Director, Cloud Security

About Judi Health

Judi Health is an enterprise health technology company providing a comprehensive suite of solutions for employers and health plans, including:

• Capital Rx, a public benefit corporation delivering full-service pharmacy benefit management (PBM) solutions to self-insured employers,
• Judi Health™, which offers full-service health benefit management solutions to employers, TPAs, and health plans, and
• Judi®, the industry’s leading proprietary Enterprise Health Platform (EHP), which consolidates all claim administration-related workflows in one scalable, secure platform.

Together with our clients, we’re rebuilding trust in healthcare in the U.S. and deploying the infrastructure we need for the care we deserve. To learn more, visit www.judi.health.

Position Summary:

Reporting to the CISO, the Director of Cloud Security leads Judi Health’s cloud security strategy and engineering execution across our AWS environment. This role is responsible for advancing the security roadmap across FedRAMP readiness, continuous compliance, resilient cloud architecture, and automation at scale. The leader in this role will partner closely with engineering, infrastructure, compliance, and AI teams to embed modern security practices, strengthen detection and response capabilities, mature identity and access controls, and help establish a practical security framework that enables Judi Health’s AI initiatives while managing risk.

Position Responsibilities:

• Lead, mentor, and scale a high-performing cloud security engineering function, fostering strong ownership, operational excellence, and continuous improvement.
• Own execution of the cloud security roadmap, prioritizing initiatives across FedRAMP readiness, zero trust architecture, cloud hardening, security automation, and continuous control validation.
• Define and evolve the cloud security strategy for Judi Health, aligning technical investments and security architecture decisions to business growth, regulatory commitments, platform resilience goals, and emerging AI initiatives.
• Serve as a trusted advisor to the CISO, engineering leaders, and executive stakeholders, helping drive secure-by-design decisions and modern security engineering practices across the organization.
• Lead the design, implementation, and continuous improvement of cloud security controls across AWS infrastructure, platforms, application environments, and supporting services.
• Identify, prioritize, and drive remediation of security risks across cloud services, infrastructure as code, third-party integrations, developer workflows, and enterprise platforms.
• Build and operationalize cloud security capabilities that support compliance with frameworks and customer obligations including FedRAMP, FISMA, SOC 2, HITRUST, HIPAA, and related control requirements.
• Drive threat detection, incident response readiness, vulnerability management, penetration testing, and security validation efforts to proactively identify and reduce risk.
• Advance automation for security monitoring, alerting, evidence collection, and policy enforcement to improve scalability and support continuous compliance.
• Establish meaningful security metrics and reporting for cloud posture, control effectiveness, and roadmap progress, and communicate insights clearly to senior leadership.
• Partner with software engineering, platform engineering, DevOps, IT, and AI teams to embed security into architecture, infrastructure, the software development lifecycle, and AI-enabled capabilities.
• Work closely with compliance, legal, privacy, and risk management teams to translate regulatory and customer requirements into practical, auditable technical controls.
• Lead technical engagement for third-party assessments, customer security reviews, and external audits, ensuring strong preparation, evidence readiness, and timely remediation.
• Help define and operationalize a modern security framework for AI initiatives, including governance, data protection, access controls, third-party risk, and secure adoption practices.

Required Qualifications:

• 10+ years of experience in cloud security, information security, or related field, including 5+ years in leadership roles.
• Proven experience leading cloud security or security engineering programs, including team leadership, roadmap execution, and cross-functional influence.
• Deep expertise in AWS security architecture, cloud-native security controls, and modern practices for securing scalable SaaS environments.
• Strong technical depth in at least one modern programming or scripting language, with experience enabling secure engineering and automation in cloud environments.
• Hands-on experience securing infrastructure as code and cloud deployment pipelines, including Terraform and CI/CD environments.
• Expertise with security tooling and operational disciplines such as SIEM, cloud security posture management, vulnerability management, detection engineering, and incident response.
• Experience supporting regulated or audited environments, including technical control implementation, evidence management, and readiness for external assessments.
• Experience partnering with engineering or product teams to define security guardrails and governance for emerging technologies, including AI-enabled initiatives.
• Strong understanding of identity and access management, least privilege, authentication, privileged access, and zero trust principles.
• Excellent communication and stakeholder management skills, with the ability to translate complex security priorities into clear decisions and practical outcomes.
• Ability to operate effectively in a fast-paced, high-growth environment while balancing strategic priorities with hands-on execution.

Preferred Qualifications:

• Industry certifications such as CISSP, CCSP, AWS Security Specialty, or similar.
• Familiarity with AI and ML security concepts, including governance, model access, data protection, and third-party AI risk.
• Experience in healthcare, health tech, or another highly regulated industry.
• Knowledge of container and orchestration security, including Kubernetes or EKS.
• Experience with policy-as-code or automated compliance validation in cloud environments.

All employees are responsible for adherence to the Capital Rx Code of Conduct including the reporting of non-compliance. This position description is designed to be flexible, allowing management the opportunity to assign or reassign duties and responsibilities as needed to best meet organizational goals.

Judi Health values a diverse workplace and celebrates the diversity that each employee brings to the table. We are proud to provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, medical condition, genetic information, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. 

By submitting an application, you agree to the retention of your personal data for consideration for a future position at Judi Health. More details about Judi Health's privacy practices can be found at https://www.judi.health/legal/privacy-policy.