New

Senior Director, Information Security

Partners In Health
life insurance, 401(k)
United States, Massachusetts, Boston
800 Boylston Street (Show on map)
May 12, 2026
Description Position Title :Senior Director, Information Security Reports to : Managing Director, Strategic Information Systems Location : Employees in this role can work from our Boston, MA office, remotely within the U.S. or hybrid of these two options (5-10%travel) Position Type: Full-Time, Regular, Exempt, 40 hours/week Position Overview The Senior Director, Information Security serves as Partners In Health's senior most cybersecurity leader, accountable for the integrity and resilience of PIH's global security posture. This role functions as PIH's information security officer, setting enterprise wide cyber strategy, defining acceptable risk, and ensuring alignment with the NIST Cybersecurity Framework across all platforms and care delivery sites. In this capacity, theSenior Director, Information Security will own the comprehensive security and compliance landscape, serving as the subject matter expert for risk management and policy development. This role will drive the continuous evolution of our GRC maturity, establishing the frameworks required to identify coverage gaps and ensuring that all security standards are robustly documented, maintained, and adhered to across the organization. In continuous collaboration with the Senior Director, Global IT and the Senior Director, Enterprise Systems, the Senior Director, Information Security will be responsible for defining and driving a prioritized list of security improvements across the organization and for reporting to executive leadership on progress maintaining and improving the organization's cybersecurity posture over time. This role demands a seamless integration of policy leadership and technical execution. As a hands-on technical lead, theSenior Director, Information Security will design the security architectures, automated workflows, and system baselines that enforce these policies technically. TheSenior Director, Information Security is the designated owner for organizational risks, responsible for working directly with U.S. and global care delivery IT teams to translate high-level compliance requirements into concrete infrastructure configurations, ensuring our security posture is defensible, documented, and resilient. Given the existential risk that cyber threats pose to global health operations, this role is entrusted with safeguarding systems that underpin patient care, supply chains, and sensitive health data in every geography where PIH operates. Responsibilities Team & Program Management(40%) Manage a team dedicated to leading cybersecurity initiatives for the organization-this will include several direct reports as well as dotted-line technical oversight of IT colleagues implementing cybersecurity policies globally. Lead the strategic alignment of the organization to the NIST CSF by developing and maintaining a robust policy library, ensuring operational procedures map directly to compliance standards. Establish a continuous compliance and audit process, creating and managing Plans of Action and Milestones (POA&M) to track and remediate security risks identified through ongoing assessments. Establish, maintain, and regularly communicate results of an organization-wide cybersecurity scorecard, based on key performance indicators aligned with prioritized cybersecurity threat scenarios. Oversee the organizational Cyber Security Incident Response Plan (CSIRP), utilizing expertise in adversary methods to design relevant tabletop exercises and lead global response coordination. Direct global security awareness and phishing simulation programs, utilizing data from real-world threats to customize training and drive behavioral change across the staff. Technical Leadership (30%) Act as the Incident Commander during critical security events. Direct the technical response, perform advanced root cause analysis, ensure threat containment, and author post-incident executive briefings. Lead the implementation and optimization of the defensive stack (EDR/XDR, SIEM, and Vulnerability Management), ensuring maximum visibility and efficacy across on-premise and cloud environments. Responsible for integrating security throughout the Software Development Life Cycle (SDLC) by conducting architectural reviews, performing SAST/DAST testing, and partnering with engineering teams to remediate vulnerabilities. Conduct technical gap analyses and security assessments against industry benchmarks (NIST CSF), coordinating directly with infrastructure teams to prioritize and remediate hardened configurations. Lead technical initiatives for Identity and Access Management (IAM) and Privileged Access Management (PAM), designing controls to prevent credential theft and lateral movement. Translate audit findings and threat intelligence into actionable engineering projects, bridging the gap between high-level compliance requirements and technical implementation. Represent PIH in relevant cybersecurity partnerships, vendor relationships, and sector working groups, ensuring our approach reflects both best practice and the realities of global health delivery in low resource settings. Infrastructure Security (30%) Implement and maintain configuration management workflows (utilizing tools like Ansible, Chef, or native cloud tools) to standardize deployments. Provide subject matter expertise in securing and managing hybrid infrastructure environments (VMware, Azure, AWS), ensuring secure