Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Director, Security & Risk

Full-time

Q Point Health LLC

Role Description

The Director, Security & Risk owns the enterprise security program end-to-end—strategy, roadmap, execution, and continuous improvement. This leader assesses the current posture, monitors industry and threat trends, and drives the must-do initiatives that protect every layer of the environment (cloud, network, endpoints, identity, apps, data). The role is both strategic and hands-on: you’ll shape policy and governance while leading SOC/IR workflows, vulnerability management, IAM, third-party risk, and security awareness. You’ll partner closely with IT/Cloud, Clinical, Data/Analytics, and Compliance, translating risk into clear business terms for executives and the board.

Key Responsibilities

  • Strategy & Governance
    • Assess security posture against NIST CSF/HIPAA and peer benchmarks; maintain a multi-year strategy and roadmap.
    • Publish and enforce policies/standards; ensure audit readiness and version control.
  • Risk Management & Compliance
    • Run periodic risk assessments; maintain risk register with accountable owners and due dates.
    • Coordinate HIPAA/HITECH compliance with Privacy/Compliance; manage findings to closure.
  • Security Operations & Engineering
    • Own SIEM content, telemetry coverage, and alert fidelity; manage IDS/IPS and SOC workflows (internal + MSSP).
    • Lead vulnerability management (scan cadence, SLAs, change control alignment) and drive remediation with system owners.
    • Engineer and optimize controls: firewalls, EDR/XDR, DLP, email security, CASB/SSE, secure web gateway.
  • Identity, Access, and Data
    • Enforce MFA, privileged access controls, joiner/mover/leaver processes, and periodic access reviews.
    • Oversee DLP policies (M365/Netskope) and data classification/handling standards.
  • Incident Response, Continuity, and Resilience
    • Maintain IR playbooks; run tabletops and post-mortems; coordinate forensics and legal/comms as needed.
    • Own BC/DR testing cadence; document results and drive improvements.
  • Awareness & Culture
    • Deliver security awareness (phishing simulations, targeted training) and coaching for secure-by-default patterns.
  • Third-Party / Vendor Security
    • Execute TPRM lifecycle, contract security terms, and ongoing monitoring.
    • Own the Third-Party Risk Management (TPRM) program: intake, inherent risk scoring, due diligence, onboarding, continuous monitoring, and offboarding.
    • Assess vendors handling PHI/PII/PCI with right-sized depth: SIG/SIG Lite questionnaires, SOC 2 Type II and/or ISO 27001 audit reports, HITRUST where applicable.
    • Validate security controls: encryption at rest (AES-256) and in transit (TLS 1.2+), key management (KMS/HSM), vulnerability management cadence, patch SLAs, EDR/AV, logging and monitoring coverage.
    • Review application and SDLC security: SAST/DAST results, dependency/OSS scanning (SCA), SBOM availability, pen test reports and remediation proof.
    • Identity & Access: SSO (SAML/OIDC), SCIM provisioning, MFA enforcement, role-based access, admin activity logging, least privilege.
    • Data Handling & Privacy: data flow diagrams, data residency, subprocessorlists, data retention and secure deletion on termination; DPAs/BAAs in place with breach notification timelines.
    • Resilience: documented BCP/DR with tested RTO/RPO; uptime SLAs; incident response plans and evidence of exercises.
    • Compliance & Contracting: ensure BAAs (HIPAA), DPAs/CCPA/CPRA, SCCs if applicable; right-to-audit, evidence requests, and remediation SLAs embedded in contracts.
    • Ongoing Monitoring: cadence for evidence refresh (e.g., annual SOC 2, pen test summaries), security scorecards, and triggers for reassessment after incidents or major changes.
    • Exit Strategy: data return and deletion procedures, assistance during transition, certificate of destruction, and survival clauses for security obligations.
  • Budgeting
    • Own annual plan and budget; develop board-level reporting with KPIs/OKRs and control coverage metrics.
  • Architecture & Projects
    • Provide security architecture reviews and design patterns for new systems, integrations, and clinical solutions.
    • Embed security in delivery pipelines and change management; ensure separation of duties and approvals.
  • Continuous Improvement
    • Track emerging threats and best practices; iterate roadmap and mentor the team.

