Director of IT & Information Security (US)

This is a remote position.

The Director Cloud Infrastructure & SecOps is responsible for leading iCareManager’s IT infrastructure, system administration, cloud strategy, and information security operations. This role ensures the confidentiality, integrity, and availability of company systems and data while maintaining compliance with regulatory requirements. The ideal candidate will have deep expertise in Azure cloud administration, cybersecurity best practices, risk management, and regulatory compliance (SOC2, HIPAA, NIST, etc.). As a strategic leader, this role will oversee IT operations, security initiatives, risk management, compliance efforts, cloud infrastructure, industry standards, and system reliability while fostering a security-first culture throughout the organization. This role also involves team leadership, budget management, strategic planning, and driving digital transformation across IT and security operations.

Key Responsibilities

Information Security

• Develop and enforce security policies, ensuring compliance with SOC2, GDPR, HIPAA, NIST, and ISO 27001.

• Implement security controls and risk mitigation strategies to protect against cyber threats.

• Act as a trusted security advisor, effectively communicating the organization’s security strategy, risk management approach, and cloud architecture to build confidence and foster strong relationships.

• Oversee and conduct security assessments, penetration testing, and vulnerability management.

• Oversee incident response, forensic analysis, and remediation efforts.

• Lead internal and external security and IT compliance audits.

• Monitor cybersecurity threats and proactively implement defence mechanisms.

• Promote a security-first culture with awareness programs, training, and phishing simulations.

• Conduct ongoing risk assessments and ensure mitigation plans for security and IT operations.

• Enforce access control policies and least-privilege principles.

• Establish and maintain third-party risk management programs.

• Represent the company in customer, partner, and regulatory meetings to address security concerns, articulate compliance with international standards and ensure alignment with their security and infrastructure requirements.

• Implement automated security testing and vulnerability scanning in development workflows.

• Collaborate with engineering teams to integrate security best practices into software development lifecycles.

• Implement and maintain security monitoring tools for real-time threat detection.

• Establish automated alerting mechanisms and incident response strategies.

• Conduct root cause analysis post-incident to enhance security resilience.

• Evaluate security practices of vendors and third-party partners.

• Monitor and manage cybersecurity risks associated with third-party relationships.

• Establish an information security governance framework, ensuring policies, procedures, and controls are in place.

• Provide regular reports on security posture, incidents, and compliance status to executive leadership.

IT & Cloud Administration

• Develop and execute a comprehensive cloud infrastructure strategy, ensuring scalability, security, performance, and cost efficiency.

• Collaborate with architects and technical leads to design and implement scalable cloud solutions on Azure.

• Implement infrastructure as code (IaC) principles and tools (e.g., Terraform, CloudFormation) for automation.

• Optimize cloud infrastructure for high performance and availability, ensuring minimal downtime.

• Implement security best practices, including access controls, encryption, and vulnerability management.

• Monitor and optimize cloud resource utilization for cost efficiency.

• Oversee cloud operations, troubleshooting, and incident response to ensure reliable service delivery.

• Design disaster recovery and business continuity plans for cloud infrastructure.

• Foster collaboration with development, security, and operations teams to align cloud initiatives with business objectives.

• Manage vendor relationships, contracts, and SLAs related to cloud services.

• Lead and mentor a team of cloud professionals, ensuring skill development and high performance.

• Ensure smooth release management process with DevOps & automation tools, including CI/CD pipelines, Azure DevOps, and scripting (PowerShell/Bash).

AI Integration & Cybersecurity Leadership

• Leading the integration of AI-powered tools to enhance the company's cybersecurity posture such as utilising AI for threat detection, network monitoring, task automation, incident response, and security patching in order to improve efficiency and reduce human error.

• Establishing policies for the ethical and secure use of AI technologies, ensuring compliance with data privacy regulations like HIPAA, GDPR, and creating a framework for AI governance. The goal is to maximize the benefits of AI while mitigating risks associated with data security.

• Employ AI to monitor and optimize the performance of iCareManager's applications and services, ensuring high availability and a seamless user experience.

• Knowledge of ethical considerations in AI, including data bias, transparency, and accountability.

• Experience with Securing AI deployments in cloud environments, particularly with platforms like AWS, Azure, or Google Cloud.

• The ability to lead a team in adopting new technologies and to effectively communicate the value and risks of AI to both technical and non-technical stakeholders.

Team Management & Leadership

• Build and mentor a high-performing IT, security, and system administration team.

• Foster a culture of innovation, accountability, and continuous improvement.

• Conduct performance evaluations, identify skill gaps, and provide professional development opportunities.

• Collaborate with other departments to align IT and security initiatives with business objectives.

Key Performance Indicators (KPIs)

• 100% compliance with external audit requirements (SOC2, GDPR, HIPAA).

• Incident response and remediation within defined SLAs.

• 90% reduction in critical vulnerabilities within 30 days.

• Less than 5 major findings in annual security and system audits.

• Zero unpatched critical security vulnerabilities beyond 7 days.

• 99.9% system uptime for IT infrastructure and services.

• 95% of IT system patches applied within SLA.

• High IT support resolution rate within SLA.

• High employee engagement and low failure rates in security awareness training.

• Successful execution of IT and security roadmap, ensuring infrastructure scalability and security enhancements.

Requirements