Senior Director, Security, CCS

Overview:  The Senior Director, Security is responsible for strategic direction, leadership and execution of the company’s security strategy. This leader will be the Information Security Officer for the company and will have an overarching objective of safeguarding our organization’s assets and reputation. The Sr. Director, Security will oversee the security of our digital infrastructure, data and physical security operations, security governance, risk, and compliance for the company. The ideal candidate will be a seasoned leader with experience in cybersecurity, data privacy, risk management, and regulatory compliance in the healthcare sector. This role will work closely with the CEO, VP, Technology, and other executives to integrate security practices across all business functions. This role will serve as the subject matter expert and support client interactions related to our security program.

Key Responsibilities:

• Leadership and Strategy:
  • Design and implement a comprehensive security strategy across the organization, including IT security, physical security, and risk management for health data. Ensure alignment between security objectives and the organization’s overall business goals.
  • Establish and maintain a security governance framework to ensure policies, procedures, and standards align with industry best practices, regulations and compliance requirements (ie. HIPAA, SOC-2, etc.).
  • Provide exceptional leadership to the security team, including hiring, mentoring and developing security (and IT professionals) across the organization.
  • Develop and maintain strong relationships with executive leadership, IT, Operations, Legal and Compliance teams to integrate security principles into business practices.
  • Communicate security-related issues, risks, and success to executive leadership and the board of directors.
• Cyber Security and Risk Management:
• Identify, assess and mitigate potential threats to the organization’s technology infrastructure and patient/customer data.
• Oversee the design and implementation of robust security measures to protect against data breaches, cyberattacks, and other security risks, inclusive of security architecture.
• Ensure a proactive approach to risk management by conducting regular vulnerability assessments, penetration testing, and incident response exercises.
• Develop and implement disaster recovery and business continuity plans to safeguard the organization’s critical systems and data.
• Ensure software changes align with security policies by overseeing code reviews, vulnerability scanning, risk assessments, and compliance validation before approval.
• Compliance and Regulatory Oversight:
• Ensure the organization adheres to all applicable healthcare privacy regulations, including HIPAA and other security regulations.
• Lead efforts to maintain third-party security certifications (ie. SOC-2) and manage regular audits to demonstrate compliance.
• Oversee the implementation of security policies, training programs, and awareness initiatives to ensure staff at all levels understand their role in protecting sensitive data.
• Lead the audit program and ensure continued compliance with SOC-2 Controls
• Establishes and oversees a security vendor risk tiering framework by evaluating vendors based on risk factors such as data sensitivity, regulatory impact, security posture, and business criticality.
• Incident Response and Crisis Management:
• Lead the development and execution of incident response strategies and protocols to quickly identify and mitigate security breaches and cyber incidents.
• Oversee investigations and reporting of security incidents, ensuring all appropriate actions are taken and stakeholders internally and externally are notified promptly.

Qualifications:

• 10+ years of progressive leadership in information security, with a proven track record in healthcare or a highly regulated industry.
• In-depth knowledge of healthcare compliance and regulatory requirements.
• Expertise in cybersecurity best practices, threat detection and incident response.
• Strong leadership, communication, and interpersonal skills, with experience managing cross-functional teams. Ability to interact with clients.
• Security certifications (e.g. CISSP, CISM, CISA, or equivalent) are strongly preferred.
• Experience with security tools and technologies including firewalls, intrusion detection prevention systems, endpoint security, SIEM solutions, and cloud security.
• Strong business acumen with the ability to balance security needs with organizational goals.

Education:

• Bachelor’s degree in computer science, Information Technology or a related field.
• Master’s Degree in technology or related field preferred.

Location:

• This position is remote, but candidates must be based in the U.S.

Studies have shown that women and people of color are less likely to apply for jobs unless they believe they meet every one of the qualifications listed in a job description. If you don’t meet every qualification listed but are excited about our mission and the work described, we encourage you to apply regardless.  ComplexCare Solutions is most interested in finding the best candidate for the job and you may be just the right person for this or other roles.

By embracing diversity, equity and inclusion we enhance our work environment and drive business success. ComplexCare Solutions strives to reflect the diversity of the communities where we operate and of our clients and everyone whom we serve. We endeavor to create a culture of inclusion in which our associates feel empowered to bring their full, authentic selves to work and pursue their professional goals in an equitable setting. We understand that by fostering this type of culture, and welcoming different perspectives, we generate innovation and growth.

ComplexCare Solutions is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirement.

The Company maintains a drug free work environment for all of its associates, which includes employees, contractors and vendors. It is unlawful for associates to manufacture, sell, distribute, dispense, possess or use any controlled substance or marijuana in the workplace and doing so will result in disciplinary action, up to and including termination of employment or the contracted relationship.