Qualifications

  • Experience: 10+ years in information security with 5+ years leading teams or programs (operations, engineering, or GRC).
  • Roadmap Ownership: 3+ years owning a security roadmap tied to business objectives, budgets, and measurable outcomes.
  • Healthcare: Hands-on HIPAA/HITECH experience; familiarity with HITRUST or mapping NIST CSF to HIPAA safeguards.
  • Frameworks: Practical expertise in NIST CSF, NIST 800-53, ISO 27001; third-party risk practices (SIG/SIG Lite, SOC 2).
  • Cloud: AWS security (IAM, KMS, Security Hub, GuardDuty, VPC, WAF/Shield, key rotation, least privilege).
  • Identity: Enterprise IAM/MFA/SSO (Microsoft Entra ID/Azure AD or Okta); strong least-privilege and access review discipline.
  • Detection & Response: SIEM (Microsoft Sentinel and/or Splunk) content design/tuning, UEBA, runbooks, dashboarding.
  • Endpoint & Email Security: EDR/XDR (Microsoft Defender for Endpoint/CrowdStrike/etc.), hardening/baselines; email security with Mimecast (policies, impersonation protection, URL/attachment sandboxing).
  • SSE/CASB & DLP: Operational experience with Netskope (policies, DLP, inline controls, app governance, shadow IT) and M365/Azure Purview DLP.
  • Network & Data Protection: Next-gen firewalls (Palo Alto/Fortinet), IDS/IPS, segmentation/zero trust, TLS 1.2+; key management and encryption at rest (AES-256) and in transit.
  • Vulnerability & Patch: Tenable/Qualys/Rapid7; risk-based prioritization (EPSS/CVSS + asset criticality) with defined SLAs across OS, apps, and cloud.
  • Incident Response & Resilience: IR playbooks, tabletop exercises, forensics coordination, BC/DR testing and improvement cycles.
  • Automation: PowerShell and/or Python for enrichment, response, and reporting.
  • Communication: Executive-level storytelling; board-ready risk reporting and KPI/OKR management.
  • Leadership: Proven ability to run multi-workstream programs and drive change across IT, Security, Clinical, and Compliance.

Requirements

  • Education/Certs: Bachelor’s in CS/IT/Cyber or equivalent; CISSP or CISM required (maintained and in good standing).

Tooling Requirements

  • Netskope SSE/CASB: Policy design and operations (DLP dictionaries, exact data match, inline controls, app risk, Shadow IT discovery, inline/blocking policies, coaching pages).
  • Mimecast: Inbound/outbound policies, impersonation protection, DMARC/DKIM/SPF alignment, URL/attachment sandboxing, secure messaging, business email compromise countermeasures.
  • Microsoft 365 Defender Suite: Defender for Endpoint, Defender for Office 365, Defender for Identity, MDO tuning and reporting.
  • Microsoft Sentinel: Data connectors, parser/normalization, analytics rules, UEBA, hunting queries, workbooks, automation (Logic Apps).
  • AWS Security: IAM least privilege, KMS key lifecycle, GuardDuty/Security Hub/WAF/Shield, VPC security, CloudTrail/Config logging and retention, S3 bucket policies and encryption.

Preferred Skills & Qualifications

  • HITRUST (CCSFP) or ISO 27001 implementation/audit experience.
  • HCISPP, CCSP, CISA, or product certs (Palo Alto, Microsoft Defender/Sentinel, Netskope, Mimecast).
  • Kubernetes security, container scanning, and IaC scanning (Terraform + Checkov) experience.
  • Experience managing $1M+ security portfolios and multi-vendor MSSP ecosystems.
  • Developed KPI/OKR programs (MTTD/MTTR, patch compliance, control coverage, phishing risk) with trend reporting.

Company Description

Equality Health is an integrated, holistic, and tech-enabled healthcare delivery system focused on improving the health and wellness of diverse populations. Founded in 2015, Equality Health aims to improve access to value-based care for people who have long struggled with navigating the traditional one-size-fits-all U.S. healthcare system. The mission of the company is to provide high-quality care that improves and enhances lives regardless of race, ethnicity, age, or income.

