Director of Security

OneStudyTeam·Remote(United States)
Software Development

WFA Digital Insight

As the demand for digital skills in the healthcare industry continues to grow, with over 70% of clinical trials now relying on cloud-based platforms, professionals with expertise in security and compliance are in high demand. OneStudyTeam, a leader in speeding up clinical trials, is seeking a Director of Security to lead their security strategy. With the global healthcare market expected to reach

1.9 trillion by 2027, companies like OneStudyTeam are at the forefront of innovation. Candidates should have a strong background in information security and management experience, with a keen eye for detail and the ability to lead high-performing teams. Before applying, it's essential to understand the current remote job market and the skills required to succeed in this role.

Job Description

About the Role

The Director of Security at OneStudyTeam will play a crucial role in leading the enterprise security strategy and execution across governance, risk, compliance, and security engineering. This is a hands-on, technical leadership role that requires a blend of strategic program leadership and practical execution. As a key member of the team, the Director will manage the GRC and Security Engineering teams, partner with technology and business leaders, and ensure the design and operation of secure systems and processes across the organization.

The Director of Security will be responsible for the overall security strategy and will work closely with various stakeholders to ensure the company's security posture is aligned with business priorities and regulatory obligations. This includes maintaining ISO 27001 and related controls, driving audit readiness for HIPAA and other frameworks, and coordinating policy lifecycle management and control testing.

What You Will Do

  • Lead and manage the GRC and Security Engineering teams, including strategy, objectives, staffing, coaching, and performance management
  • Own governance, risk, and compliance programs and maintain ISO 27001 and related controls
  • Drive audit readiness for HIPAA and other frameworks, and coordinate policy lifecycle management and control testing
  • Run vendor assessment and qualification programs, and oversee third-party risk management, due diligence, contractual security requirements, and continuous monitoring
  • Provide AI-related security assessments and guidance, and establish acceptable use guardrails for AI
  • Assess model and data risks, and advise on controls for AI-enabled solutions
  • Oversee security architecture for cloud environments and enterprise platforms
  • Partner with engineering on secure design for AWS, Azure, identity, network, and data protection
  • Direct security engineering operations, including EDR and threat detection with CrowdStrike, SIEM operations, CSPM posture management, vulnerability management, and SOAR automation
  • Lead incident response readiness and execution, including tabletop exercises, investigations, and delivering root cause and lessons learned
  • Own and manage security budgets, multi-year planning, vendor contracts, and cost optimization while meeting control objectives
  • Report program status and risk posture to executives and the board, and define and track KPIs and KRIs

What We Are Looking For

  • Minimum of 15+ years of progressive experience in information security or related fields
  • Minimum of 10+ years of management experience leading security teams
  • Strong background in security engineering, GRC, and compliance
  • Experience with cloud-based platforms, including AWS and Azure
  • Knowledge of AI-related security risks and controls
  • Strong leadership and management skills, with the ability to lead high-performing teams
  • Excellent communication and interpersonal skills, with the ability to communicate technical information to non-technical stakeholders
  • Experience with security budget management and cost optimization
  • Strong analytical and problem-solving skills, with the ability to analyze complex security risks and develop effective solutions

Nice to Have

  • Experience with ISO 27001 and related controls
  • Knowledge of HIPAA and other regulatory frameworks
  • Experience with security awareness training and culture development
  • Familiarity with security orchestration, automation, and response (SOAR) tools
  • Experience with cloud security architecture and engineering

Benefits and Perks

  • Competitive salary and benefits package
  • Opportunity to work with a leading company in the healthcare industry
  • Remote work options and flexible working hours
  • Professional development and training opportunities
  • Access to the latest security tools and technologies
  • Collaborative and dynamic work environment
  • Recognition and reward for outstanding performance

How to Stand Out

  • Develop a strong understanding of cloud security architecture and engineering, including AWS and Azure
  • Create a portfolio that showcases your experience in security engineering, GRC, and compliance
  • Prepare to discuss your approach to incident response and security risk management
  • Research the company's security posture and be prepared to ask informed questions during the interview
  • Highlight your leadership and management experience, and be prepared to provide examples of your ability to lead high-performing teams
  • Be prepared to discuss your experience with AI-related security risks and controls, and how you would approach these challenges in this role

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.