and adoption while balancing associated risk and regulatory requirements.

• Optimize business investments in tooling via a “whole is greater than the sum of its parts” mentality. Recognize when we can leverage automation to fill gaps, add efficiencies, and ensure our tooling is operating as expected. Iterate. 

• Leverage your enterprise security and regulatory experience to partner with and contribute to other functions within the Security, IT, and PMO teams.   

Vulnerability Management and Risk Mitigation: 

• Own the Vulnerability Management strategy throughout HealthEdge. Ensure best in practice capabilities to identify and remediate application and infrastructure vulnerabilities. Lead penetration testing initiatives, driving related mitigations until completion. 

• Develop relationships with stakeholders and empower a Shift Left function throughout the business. Empower our technical owners with the most efficient means of protecting what’s in their purview. Build a consumable and easily accessible means for business leadership to understand the health of our ecosystem.

• Partner with our GRC Team to assess and to incorporate rigor into our Risk Management program, ensuring risk registries and associated oversight are baked into our SOPs. Integrate and automate. 

• Own Third Party Risk, ensuring our stakeholders are aware of how insecure partnerships can harm the business. Provide and maintain an easily accessible means for our employees to engage the Security Team to perform diligence. Partner with our GRC team to incorporate rigor into our risk reviews and maintain continuous monitoring.  

Stakeholder Communication and Reporting: 

• Be the go-to person and best practices champion for our Product Teams. Embed with our DevOps and Infrastructure teams, ensuring security and compliance are always shifted left. 

• Be good at storytelling. Effectively convey not only the “what”, but also the “why” to a broad and disparate population. Have persuasive conversations when oppositional objectives are at play and adeptly identify trade spaces when required. 

• Partner with our Corporate PMO Team for both internal and cross functional projects, ensuring workload management and project execution statuses are captured in a consumable way for multiple levels of stakeholders. 

• Collaborate with internal departments and external vendors to align security efforts with business objectives and customer needs.

• Help build high impact Objectives and Key Results (OKRs), both short term and long term, with precise and high-fidelity milestones.  

Compliance and Regulatory Adherence: 

• Ensure compliance with healthcare industry standards and regulations, including HIPAA, HITRUST, and other applicable frameworks.

• Collaborate with legal, compliance, and audit teams to support security audits, certifications, and assessments.

• Be an exemplar with control ownership, ensuring procedures are continually adhered to, and evidence is effectively managed as an operating principle.  

What You Bring:  

• Ownership. As a Director you can identify business challenges and know what excellence looks like. You not only can envision some of the strategy but can lead execution, navigating entropy and ambiguity with a myriad of stakeholders.

• 12+ years of experience in IT and enterprise security, with at least 7 years in a leadership role.

• A strong pulse on both GenAI and Agentic AI, with ideas that will pave the way for continual innovation and risk-balanced adoption.

• Exceptional communication skills, both verbal and written. The ability to convey business challenges and associated paths to improvements while being an active listener is key. Continually demonstrating this as a strength is crucial to excel in this role.

• An expert level understanding of risks of operating in a public cloud and associated mitigations. Direct experience designing comprehensive security architectures that provide the full suite of governance; IAM, Device Trust, Infra as Code, cost control, observability and alerting, logical policy building and dynamic enforcement, data protection, etc. Hands on experience is a big plus.

• Extensive experience with securing SDLC. Firsthand knowledge of what AI brings to the table with software development is desired. 

• Leadership and programmatic experience in a “grown by acquisition” environment. The ability to think big picture as it pertains to planning for near-term and long-term consolidation initiatives is key to this role.

• A proven ability to make futureproof business investments; building capabilities and incorporating processes that support scale; recognition of potential bottlenecks and the ability to navigate them is a strong skill for you. Thinking outside of the box and analyzing at a foundational level is your default.  

HealthEdge commits to building an environment and culture that supports the diverse representation of our teams. We aspire to have an inclusive workplace. We aspire to be a place where all employees have the opportunity to belong, make an impact and deliver excellent software and services to our customers. 

Geographic Responsibility: While HealthEdge is located in Burlington, MA you may live anywhere in the US 

Type of Employment: Full-time, permanent 

Travel: 10% 

Work Environment: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job:  

• The employee is occasionally required to move around the office. Specific vision abilities required by this job include close vision, color vision, peripheral vision, depth perception, and ability to adjust focus. 

• Work across multiple time zones in a hybrid or remote work environment. 

• Long periods of time sitting and/or standing in front of a computer using video technology. 

• May require travel dependent on company needs.  

The above statements are intended to describe the general nature and level of the job being performed by the individual(s) assigned to this position. They are not intended to be an exhaustive list of all duties, responsibilities, and skills required. HealthEdge reserves the right to modify, add, or remove duties and to assign other duties as necessary. In addition, reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position in compliance with the Americans with Disabilities Act of 1990.  Candidates may be required to go through a pre-employment criminal background check. 

HealthEdge is an equal opportunity employer. We are committed to workforce diversity and actively encourage all qualified persons to seek employment with us, including, but not limited to, racial and ethnic minorities, women, veterans and persons with disabilities. 

#LI-Remote