architecture for system workloads. Collaborate with the infrastructure team to operationalize vulnerability data, prioritizing and automating patch management processes with defined Service Level Agreements (SLAs). Maintain the health and performance of underlying infrastructure supporting critical security tools (e.g., log forwarders, SIEM collectors, jump hosts), ensuring high availability and reliable telemetry for threat protection. Leverage scripting languages (PowerShell, Python) to automate the application of security baselines across server and endpoint environments to ensure continuous compliance with NIST CSF standards. Required Experience, Education, Licenses or Certifications 12+ years of progressive experience in Information Security, Information Systems, or Systems Engineering, including at least 4 years leading cybersecurity programs, security architecture, or security operations at the organizational or regional level. Experiencewith NIST, CIS,CMMC,ISO27001/2, GRC frameworks and their implementation process. At least one advanced Information Security Certification (e.g., CISSP, CISM, or equivalent). Skills Required: In-depth knowledge of computer and network systems. Ability to describe technical information in easy-to-understand terms. Network design/implementation and tools, NIST Cybersecurity Framework, MITRE ATT&CK Framework, IDS/IPS, EDR, SIEM. Experience working in an enterprise level cybersecurity environment. Strong attention to detail and ability to work across multiple time zones. Preferred: Experience working with Linux environments, Python, log querying language (e.g., KQL/SPL), Shell Scripting, Docker. Project management experience is a plus. We recognize at PIH that all candidates may not have 100% of the above-mentioned skills. You are still encouraged to apply if you believe your skills and experience are well-placed to meet the needs of this role. Core Values and Competencies Demonstrates the organization's core values of: Commitment, Humility, Integrity and Pragmatic Solidarity/Accompaniment. Accountability - Able to accept responsibility for one's actions, outcomes, and those of their team. Achieving results - Able to design and conduct work with clarity and integrity: to set realistic targets for themselves and others, ensure availability of resources, monitor progress and performance, accomplish meaningful outcomes, evaluate achievements, and integrate lessons learned. Adaptability - Able to adapt to change, to balance multiple demands, consider new approaches, and persist towards solutions in changing circumstances. Teamwork - Able to work well with others to achieve common goals. Exemplary interpersonal skills; ability to collaborate effectively with staff across departments and countries. This vacancy may be used to fill similar positions. Organizational Profile Partners In Health (PIH) is a non-profit, global health organization that fights social injustice by bringing the benefits of modern medical science first and foremost to the most vulnerable communities around the world. PIH focuses on those who would not otherwise have access to quality health care. PIH partners with the world's leading academic institutions to create rigorous evidence that shapes more sound and all-inclusive global health policies. PIH also supports local governments' efforts to build capacity and strengthen national health systems. As of today, PIH runs programs in 11 countries (Haiti, Kazakhstan, Lesotho, Liberia, Malawi, Mexico, Navajo Nation, Peru, Rwanda, Sierra Leone, United States), where it provides direct care to millions of patients, through public facilities and community engagement. Partners In Health (PIH) is committed to the fundamental principle of equal opportunity and equal treatment for every prospective and current employee. It is the policy of PIH not to discriminate on the basis of race, color, national or ethnic origin, ancestry, age, religion, creed, disability, sex and gender, sexual orientation, gender identity and/or expression, military or veteran status, or any other characteristic protected under applicable federal, state or local law.PIH works in and with a number of governments in and outside the U.S., and to the extent applicable, this statement is intended to incorporate the prohibition of any unlawful discrimination covered by applicable laws in such countries, states and municipalities. Partners In Health participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the Form I-9. Any offer of employment is contingent upon the successful completion of applicable background checks. Our Benefits Are Built for Real Life We know you do your best work when you're supported. Work from anywhere in the U.S.for most roles, with flexibility baked into how we operate Comprehensive health coverage(medical, dental, vision, disability, and life insurance) so you can focus on what matters A 401(k) with automatic employer contributionsto help you invest in your future Flexible PTO with no cap, plus generous holidays, summer and winter breaks, and a sabbatical program Professional development supportandhome office reimbursementsto help you grow and work comfortably wherever you are (Some roles may require specific locations or on-site presence. Benefits are subject to plan terms.) The expected starting salary range for new hires in this position is between $130,000-160,000/year and may vary depending on multiple individualized factors, including market for the position, job-related knowledge, skills, and experience. Partners In Health will ensure