Job Search

The Information Technology Security Director is a hand-on technical leader who will design, implement, and manage enterprise security capabilities across cloud and on-prem environments. This full time, remote role balances strategic security leadership with deep technical execution, ensuring the confidentiality, integrity, and availability of sensitive patient, clinical, and corporate data. The Director will oversee a small in-house security function, coordinate outsourced partners, and work closely with IT Infrastructure and Application teams to embed security across all systems, projects, and operations. 

• The Information Technology Security Director operates primarily in a remote, professional office setting, collaborating virtually with internal teams and clients across various regions.
• This role requires frequent computer and phone use, with a strong emphasis on digital communication and CRM-based activity tracking.
• Occasional travel (approximately 5-10%) may be required for client meetings, industry events, or team gatherings.

ESSENTIAL RESPONSIBILITIES 
Cybersecurity Architecture & Engineering: 

• Plan, design, and maintain a resilient enterprise security architecture for IT systems, applications, and cloud workloads. 
• Define technical requirements and manage enterprise-level cybersecurity tools and services. 
• Serve as security lead for projects involving data security, data classification, and DLP (Data Loss Prevention). 

Threat Detection & Incident Response: 

• Oversee day-to-day cybersecurity operations, including monitoring, detection, and incident response. 
• Lead root-cause analysis, and remediation activities for security incidents. 
• Create and maintain playbooks, plans and policies for all incident response, disaster recovery, and business continuity. 
• Conduct root cause analyses and provide technical remediation and mitigation strategies. 
• Maintain on-call availability to support major incident response efforts. 
• Document all actions, decisions, and outcomes related to incidents, ensuring lessons learned are applied.

Cloud & Infrastructure Security: 

• Lead security operations in Azure, including identity and access management, key management, logging/monitoring, and secure networking. 
• Develop and implement company-wide policies for outbound web browsing, third-party integrations, and access controls to corporate resources. 
• Review and analyze existing data flows, collaborating with the infrastructure team to apply security best practices and remediate vulnerabilities. 
• Apply security policies hands-on across firewalls, SASE solutions, and other network and computer devices. 
• Demonstrate strong understanding of infrastructure and its relationship to security, including tasks such as Active Directory group creation and integration into multi-layered infrastructure. 
• Implement security for hybrid environments (on-premises systems and cloud workloads). 
• Ensure secure integration with third-party vendors, partners, and SaaS providers.

Governance, Risk & Compliance: 

• Lead proactive remediation efforts following external audits, penetration tests, and vulnerability assessments. 
• Direct and lead internal risk assessments and routinely validate security controls. 
• Align technical operations with SOC 2, HIPAA, NIST 800-53, NIST CSF, and ISO/IEC 27001 frameworks. 
• Partner with internal and external compliance and audit teams to provide evidence and reporting. 
• Assess new systems, projects, and processes against compliance requirements and control objectives. 

Collaboration & Leadership: 

• Work closely with IT infrastructure, application development, and support operations teams to integrate security best practices into system and application life cycles. 
• Champion cybersecurity awareness across the company, from IT staff to business leaders. 
• Engage with vendors, MSSPs, and third parties to ensure effective delivery of security services.
• Identify areas for process improvement and drive initiatives to strengthen cybersecurity maturity. 
• Mentor IT staff in secure practices while managing external security partners. Threat Intelligence & Continuous Improvement: 
• Monitor the cybersecurity landscape and analyze emerging threats for impact on company systems. 
• Develop playbooks and proactive defenses to address evolving attack techniques. 
• Continuously improve detection, prevention, and response capabilities across the enterprise. 

Compliance & Risk Management: 

• Drive technical initiatives to support SOC 2 certification, HIPAA compliance, and other regulatory requirements. 
• Conduct regular risk assessments, penetration testing, and vulnerability management. 
• Partner with compliance and audit teams to provide technical evidence and reporting.

KNOWLEDGE & SKILLS 

• Proficiency in SIEM, EDR, IDS/IPS, IAM, and cloud-native security solutions. 
• Familiarity with NIST, CIS, and ISO frameworks. 
• Deep technical expertise in network security, endpoint protection, and cloud identity management. 
• Strong communicator with the ability to translate complex technical issues into business language.
• Capable of strategic planning while remaining hands-on in execution. 
• Skilled collaborator across technical and non-technical teams.

EDUCATION & EXPERIENCE 

• Bachelor’s degree in Cybersecurity, Computer Science, or related field. 
• 10+ years of progressive cybersecurity experience with at least 5 years in a leadership role. 
• Hands-on experience with Azure Cloud Security, including Sentinel, Defender, Key Vault, and Security Center. 
• Prior experience with SOC 2 compliance and healthcare regulatory environments (HIPAA) preferred. 

Reference: 1050627 

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every qualification. At Revel IT, we are dedicated to building a diverse, inclusive, and authentic workplace, so if you’re excited about this role, but your experience doesn’t align perfectly with every qualification in the description, we encourage you to apply anyway. You might be the right candidate for this or our other open roles!  

Revel IT is an Equal Opportunity Employer. Revel IT does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.

#gdr4900