[Hiring] Director, IT & Security @Octave

Role Description

As the Director of IT & Security, you are the primary architect of the company’s technological resilience and security posture. You provide the strategic vision for a scalable, secure corporate infrastructure that enables rapid business growth while maintaining rigorous compliance. You are not just managing systems; you are owning the overall strategy for risk mitigation, technical governance, and the evolution of the modern workplace.

Management Responsibilities

• Develops, coordinates, and implements systems, policies, procedures, and productivity standards.
• Foster a positive and collaborative work environment.
• Oversee the planning, execution, and completion of projects and initiatives within the team.
• Establish and monitor operational processes and workflows to enhance efficiency and productivity.
• Implement best practices, monitor key performance indicators (KPIs), and develop strategies to achieve operational excellence.
• Ensures a safe, secure, and compliant work environment.
• Build and manage a high-performing team, including hiring, training, and development.
• Provide leadership to the team, including setting goals/objectives, providing guidance/feedback, and ensuring the team's overall success.
• Identify skill gaps within the team and develop strategies for filling those gaps. Support employee development through training, mentoring, and coaching.
• Identify high-potential employees and create succession plans.

Duties & Responsibilities

• Define and own the company IT and security strategy, aligning infrastructure, systems, and risk posture with company growth, product evolution, and regulatory requirements.
• Build, lead, and scale a high-performing IT and Security organization, establishing clear operating models, priorities, and accountability across IT and security operations.
• Oversee end-to-end IT operations and employee technology experience, including onboarding/offboarding, identity and access management, device lifecycle, and enterprise tooling.
• Own and mature the security program, including governance, risk management, security architecture, vulnerability management, and threat detection and response (SOC).
• Drive the management —in partnership with our compliance committee — of risk, compliance, and audit, leading HIPAA and SOC 2 readiness, managing audits, and ensuring continuous compliance through strong policies, controls, and documentation.
• Partner cross-functionally with Engineering, Product, Data, Legal, and People teams to embed security and IT best practices into systems, development lifecycles, and business operations.
• Drive company initiatives to enhance system reliability, scalability, security, and business continuity, including disaster recovery planning and resilience of critical systems.
• Own the IT vendor and partner strategy, including selection, negotiation, performance management, and cost optimization while maintaining high security and service standards.
• Establish and report on KPIs and metrics for IT performance, security posture, and risk, providing actionable insights to executive leadership.
• Act as a trusted advisor to leadership, guiding decisions on technology investments, emerging threats, and trade-offs between risk, cost, and speed.
• Own the company's AI governance framework, including acceptable use policies, tool evaluation processes, and an enterprise-wide AI inventory and risk register.
• Define standards for embedding AI tools into workflows and business processes, ensuring integration architecture, data flows, and security controls align with compliance obligations.
• Own data classification standards and data loss prevention strategy, ensuring sensitive data — including PHI — is identified, categorized, and protected in alignment with HIPAA and other regulatory requirements.

Qualifications

• Deep expertise across enterprise security, cloud infrastructure, networking, and IT systems.
• Strong background in security governance, risk management, and compliance frameworks (HIPAA, SOC 2, or similar).
• Proven ability to set strategy and influence executive stakeholders, translating technical concepts into business impact.
• Demonstrated success building and leading high-performing, multi-functional teams.
• Strong cross-functional leadership and systems thinking in complex environments.
• Experience developing AI governance frameworks, acceptable use policies, or responsible AI programs.
• Excellent communication skills, including experience with executive-level presentations and company-wide initiatives.
• Expertise in identity and access management and enterprise tooling (Google Workspace, JAMF/MDM, Okta/OneLogin, Slack, etc.).
• Experience defining and operationalizing metrics and performance frameworks.

Requirements

• Minimum 10 years of IT or technical security experience, with at least 6 years in a leadership role.
• Proven track record of scaling enterprise IT and security programs in high-growth startup environments.
• Experience partnering with executive teams on strategic technology decisions.
• Hands-on experience managing enterprise security operations, cloud environments, and IT infrastructure.
• Proven track record of leading security audits, risk assessments, and compliance initiatives.
• Experience with scripting, automation, and system integrations to streamline IT operations.

Preferred Qualifications

• IT or security certifications (CISSP, CISM, CompTIA Security+, or equivalent).
• Prior experience in healthcare or HIPAA-regulated environments.
• Experience leading remote or hybrid IT teams.
• Advanced knowledge of security automation, threat detection, and response tools.

Benefits

• Company sponsored life insurance, disability and AD&D plans.
• Voluntary benefits such as 401k retirement, medical, dental, vision, FSA, HSA, dependent care and commuter/parking options.
• Generous Paid Time Off and paid parental leave benefits.

Physical Requirements

• Prolonged periods sitting at a desk and working on a computer.
• Must be able to frequently communicate with others through virtual meeting applications such as Zoom and Google Meet.
• Must be able to observe and communicate information on company provided laptop.
• Move up to 10 pounds on occasion.
• Must be eligible to work in the United States without sponsorship now or in the future.

Compensation

Octave is committed to pay equity. To maintain our commitment to pay equity, Octave will follow Pay Transparency regulations on all open job postings. Current Pay Transparency laws require companies to include a position's salary or hourly wage range (not including bonuses or equity-based compensation) in any internal or external job posting. This requirement extends to job postings published by a third party at an employer's request.

Starting pay for qualified applicants will depend on a combination of job-related factors, which may include education, training, experience, location, business needs, or market demands. The expected salary range for this role is set forth below and this range may be modified in the future.

• The salary range for zone 1 (all states, excluding those in Zone 2 or Zone 3 [AK, CA, CT, MA, NJ, NY, WA], and D.C.) is $190,200 - $206,500.
• The salary range for zone 2 (CO, HI, MD, RI) is $209,200 - $220,000.

All zones are eligible for equity in the form of stock options, plus target bonus incentives based on performance.

How We Use Technology in Hiring

As part of our hiring process, we may use technology tools, including AI-supported systems, to assist with reviewing applications or documenting interviews. These tools are designed to support our team, not replace human judgment, and final hiring decisions are always made by our team.

Application Instructions

Please complete the following application. Please note that the U.S. Equal Opportunity Employment Information questions below are used for the purposes of EEOC reporting and are optional to complete. Octave is unable to change these questions and we acknowledge that many of the U.S. Equal Opportunity Employment Information questions are not inclusive or affirming of all aspects of cultural identity. Octave is committed to an inclusive workplace environment, and this information will not inform how we approach hiring or employment.