that persons with disabilities are provided reasonable accommodations for the hiring process. If a reasonable accommodation is needed, please contact: [emailprotected] . Position Title : Senior Director, Information Security Reports to : Managing Director, Strategic Information Systems Location : Employees in this role can work from our Boston, MA office, remotely within the U.S. or hybrid of these two options (5-10% travel) Position Type: Full-Time, Regular, Exempt, 40 hours/week Position Overview The Senior Director, Informaon Security serves as Partners In Health's senior-most cybersecurity leader, accountable for the integrity and resilience of PIH's global security posture. This role funcons as PIH's informaon security ocer, seng enterprise-wide cyber strategy, dening acceptable risk, and ensuring alignment with the NIST Cybersecurity Framework across all plaorms and care delivery sites. In this capacity, the Senior Director, Informaon Security will own the comprehensive security and compliance landscape, serving as the subject maer expert for risk management and policy development. This role will drive the connuous evoluon of our GRC maturity, establishing the frameworks required to idenfy coverage gaps and ensuring that all security standards are robustly documented, maintained, and adhered to across the organizaon. In connuous collaboraon with the Senior Director, Global IT and the Senior Director, Enterprise Systems, the Senior Director, Informaon Security will be responsible for dening and driving a priorized list of security improvements across the organizaon and for reporng to execuve leadership on progress maintaining and improving the organizaon's cybersecurity posture over me. This role demands a seamless integraon of policy leadership and technical execuon. As a hands-on technical lead, the Senior Director, Informaon Security will design the security architectures, automated workows, and system baselines that enforce these policies technically. The Senior Director, Informaon Security is the designated owner for organizaonal risks, responsible for working directly with U.S. and global care delivery IT teams to translate high-level compliance requirements into concrete infrastructure conguraons, ensuring our security posture is defensible, documented, and resilient. Given the existenal risk that cyber threats pose to global health operaons, this role is entrusted with safeguarding systems that underpin paent care, supply chains, and sensive health data in every geography where PIH operates. Responsibilities Team & Program Management (40%) * Manage a team dedicated to leading cybersecurity iniaves for the organizaon-this will include several direct reports as well as doed-line technical oversight of IT colleagues implemenng cybersecurity policies globally. * Lead the strategic alignment of the organizaon to the NIST CSF by developing and maintaining a robust policy library, ensuring operaonal procedures map directly to compliance standards. * * Establish a connuous compliance and audit process, creang and managing Plans of Acon and Milestones (POA&M) to track and remediate security risks idened through ongoing assessments. Establish, maintain, and regularly communicate results of an organizaon-wide cybersecurity scorecard, based on key performance indicators aligned with priorized cybersecurity threat scenarios. * * Oversee the organizaonal Cyber Security Incident Response Plan (CSIRP), ulizing experse in adversary methods to design relevant tabletop exercises and lead global response coordinaon. Direct global security awareness and phishing simulaon programs, ulizing data from real- world threats to customize training and drive behavioral change across the sta. Technical Leadership (30%) * * * * Act as the Incident Commander during crical security events. Direct the technical response, perform advanced root cause analysis, ensure threat containment, and author post-incident execuve briengs. Lead the implementaon and opmizaon of the defensive stack (EDR/XDR, SIEM, and Vulnerability Management), ensuring maximum visibility and ecacy across on-premise and cloud environments. Responsible for integrang security throughout the Soware Development Life Cycle (SDLC) by conducng architectural reviews, performing SAST/DAST tesng, and partnering with engineering teams to remediate vulnerabilies. Conduct technical gap analyses and security assessments against industry benchmarks (NIST CSF), coordinang directly with infrastructure teams to priorize and remediate hardened conguraons. * * * Lead technical iniaves for Identy and Access Management (IAM) and Privileged Access Management (PAM), designing controls to prevent credenal the and lateral movement. Translate audit ndings and threat intelligence into aconable engineering projects, bridging the gap between high-level compliance requirements and technical implementaon. Represent PIH in relevant cybersecurity partnerships, vendor relationships, and sector working groups, ensuring our approach reflects both best practice and the realities of global health delivery in low resource settings. Infrastructure Security (30%) * * * * Implement and maintain conguraon management workows (ulizing tools like Ansible, Chef, or nave cloud tools) to standardize deployments. Provide subject maer experse in securing and managing hybrid infrastructure environments (VMware, Azure, AWS), ensuring secure architecture for system workloads. Collaborate with the infrastructure team to operaonalize vulnerability data, priorizing and automang patch management