Director Infrastructure and Security

SpectraMedix is a leader in healthcare analytics, helping U.S. healthcare organizations achieve financial and clinical goals through actionable insights. We support progressive healthcare organizations in enhancing quality, reducing preventable utilization, and optimizing care management.

Position Overview:

The Director of Infrastructure & Security will lead and secure SpectraMedix's IT infrastructure, ensuring its scalability, reliability, and compliance with healthcare industry standards. This role demands a visionary leader with technical expertise and a strategic approach to infrastructure and security management. The Director will collaborate closely with executive leadership on infrastructure investments, enforce compliance with healthcare security regulations and IT best practices, and drive a security-first approach within the organization. The Director of Infrastructure & Security also serves in the role of Chief Information Security Officer (CISO).

Infrastructure & IT Operations:

• Leading management of Azure cloud computing resources, co-located data center, and office sites’ on-premises virtualized server platforms and networks, focusing on high performance, scalability, and cost optimization.
• Design and implement robust resiliency strategies, ensuring business continuity aligned with industry best practices to ensure client SLA compliance
• Manage relationships with vendors, negotiate contracts, and implement solutions to maximize infrastructure value.
• Direct the planning and execution of hardware and software upgrades, balancing innovation with cost control.

Security & Compliance Management:

• Establish and enforce policies that protect infrastructure, sensitive data and maintain compliance with healthcare industry security regulations, frameworks and standards (HIPAA, HITRUST, SOC2, NIST).
• Conduct regular assessments, patch management, and vulnerability scans to mitigate risks in a budget-conscious manner.
• Lead efforts in preparing for external audits, managing information security incidents, and ensuring effective compliance with regulatory standards.
• Support initiatives to secure sensitive healthcare data in compliance with federal and state laws and client contracts.
• Conduct periodic independent risk assessments and manage third-party audits, such as for HIPAA compliance, SOC2, and HITRUST certification/recertification.
• Implement security procedures, ensure workforce awareness, and educate staff about security best practices and policies.
• Manage the selection and deployment of essential security applications and tools, such as Sophos Anti-malware, Qualys Penetration Testing, ManageEngine Log360, Application Manager, AD Audit Plus, and Endpoint Central, etc. to ensure comprehensive protection across infrastructure.
• Advise on security capabilities and lead practices for mitigation of vulnerabilities and emerging threats identified through internal scans, testing, and security agency bulletins (e.g., US CERT, CISA), ensuring proactive response to risks.

Strategic IT Policy & Governance:

• Drive policies for infrastructure management, security frameworks, and system access, ensuring alignment with SpectraMedix’s goals and industry best practices.
• Provide input on IT infrastructure investments, prioritizing scalable and cost-effective solutions that align with long-term organizational needs.
• Review records of information system activity, such as audit logs, access reports, and security incident tracking, ensuring continuous improvement.

Leadership & Collaboration:

• Manage and mentor teams, including Network/System Engineers, Administrators and Security Analysts, fostering a culture of continuous improvement and technical excellence.
• Performs workforce management functions for Infrastructure & Security department, including setting departmental and individual objectives and key results, performance reviews, etc.
• Act as a key liaison, supporting IT and security initiatives with leadership, system/data owners, SaaS application managers, project managers, as well as client executives.
• Collaborates with Sales Team to define infrastructure and security requirements and estimated costs for proposals, RFPs and client SOWs and change requests.
• Oversee security policies, compliance programs, and collaborate with security champions across departments to cultivate a strong security culture within the organization.
• Support facility planning regarding physical security, disaster recovery, and infrastructure resilience planning for business continuity.
• Direct activities of IT security and ensure compliance with security standards and frameworks (NIST 800-53, SOC2, HITRUST).

• Minimum of 10+ years in IT infrastructure and security management, preferably in healthcare IT or population health, with a strong record of managing cloud and on-premises infrastructure, regulatory compliance, and performance optimization.
• Proven experience in leading security compliance efforts (HIPAA, HITRUST, SOC2) and implementing disaster recovery and business continuity plans.
• Extensive knowledge of network and data security systems, including firewalls, encryption, and monitoring tools (e.g., FortiGate, ManageEngine). Advanced skills in systems and network administration (Windows Server, Linux), virtualization (Hyper-V, VMware), and hybrid cloud platforms (Azure preferred), with a focus on cost-effective, secure operations.
• Knowledgeable and experienced with cybersecurity practices, including incident response, vulnerability assessment, and threat mitigation.
• Strong understanding of federal and state healthcare data protection laws, with practical skills in audit readiness and compliance.
• Skilled in analyzing and enhancing IT security through risk assessments and external security audits.
   

Educational Qualification: Bachelors or Masters in Computers / Information technology or related discipline

Certifications:

• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
• IT Infrastructure Library (ITIL) certification for service management or similar certifications.
• Cloud certifications (e.g., Microsoft Certified: Azure Fundamentals AZ-900, or AZ-500 for security-focused roles).

## Candidates for this role must have Product or B2B marketing experience in Healthcare IT domain, more preferably knowledge of HIPAA and HITRUST audits. Kindly exercise discretion when applying. ##