Director of Information Security - Exceed Healthcare

Job Title: Director of Information Security
Job Type: Full-Time
Department: Legal and Compliance
Reports To: Chief Legal Officer

Company Overview:

Exceed Healthcare is a leading medical management company dedicated to transforming healthcare through innovative solutions. Our commitment to excellence through strategic management and innovative technology solutions make us a driving force in the industry.

Job Summary: The Director of Information Security is responsible for developing and implementing a comprehensive information security strategy aligned with the organization’s business goals. This role ensures the confidentiality, integrity, and availability of all digital and physical information assets in a healthcare management setting. The Director will collaborate with legal, compliance, operations, and IT teams to manage risks, ensure regulatory compliance, and protect sensitive patient and business data.

Job Duties:

Strategic Leadership:

• Develop and implement security strategies that align with business goals, technology advances, and healthcare regulations (e.g. HIPAA, HITECH and state specific privacy rules).

• Build and manage the information security team.

• Lead IT and third-party vendors in executing IT strategies that enhance security, streamline processes, reduce costs, and improve patient care.

• Act as the subject matter expert on emerging threats affecting healthcare systems, including EHR, telemedicine platforms and cloud-based services.

• Develop and oversee security policies, standards, and guidelines.

• Collaborate with senior leadership to ensure security strategies support business priorities and innovation goals.

Risk Management & Compliance:

• Lead risk assessments and develop mitigation strategies for protecting sensitive data such as PHI, PII, and trade secrets.

• Ensure compliance with healthcare regulations and enforce data protection protocols.

• Conduct regular risk assessments to identify vulnerabilities in IT infrastructure.

• Establish and enforce security policies, procedures, and protocols to ensure data protection, access control, and secure handling of all sensitive information.

IT Technology Integration & Security Architecture:

• Oversee IT infrastructure design and management, ensuring scalability, security, and reliability.

• Manage cloud services, data centers, networks, and cybersecurity measures.

• Lead teams to integrate security into technology solutions and ensure secure network and system architecture.

• Stay informed on healthcare technologies such as AI, telehealth, and mobile health, assessing their security risks.

• Design and implement secure architecture for networks, applications, and systems. Ensure security considerations are integrated into the software development lifecycle (SDLC).

Incident Response & Threat Management:

• Lead and coordinate incident response efforts for security breaches or cyberattacks.

• Develop and manage the organization’s incident response plan and ensure compliance with legal and regulatory requirements.

• Conduct regular risk assessments and implement a vendor risk management process.

Team Leadership & Development:

• Ensure the efficient operation of IT services, including EHR and clinical systems.

• Manage IT budgets, optimizing cost-efficiency and ROI.

• Develop security metrics and reporting systems to track program effectiveness.

• Promote security awareness and foster innovation in security practices.

• Supervise and lead IT and software development teams to integrate security into the design and deployment of new technology solutions, applications, and services.

Qualifications:

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field. A Master’s degree or certifications (CISSP, CISM, CISA, HCISPP) is preferred.

• Minimum of 10 years in information security, with at least 3 years in a leadership role.

• At least 3 years of experience working for a healthcare organization.

• Extensive knowledge of healthcare regulations including but not limited to, HIPAA, HITECH, and ONC regulations and experience in securing healthcare systems preferred. 

• Proven experience managing security technologies, risk assessments, and incident response.

• Strong understanding of cybersecurity threats, risks, and best practices, including cloud and on-premises security.

• Leadership skills to manage cross-functional teams and communicate effectively with stakeholders at all levels.

• A basic understanding of coding principles, which includes familiarity with basic programming concepts such as variables, control structures (loops and conditionals), data types, and basic algorithms.

• Strong communication skills for translating complex technical concepts to non-technical audiences.

• Ability to handle sensitive and confidential information with discretion.

• Willingness to stay updated on emerging technologies and security trends.

• Availability for on-call incident response as needed.

Benefits:

Exceed Healthcare offers competitive compensation, health benefits, paid time off, and opportunities for professional growth.

Exceed Healthcare is an equal opportunity employer committed to diversity and inclusion.