processes with dened Service Level Agreements (SLAs). Maintain the health and performance of underlying infrastructure supporng crical security tools (e.g., log forwarders, SIEM collectors, jump hosts), ensuring high availability and reliable telemetry for threat protecon. * Leverage scripng languages (PowerShell, Python) to automate the applicaon of security baselines across server and endpoint environments to ensure connuous compliance with NIST CSF standards. Required Experience, Educaon, Licenses or Cercaons * 12+ years of progressive experience in Informaon Security, Informaon Systems, or Systems Engineering, including at least 4 years leading cybersecurity programs, security architecture, or security operaons at the organizaonal or regional level. * Experience with NIST, CIS, CMMC, ISO 27001/2, GRC frameworks and their implementation process. * Skills * At least one advanced Information Security Certification (e.g., CISSP, CISM, or equivalent). Required: In-depth knowledge of computer and network systems. Ability to describe technical information in easy-to-understand terms. Network design/implementaon and tools, NIST Cybersecurity Framework, MITRE ATT&CK Framework, IDS/IPS, EDR, SIEM. Experience working in an enterprise level cybersecurity environment. Strong aenon to detail and ability to work across mulple me zones. * Preferred: Experience working with Linux environments, Python, log querying language (e.g., KQL/SPL), Shell Scripng, Docke r . P roject management experience is a plus. We recognize at PIH that all candidates may not have 100% of the above-menoned skills. You are sll encouraged to apply if you believe your skills and experience are well-placed to meet the needs of this role. Core Values and Competencies * Demonstrates the organizaon's core values of: Commitment, Humility, Integrity and Pragmac Solidarity/Accompaniment. * * Accountability - Able to accept responsibility for one's acons, outcomes, and those of their team. Achieving results - Able to design and conduct work with clarity and integrity: to set realisc targets for themselves and others, ensure availability of resources, monitor progress and performance, accomplish meaningful outcomes, evaluate achievements, and integrate lessons learned. * * Adaptability - Able to adapt to change, to balance mulple demands, consider new approaches, and persist towards soluons in changing circumstances. Teamwork - Able to work well with others to achieve common goals. Exemplary interpersonal skills; ability to collaborate eecvely with sta across departments and countries. This vacancy may be used to ll similar posions. Organizational Profile Partners In Health (PIH) is a non-profit, global health organization that fights social injustice by bringing the benefits of modern medical science first and foremost to the most vulnerable communities around the world. PIH focuses on those who would not otherwise have access to quality health care. PIH partners with the world's leading academic institutions to create rigorous evidence that shapes more sound and all- inclusive global health policies. PIH also supports local governments' efforts to build capacity and strengthen national health systems. As of today, PIH runs programs in 11 countries (Haiti, Kazakhstan, Lesotho, Liberia, Malawi, Mexico, Navajo Nation, Peru, Rwanda, Sierra Leone, United States), where it provides direct care to millions of patients, through public facilities and community engagement. Partners In Health (PIH) is committed to the fundamental principle of equal opportunity and equal treatment for every prospective and current employee. It is the policy of PIH not to discriminate on the basis of race, color, national or ethnic origin, ancestry, age, religion, creed, disability, sex and gender, sexual orientation, gender identity and/or expression, military or veteran status, or any other characteristic protected under applicable federal, state or local law. PIH works in and with a number of governments in and outside the U.S., and to the extent applicable, this statement is intended to incorporate the prohibition of any unlawful discrimination covered by applicable laws in such countries, states and municipalities. Partners In Health participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the Form I-9. Any offer of employment is contingent upon the successful completion of applicable background checks. Our Benefits Are Built for Real Life We know you do your best work when you're supported. * * Work from anywhere in the U.S. for most roles, with flexibility baked into how we operate Comprehensive health coverage (medical, dental, vision, disability, and life insurance) so you can focus on what matters * * A 401(k) with automatic employer contributions to help you invest in your future Flexible PTO with no cap, plus generous holidays, summer and winter breaks, and a sabbatical program * Professional development support and home office reimbursements to help you grow and work comfortably wherever you are (Some roles may require specific locations or on-site presence. Benefits are subject to plan terms.) The expected starting salary range for new hires in this position is between $130,000-160,000/year and may vary depending on multiple individualized factors, including market for the position, job-related knowledge, skills, and experience. Partners In Health will ensure that persons with disabilities are provided reas onable accommodations f or the hiring process. If a reasonable accommodation is needed, please contact: pihrecruitment@pih.org .