Through its supplemental care management services and proprietary technology platform, CareEmpower™, Equality Health helps managed care plans and health systems improve outcomes and lower costs for diverse populations while simultaneously facilitating the transition to risk-based accountability. Equality Health supports over 800,000 members and more than 4,000 practice sites and continues to scale rapidly.

In 2021, Equality Health partnered with General Atlantic, a leading global growth equity firm, to help drive continued expansion and fuel the next phase of growth as a leading value-based primary care network serving the Medicaid, Medicare and ACA Exchange populations. This strategic investment will enable Equality Health to pursue further geographic expansion, technological innovation and product development while furthering its mission of increasing access to care, lowering costs and improving outcomes for underserved individuals, families and communities.

Vacancy posted 2 days ago
Similar jobs that could be interesting for youBased on the Director, Security & Risk in Remote vacancy
  • $126k - $242k

     ...a seasoned, innovative, and hands‑on AI Security leader to join Verizon's Cyber AI Services...  ...CAIS) organization and lead our Governance, Risk and Compliance (GRC) team. This role will...  ...requirements. The Associate Director will lead the identification, assessment,... 
    Suggested
    Full time
    Temporary work
    Part time
    Work experience placement
    Work at office
    Work from home
    Shift work
    3 days per week

    Jobtailor

    Florida, NY
    1 day ago
  •  ...giving financial institutions the most advanced issuance stack in the industry. M0 is seeking a sharp, execution-focused Head of Security & Risk to build and own the information security and risk function from the ground up. This is a foundational IC role at a critical... 
    Suggested
    Contract work
    Work at office
    Remote work
    Worldwide

    M0

    New York, NY
    25 days ago
  •  ...and we see a clear path to tripling the volume processed on our platform over the next two to three years. We're looking for a Director, Risk & Payments Operations to take what we've built and lead it into its next stage. Reporting directly to the CFO, you'll set the... 
    Suggested
    Full time

    Maxio

    Remote
    19 hours ago
  • $180k - $200k

     ...senior, high-impact position responsible for operational payments performance and scalability. It sits in the center of operations, risk, and revenue growth. You will own the build-out of a truly AI-native payments operation — where automation is the default and human... 
    Suggested
    Full time
    Remote work
    Work from home
    Flexible hours

    Boulevard

    Remote
    6 days ago
  •  ...Position Summary The Director of Risk Management serves as the operational leader for the organization's risk management and patient safety programs, supporting the Quality and Compliance department's mission to promote safe, compliant, and high-quality care. Working... 
    Suggested
    Contract work
    Work at office
    Remote work

    Mary's Center

    Washington DC
    1 day ago
  • ## Senior Director of Risk ManagementApplylocations: FORT LAUDERDALE, FLtime type: Full timeposted on: Posted 2 Days Agojob requisition id: R-2609**COMPANY OVERVIEW**Moss is a national privately held construction firm providing innovative solutions resulting in award-winning... 
    Full time
    For contractors
    Work experience placement
    Work at office
    Remote work

    Moss Construction Management

    Fort Lauderdale, FL
    2 days ago
  • $180.3k - $265.2k

    Role Description Join BILL as a Director, Risk Portfolio Management and own the analytics and insights engine that drives how BILL manages risk at scale. The Risk Portfolio team sits within the Risk Management division and is responsible for KPI development, portfolio... 
    Full time
    Temporary work
    Flexible hours

    BILL

    Remote
    1 day ago
  • $100k - $110k

    Role Description The Director of Credit Risk will play a critical role in shaping and leading Made Card’s credit risk strategy across the customer lifecycle. You’ll drive underwriting, pricing, segmentation, and decisioning for our credit card product while overseeing performance... 
    Full time
    Work at office
    Flexible hours

    Made Card

    Remote
    5 days ago
  • $149k - $262k

     ...delivering extraordinary care. Nationwide’s Enterprise Catastrophe Risk Management team is responsible for quantifying and managing the...  ...and severe weather events across the enterprise. The Director, Catastrophe Risk Modeling will manage a team, responsible for modeling... 
    Full time
    Temporary work
    Work experience placement
    Casual work

