Director of Infrastructure & Security

Your day-to-day activities:

• Own the design, roadmap, and execution of the client's infrastructure and cybersecurity programs, aligned to HIPAA, NIST, SOC 2, PCI, and internal InfoSec standards
• Oversee secure-by-default architectural design across all platforms
• Manage infrastructure budget, team resourcing, and resource allocation
• Serve as a strategic partner to product, legal, and engineering leadership

• Lead, mentor, and manage the Infrastructure and Security team with sprint-based delivery practices and measurable throughput
• Drive a shift from reactive to proactive operations by building organizational visibility into workload, capacity, and priorities
• Own the InfraSec support request intake and triage process
• Establish cross-functional prioritization cadence with Engineering, Product, Data, and Leadership

• Act as a hands-on technical leader contributing directly to security and infrastructure design, review, and implementation
• Serve as senior escalation point for complex deployments, secure architecture, and incident resolution
• Champion engineering self-service for routine InfraSec operations with appropriate guardrails
• As a Senior team member, you will be expected to actively participate in our hiring processes by serving on interview panels for future roles across the company.

• Maintain cybersecurity policies and documentation aligned with applicable standards
• Own audit readiness for HIPAA, SOC 2 Type 2, PCI SAQ-D, and internal InfoSec assurance engagements
• Lead Vanta implementation and ongoing compliance automation
• Lead third-party and vendor risk assessments; maintain the vendor security catalog

• Conduct ongoing vulnerability assessments, threat detection, and mitigation
• Own and maintain incident response and disaster recovery plans
• Drive continuous risk-management education across the organization

• Manage identity and access governance across employees, contractors, and systems
• Maintain endpoint protection coverage (CrowdStrike, Tenable) aligned to applicable control frameworks
  
  

Required Skills & Qualifications

• 7+ years of experience in infrastructure and cybersecurity, with at least 3 years in a people management or team lead capacity in a regulated environment
• Deep expertise in HIPAA, NIST, and SOC 2 compliance
• Proven track record building operational processes: intake triage, sprint-based delivery, cycle time measurement, and cross-functional prioritization
• Strong technical fluency across cloud infrastructure (AWS preferred), endpoint security, access management, and compliance tooling (Vanta, CrowdStrike, Tenable)
• Excellent communication skills — able to translate security posture and risk for non-technical stakeholders and executive leadership
• Experience managing vendor risk assessment programs and third-party security reviews
• US East Coast timezone overlap required
• Professional certifications preferred: CISSP, CISM, or GIAC GCED

Key Performance Indicators

• SOC 2 Type 2: zero critical Trust Services Criteria exceptions
• PCI SAQ-D: 100% annual submission with no major gaps
• Incident response: 90% of incidents triaged within SLA (high severity within 1 hour)
• Infrastructure uptime: 99.9% monthly across mission-critical systems
• Sprint delivery: 90% of committed items delivered on time
• Change failure rate: less than 5% of changes resulting in an incident or unplanned rollback.