Director of Security and IT Operations

COMPANY: HealthMark Group is a leading provider of healthcare release of information solutions, dedicated to simplifying and streamlining the exchange of medical data between healthcare providers, payers, and patients. We empower healthcare organizations to securely and efficiently manage the exchange of health information, ensuring compliance with regulatory requirements while maintaining the highest standards of privacy and security.

LOCATION: - Fully Remote

POSITION: DIRECTOR OF SECURITY & IT OPERATIONS (SECOPS)

The Director of Security & IT Operations (SecOps) is responsible for leading all Information Security and IT operations of the company, including development, implementation and review of information security & IT Operations policies, procedures, and regulations. The Director of SecOps will be charged with safeguarding all systems, PHI and intellectual property utilizing the most up to date tools and techniques and have the ability to lead and support compliance with and achievement of industry certifications (HITRUST, SOC 2, etc.). This role will manage, document, and improve HealthMark’s home office and production cloud Infrastructure to support current and future business objectives.

HealthMark Group is building the next generation of software for digital health information, including patient engagement and patient records. We focus on reducing the overall administrative burden of healthcare patient data journeys.

PRIMARY ROLE AND RESPONSIBILITIES:

Security

• Build and lead a team of security and infrastructure professionals, attracting and retaining high-performers and fostering a collaborative culture.
• Provide guidance, mentorship, and professional development opportunities to team members, promoting their growth and success.
• Establish and maintain effective communication channels to ensure seamless collaboration across teams and departments.
• Develop security strategy and collaborate with other departments to ensure proper execution protecting information assets without detriment to profitability or productivity; directing system control development and access management, monitoring, control and evaluation
• Implement robust data privacy and security measures to safeguard sensitive patient health information
• Establish enterprise security standards through architecture, policy, and training
• Select, implement, and maintain security tooling to support our security strategy
• Lead the attainment, and renewal of existing industry certifications or client required security assessments in a timely, accurate manner including SOC2, and HITrust
• Oversee and support responding to client security assessments
• Lead risk management, security incident response programs and procedures; Conduct periodic security audits and investigate breaches
• Integrate security into every stage of the Development pipeline providing teams with tools and resources at each phase to create safe and secure code
• Monitors and recommends improvements to security, compliance, and privacy environment

Infrastructure & IT Operations

• Oversee the design, development, and maintenance of our cloud infrastructure, ensuring scalability, reliability, and security in accordance with AWS’s Well Architected Framework [BH1][2] and HealthMark Group’s objectives
• Continuously monitor and optimize system performance, leveraging data analytics and performance metrics to drive improvements.
• Lead Disaster Recovery and Data Backup planning, analysis, implementation, testing and execution
• Implement and oversee IT Service Management (ITSM) processes to ensure that incidents, service requests, problems, changes, and IT assets in addition to other aspects of IT services are managed in a streamlined way
• Develop and improve our security and infrastructure technical practices including Infrastructure as Code (IaC), automation, DevSecOps, and CI/CD.
• Oversee the design, development, and maintenance of our home office infrastructure, ensuring a reliable, cost effective and secure end user and home office environment

General

• Meet financial objectives by forecasting infrastructure and security requirements and assisting in budget planning
• Keep current with latest Cloud and Security trends

REQUIRED EXPERIENCE AND QUALIFICATIONS:

• 8+ years of professional infrastructure or security engineering experience
• Proven experience managing, leading, and mentoring a team of security and infrastructure engineers
• In depth knowledge of architecting and managing Amazon Web Services environments (or other large scale cloud provider (Azure, GCP))
• Understanding fundamental design principles of a scalable, secure infrastructure
• Expertise building robust security programs
• Experience with HIPAA, HITrust, or SOC2 security controls
• Excellent troubleshooting and communication skills
• Strategic thinking and problem-solving skills, with the ability to translate business goals into actionable infrastructure & security strategies.
• Strong project management skills, with the ability to prioritize and manage multiple initiatives simultaneously.
• Excellent communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels.
• Results Oriented

ADDITIONAL PREFFERED EXPERIENCE:

• Healthcare technology experience
• Current AWS Certifications (Architect, Security, SysOps, Security)
• Current information security certification (CISSP, CSSLP, CCFP, CISM)
• SaaS experience
• Bachelor's degree in Computer Science, Information Technology, or a related field. Advanced degrees or certifications are a plus