    Nationwide

    Remote
    4 days ago
  • $168.3k - $253k

    Role Description Commvault is looking for a Director, Risk & Resilience to join our Global Security organization and lead the maturation of Commvault's risk management and resilience capabilities. In this role, you will establish and scale a modern risk function that... 
    Full time

    Commvault

    Remote
    3 days ago
  • $130k - $150k

    Role Description Job Description: Director of Risk Adjustment ~Strategic Client Management: ~Serve as the primary operational partner for multiple external clients across medical groups, health systems, and risk-bearing entities. ~Serve as the trusted advisor and... 
    Full time
    Work experience placement

    IKS Health

    Remote
    1 day ago
  • $160k - $180k

    Role Description This is an operator and leader role. You’ll set strategy, run day-to-day risk and fraud operations, and build the systems and processes that scale with our portfolio. You’ll work cross-functionally with Sales, Finance, Engineering, and Customer Experience... 
    Full time

    Quilt Software

    Remote
    2 days ago
  • $145k - $195k

    Role Description The Program Manager for Insider Risk & Physical Security is a key member of Orrick’s security team, reporting to the Director of Threat Response Operations and collaborating daily with IT Security, Site Leadership, Site IT, HR, and Events. The role primarily... 
    Full time
    Temporary work
    Flexible hours

    Orrick Herrington & Sutcliffe LLP

    Remote
    2 days ago
  • $50 - $60 per hour

     ...A leading AI company is seeking a Director of Credit Risk to enhance AI understanding in finance. This remote role offers flexibility in project selection and schedule, requiring expertise in financial reasoning and experience in projects like evaluating AI outputs. Candidates... 
    Hourly pay
    Full time
    Contract work
    Part time
    Remote work
    Flexible hours

    DataAnnotation

    New York, NY
    1 day ago
  • A leading AI development company is seeking a Director of Credit Risk. This role involves collaborating with AI to enhance financial tools, ideal for finance experts seeking flexible work. Candidates should possess advanced finance degrees (MBA or PhD preferred) and will... 
    Hourly pay
    Full time
    Part time
    Remote work
    Flexible hours

    DataAnnotation

    Sioux Falls, SD
    1 day ago
  • $50 - $60 per hour

     ...A technology firm specializing in AI is seeking a Director of Credit Risk to join their remote team. This role involves improving AI Assistant outputs related to finance and providing expert feedback. Candidates should have advanced degrees in finance and strong analytical... 
    Hourly pay
    Full time
    Part time
    Remote work
    Flexible hours

    DataAnnotation

    Boston, MA
    2 days ago
  •  ...Description: Overview: Nerdy is seeking an experienced Director of Security to lead our information security strategy and enterprise IT operations...  ...with Engineering, Legal, and executive leadership to balance risk management with business velocity. About Nerdy: At... 
    Immediate start
    Remote work
    Flexible hours

    Nerdy

    Saint Louis, MO
    22 days ago
  • $159.21k - $205k

     ...Director Fraud Risk Management The Director of Fraud Risk Management is responsible for building and overseeing all aspects of Coinstar'...  ...performance. We believe that continued good health, financial security, and work-life balance are important. Coinstar is proud to... 
    Temporary work
    Casual work
    Work at office
    Immediate start
    Remote work
    Work from home
    Flexible hours

    Coinstar

    Bellevue, WA
    4 days ago
  • $120k - $130k

     ...consider becoming part of our team. Reporting to the Managing Director, Health Systems, the Director, Medicaid and Benefits...  ...will provide visionary, adaptive leadership to the Medicaid Food Security Network (MFSN) as well as other health partnerships and initiatives... 
    Work experience placement
    Remote work

    Share Our Strength

    Washington DC
    2 days ago
  • Description Director, Risk Management SIG SAUER, Inc. is a leading provider and manufacturer of firearms, electro-optics, ammunition...  ...and evaluate potential risks that may impact the safety, security and financial prosperity of the organization. Conduct regular... 
    Work at office
    Remote work

