Director of Security

Job Description

Job Description

At OneStudyTeam (a Reify Health company), we specialize in speeding up clinical trials and increasing the chance of new therapies being approved with the ultimate goal of improving patient outcomes. Our cloud-based platform, StudyTeam, brings research site workflows online and enables sites, sponsors, and other key stakeholders to work together more effectively. StudyTeam is trusted by the largest global biopharmaceutical companies, used in over 6,000 research sites, and is available in over 100 countries. Join us in our mission to advance clinical research and improve patient care.

One mission. One team. That's OneStudyTeam.

The Director of Security leads enterprise security strategy and execution across governance, risk, compliance, and security engineering. This role manages the GRC and Security Engineering teams, partners with technology and business leaders, and ensures the design and operation of secure systems and processes across the organization.

The Director is accountable for program maturity, audit readiness, and continual improvement. The scope includes third party risk, vendor assessment and qualification, security architecture oversight, AI related security assessments and guidance, incident response leadership, and budget ownership for security programs.

This is a hands-on, technical leadership role with high autonomy that blends strategic program leadership with practical execution. The Director will develop roadmaps and metrics, allocate resources, and ensure alignment with business priorities and regulatory obligations.

• Lead and manage the GRC and Security Engineering teams, including strategy, objectives, staffing, coaching, and performance management.
• Own governance, risk, and compliance programs. Maintain ISO 27001 and related controls. Drive audit readiness for HIPAA and other frameworks. Coordinate policy lifecycle management and control testing.
• Run vendor assessment and qualification program. Oversee third party risk management, due diligence, contractual security requirements, and continuous monitoring.
• Provide AI related security assessments and guidance. Establish acceptable use guardrails for AI, assess model and data risks, and advise on controls for AI enabled solutions.
• Oversee security architecture for cloud environments and enterprise platforms. Partner with engineering on secure design for AWS, Azure, identity, network, and data protection.
• Direct security engineering operations. Manage EDR and threat detection with CrowdStrike, SIEM operations, CSPM posture management, vulnerability management, and SOAR automation.
• Lead incident response readiness and execution. Run tabletop exercises, coordinate investigations, and deliver root cause and lessons learned.
• Own and manage security budgets, multiyear planning, vendor contracts, and cost optimization while meeting control objectives.
• Report program status and risk posture to executives and the board. Define and track KPIs and KRIs. Communicate clearly with technical and non technical stakeholders.
• Establish and enforce secure software development practices and SDLC controls with engineering leadership.
• Maintain a current security roadmap and maturity plan aligned to business priorities.
• Oversee metrics, dashboards, and reporting for program performance and risk reduction.
• Coordinate with Legal, Privacy, and Compliance on regulatory obligations and customer security assessments.
• Champion security awareness training and culture, sponsor targeted training for engineering and high risk roles.
• Evaluate, select, and manage strategic security vendors and platforms, drive successful implementations and integrations.
• Represent security in customer meetings and due diligence, provide credible technical and compliance answers.

• 15+ years of progressive experience in information security or related fields.
• 10+ years of management experience leading security teams, including people leadership and program ownership.
• Bachelor's degree in Computer Science, Engineering, Information Security, or related field.
• Relevant certifications strongly preferred. Examples include CISSP and CISM.
• [Proven leadership of security programs at enterprise scale. Ability to set strategy, drive execution, and deliver measurable outcomes.
• Demonstrated expertise in governance, risk, and compliance programs, including driving the implementation of ISO27001, SOC2, or HITRUST certification.
• Experience with AI security risk management, data protection for AI use cases, and acceptable use guardrails for AI and large language models.
• Strong background in secure software development, application security, and SDLC controls, including threat modeling and secure coding practices.
• Hands-on knowledge of cloud security for AWS and Azure, identity and access management, network security, data protection, and key management.

The expected salary range for this role is $190,000 - $240,000 USD per year for full time team members.

#LI-Remote

We value diversity and believe the unique contributions each of us brings drives our success. We do not discriminate on the basis of race, sex, religion, color, national origin, gender identity, age, marital status, veteran status, or disability status.

Note : OneStudyTeam is unable to sponsor work visas at this time. If you are a non-U.S. resident applicant, please note that OneStudyTeam works with a Professional Employer Organization.

As a condition of employment, you will abide by all organizational security and privacy policies.

This organization participates in E-Verify (E-Verify's Right to Work guidance can be found here).

Mandatory Employer Disclosures:
Notice to Illinois applicants: Applicants are not obligated to disclose expunged juvenile records or adjudication, arrest, or conviction.
Notice to Connecticut applicants: OneStudyTeam may require applicants to submit to a urinalysis drug test in connection with an application for employment.
Notice to Arizona, Georgia, Indiana, and North Dakota applicants: OneStudyTeam complies with applicable laws prohibiting smoking in and around places of employment.
Notice to Massachusetts applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Notice to Rhode Island applicants: OneStudyTeam complies with Rhode Island law prohibiting smoking in enclosed areas within places of employment. OneStudyTeam is also subject to is subject to Chapters 29–38 of Title 28 of the Rhode Island General Laws.
Notice to Maryland applicants: UNDER MARYLAND LAW, AN EMPLOYER MAY NOT REQUIRE OR DEMAND, AS A CONDITION OF EMPLOYMENT, PROSPECTIVE EMPLOYMENT, OR CONTINUED EMPLOYMENT, THAT AN INDIVIDUAL SUBMIT TO OR TAKE A LIE DETECTOR OR SIMILAR TEST. AN EMPLOYER WHO VIOLATES THIS LAW IS GUILTY OF A MISDEMEANOR AND SUBJECT TO A FINE NOT EXCEEDING $100.