[Hiring] Senior Director of Information Security @TapestryHealth

Role Description

We are seeking a dynamic, technical, and visionary Director of Information Security to design, build, and protect our digital ecosystem from the ground up. In this role, you won't just sit in a boardroom managing spreadsheets; you will be the primary architect of our security posture, acting as a player-coach. Initially, you will be deeply hands-on, assessing our current vulnerabilities, hardening our infrastructure, and implementing robust security frameworks. As you establish our baseline defense, you will have the mandate and budget to recruit, hire, and mentor a high-performing security team to scale our operations.

Key Responsibilities:

• Phase 1: Establish & Execute (Hands-On Focus)
  • Architect & Implement: Evaluate our current infrastructure, cloud (AWS/Azure/GCP) and on-prem environments, and applications to design and deploy robust security controls.
  • Incident Response & Monitoring: Set up and manage SIEM, EDR, and vulnerability scanning tools. Act as the primary incident responder for any security anomalies.
  • Identity & Access Management: Audit and enforce strict IAM, PAM, and MFA protocols across all corporate and production systems.
  • Compliance & Governance: Align our security programs with industry standards (e.g., SOC 2, ISO 27001, NIST, HIPAA, or GDPR as applicable) and manage internal/external audits.
• Phase 2: Scale & Lead (Team Building Focus)
  • Talent Acquisition: Own the roadmap for security headcount. Source, interview, and hire specialized talent (e.g., SecOps, GRC, AppSec engineers).
  • Leadership & Mentorship: Define clear KPIs, foster a culture of continuous learning, and provide technical mentorship to your growing team.
  • Security Culture: Lead company-wide security awareness training and champion a "security-first" mindset across engineering and business operations.
  • Vendor & Budget Management: Evaluate and manage third-party security vendors, MSSPs, and tool budgets to optimize ROI.

Qualifications

• Experience: 7+ years of progressive experience in cybersecurity, with at least 2+ years in a team leadership or supervisory role.
• Cloud Security: Deep, practical knowledge of securing public cloud environments (AWS, Azure, or GCP).
• SecOps & Architecture: Proven hands-on experience with firewalls, network security, penetration testing, endpoint protection, and log analysis.
• Framework Fluency: Direct experience implementing and auditing frameworks such as SOC 2, NIST CSF, or ISO 27001.
• Code/Scripting (Preferred): Ability to write basic scripts (Python, Bash, PowerShell) to automate security workflows is a major plus.
• The "Builder" Mentality: You thrive in ambiguity and enjoy building processes and teams from scratch rather than just maintaining legacy systems.
• Communication: Ability to translate complex technical risks into clear, actionable business insights for non-technical executives.
• Certifications: CISSP, CISM, CEH, or cloud-specific security certifications (e.g., AWS Certified Security) are highly desirable but secondary to proven, practical capability.

Requirements

• The anticipated annualized salary for this role is 200-215K.
• This remote position follows a location-based compensation structure.
• The posted salary range represents the potential pay range across various U.S. geographic markets.
• Actual compensation will be determined based on the candidate’s primary work location, experience, qualifications, and internal equity considerations, in accordance with applicable pay transparency laws.