    Sig Sauer

    Newington, Strafford County, NH
    2 days ago
  •  ...High-impact role with the ability to influence enterprise-wide safety culture, communication, claims visibility, and operational risk practices. Potential for the role to expand in scope over time as the organization continues to scale and mature. Exposure to... 
    Work at office
    Remote work

    AccruePartners

    Charlotte, NC
    2 days ago
  • $120k - $200k

     ...Director Of Risk Management We give businesses and their customers peace of mind by solving complex credit challenges with precision, speed, and intelligence, combining deep expertise with advanced technology, to simplify the experience and deliver better outcomes,... 
    Remote work

    ClarityPay

    Atlanta, GA
    3 days ago
  • $4,801.16 - $7,761.5 per month

     ...Director of Risk Management (18295) Posting ID: 18295. Health & Human Services Commission, Kerrville State Hospital, Plant Maintenance, Building...  ..., coordinating corrective actions, and overseeing daily security surveillance of the facility. The Director leads staff, implements... 
    Full time
    Part time
    Work at office
    Local area
    Remote work
    Shift work

    Fall Creek Farm & Nursery

    Kerrville, TX
    4 days ago
  • $230k - $270k

     ...entire constellation, our team delivers secure, resilient systems tailored to exacting requirements...  ...About the Job The National Security Director is responsible for growing and leading a...  ...identification and mitigation of program risks. As pipeline opportunities mature into... 
    Permanent employment
    Part time
    Work at office
    Local area
    Remote work
    Worldwide
    Flexible hours

    Umbra

    Reston, VA
    22 days ago
  •  ...Duties & Responsibilities Purpose of Position: The Director of Risk Management oversees the daily operations of the risk management...  ...with applicable local, state, federal rules, regulations and security standards. Essential Duties and Responsibilities: 1. Leads... 
    Local area
    Shift work

    NYC Health Hospitals

    New York, NY
    3 days ago
  • $4,801.16 - $7,761.5 per month

     ...the Benefits of Working at HHS webpage. Functional Title: Director of Risk Management Job Title: Risk Management Spclst IV Agency:...  ...coordinates corrective actions. Responsible for the daily routine security surveillance of the facility, directing and coordinating... 
    Full time
    Temporary work
    Part time
    For contractors
    Work at office
    Local area
    Immediate start
    Remote work
    Shift work
    Rotating shift
    Day shift

    Texas Health and Human Services Commission

    Kerrville, TX
    1 day ago
  •  ...Job Description Position: Director of Risk Management Department: Risk Management Schedule: Full Time The Director of Risk Management oversees the operation of the Risk Management and Patient Safety programs and provides guidance to clinical staff.... 
    Full time
    Work at office
    Immediate start

    Scott & Crosby Staffing, Inc.

    Boston, MA
    19 hours ago
  • $131k - $180.1k

     ...institutions and communities around the world.Job DescriptionLead, execute, and continuously enhance the first Line of Defense (LOD) risk management program for the Service & Operations (S&O) organization, with a focus on Trading, Regulatory Reporting, and Operations... 
    Full time
    H1b
    Work at office
    Work from home
    Visa sponsorship
    1 day per week

    Ameriprise Financial

    Minneapolis, MN
    1 day ago
  • $125k - $150k

     ...Director of Risk Management (RN) Location: Las Cruces, New Mexico Schedule: Full-time, exempt, on-site as needed Salary Range: $125,000 - $150,000 per year, commensurate with experience Relocation : Up to $10,000 relocation assistance available About... 
    Full time
    Temporary work
    Work from home
    Relocation
    Relocation package
    Flexible hours

    People Placers Staffing

    Las Cruces, NM
    2 days ago
  • $163k - $269k

     ...a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation,...  ...governments realize their greatest potential. Title and Summary Director, Risk Management Overview The Core Payments Strategy &... 
    Full time
    Part time
    Worldwide
    Flexible hours

    MasterCard

    Purchase, NY
    19 hours ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Director, Security & Risk. Be the first to apply!