Director, Security & IT

New York , New York| United States Direct Hire Our client, an AI-driven benefits intelligence platform operating in a highly regulated healthcare environment, is seeking a Director of Security & IT to lead its enterprise security strategy, compliance programs, and IT operations. This role will drive the design and execution of security frameworks, ensure adherence to HIPAA and SOC 2 requirements, and safeguard sensitive health and financial data at scale. The ideal candidate brings deep expertise in security architecture, risk management, and compliance within cloud-based environments, along with experience building and maturing security programs in high-growth technology organizations. This hybrid role is based in NYC. Responsibilities Lead the design, implementation, and continuous improvement of a comprehensive security program across application, infrastructure, and data protection Own and evolve security policies, procedures, and controls aligned to HIPAA and SOC 2 Type II requirements Drive vulnerability assessments, penetration testing, and security audits to identify and mitigate risk Oversee incident response including containment, remediation, root cause analysis, and reporting Own identity and access management strategy, enforcing least-privilege access across systems and cloud environments Implement safeguards including encryption, audit logging, and access controls to protect data at rest, in transit, and in use Own SOC 2 Type II compliance efforts including audit preparation, controls documentation, and remediation Ensure adherence to HIPAA Privacy and Security Rules across all handling of PHI Develop and maintain a risk management framework to identify, assess, and prioritize security and compliance risks Conduct ongoing risk assessments and vulnerability scans to proactively address gaps Prepare for and manage regulatory audits, external reviews, and customer security assessments Stay current on evolving healthcare data privacy regulations and assess their impact on internal practices Oversee day-to-day IT operations to ensure systems, networks, and applications function securely and efficiently Lead the internal help desk function, driving timely issue resolution and clear escalation protocols Monitor performance metrics and implement improvements aligned to business needs Manage IT asset lifecycle including procurement, tracking, and maintenance Ensure secure onboarding and offboarding processes with a focus on access control and compliance training Evaluate and manage cloud providers, vendors, and third-party partners to ensure compliance with security and privacy standards Conduct vendor due diligence and security assessments aligned to internal requirements Negotiate and manage contracts and SLAs to ensure vendors meet security and compliance expectations Partner cross-functionally with Engineering, Legal, Finance, and People teams to align security and data privacy strategies Serve as the primary liaison for customers and partners on security and compliance matters Act as a strategic advisor to leadership on security investments and risk tradeoffs Provide regular reporting on security initiatives, audit outcomes, and compliance posture Lead, mentor, and develop a team across security, IT, and compliance Foster a culture of continuous improvement and strong security practices across the organization Qualifications Significant years of experience across security, IT infrastructure, and compliance, including leadership ownership of a security function Experience within a scaling software or AI company and familiarity with building programs under resource constraints Deep expertise in HIPAA, healthcare data protection, and SOC 2 Type II compliance Strong understanding of cloud security architecture, particularly AWS, as well as network and container security Experience building or significantly maturing security and compliance programs rather than solely operating them Proven ability to operate cross-functionally and drive structured execution across complex initiatives Strong program management experience across security, compliance, disaster recovery, access management, and vendor risk Sound judgment in high-trust environments involving sensitive data and systems Experience leading and developing technical teams with accountability and ownership Ability to operate both strategically and hands‑on where needed Experience in healthcare, benefits, fintech, or other regulated environments Preferred certifications such as CISSP, CISM, CCSP, AWS Solutions Architect, or similar Hands‑on technical depth to engage in architecture discussions and assess risk directly A pragmatic and prioritized approach to reducing risk and improving reliability Expected salary for this role is $226,000 - $275,000, commensurate with experience, training, skills, qualifications, and other market factors.

#LI-HYBRID #LI-MF1

Job ID: 7466 #J-18808-Ljbffr Tru Staffing Inc