Senior Director, Information Security

Position description

Position Title: Senior Director, Information Security

Reports to: Managing Director, Strategic Information Systems

Location:  Employees in this role can work from our Boston, MA office, remotely within the U.S. or hybrid of these two options (5-10% travel)

Position Type: Full-Time, Regular, Exempt, 40 hours/week

Position Overview 

The Senior Director, Information Security serves as Partners In Health’s senior‑most cybersecurity leader, accountable for the integrity and resilience of PIH’s global security posture. This role functions as PIH’s information security officer, setting enterprise‑wide cyber strategy, defining acceptable risk, and ensuring alignment with the NIST Cybersecurity Framework across all platforms and care delivery sites.

In this capacity, the Senior Director, Information Security will own the comprehensive security and compliance landscape, serving as the subject matter expert for risk management and policy development. This role will drive the continuous evolution of our GRC maturity, establishing the frameworks required to identify coverage gaps and ensuring that all security standards are robustly documented, maintained, and adhered to across the organization. In continuous collaboration with the Senior Director, Global IT and the Senior Director, Enterprise Systems, the Senior Director, Information Security will be responsible for defining and driving a prioritized list of security improvements across the organization and for reporting to executive leadership on progress maintaining and improving the organization’s cybersecurity posture over time.

This role demands a seamless integration of policy leadership and technical execution. As a hands-on technical lead, the Senior Director, Information Security will design the security architectures, automated workflows, and system baselines that enforce these policies technically. The Senior Director, Information Security is the designated owner for organizational risks, responsible for working directly with U.S. and global care delivery IT teams to translate high-level compliance requirements into concrete infrastructure configurations, ensuring our security posture is defensible, documented, and resilient. Given the existential risk that cyber threats pose to global health operations, this role is entrusted with safeguarding systems that underpin patient care, supply chains, and sensitive health data in every geography where PIH operates.

Responsibilities 

Team & Program Management (40%)

• Manage a team dedicated to leading cybersecurity initiatives for the organization—this will include several direct reports as well as dotted-line technical oversight of IT colleagues implementing cybersecurity policies globally.
• Lead the strategic alignment of the organization to the NIST CSF by developing and maintaining a robust policy library, ensuring operational procedures map directly to compliance standards.
• Establish a continuous compliance and audit process, creating and managing Plans of Action and Milestones (POA&M) to track and remediate security risks identified through ongoing assessments.
• Establish, maintain, and regularly communicate results of an organization-wide cybersecurity scorecard, based on key performance indicators aligned with prioritized cybersecurity threat scenarios.
• Oversee the organizational Cyber Security Incident Response Plan (CSIRP), utilizing expertise in adversary methods to design relevant tabletop exercises and lead global response coordination.
• Direct global security awareness and phishing simulation programs, utilizing data from real-world threats to customize training and drive behavioral change across the staff.

Technical Leadership (30%)

• Act as the Incident Commander during critical security events. Direct the technical response, perform advanced root cause analysis, ensure threat containment, and author post-incident executive briefings.
• Lead the implementation and optimization of the defensive stack (EDR/XDR, SIEM, and Vulnerability Management), ensuring maximum visibility and efficacy across on-premise and cloud environments.
• Responsible for integrating security throughout the Software Development Life Cycle (SDLC) by conducting architectural reviews, performing SAST/DAST testing, and partnering with engineering teams to remediate vulnerabilities.
• Conduct technical gap analyses and security assessments against industry benchmarks (NIST CSF), coordinating directly with infrastructure teams to prioritize and remediate hardened configurations.
• Lead technical initiatives for Identity and Access Management (IAM) and Privileged Access Management (PAM), designing controls to prevent credential theft and lateral movement.
• Translate audit findings and threat intelligence into actionable engineering projects, bridging the gap between high-level compliance requirements and technical implementation.
• Represent PIH in relevant cybersecurity partnerships, vendor relationships, and sector working groups, ensuring our approach reflects both best practice and the realities of global health delivery in lowresource settings.

Infrastructure Security (30%)

• Implement and maintain configuration management workflows (utilizing tools like Ansible, Chef, or native cloud tools) to standardize deployments.
• Provide subject matter expertise in securing and managing hybrid infrastructure environments (VMware, Azure, AWS), ensuring secure architecture for system workloads.
• Collaborate with the infrastructure team to operationalize vulnerability data, prioritizing and automating patch management processes with defined Service Level Agreements (SLAs).
• Maintain the health and performance of underlying infrastructure supporting critical security tools (e.g., log forwarders, SIEM collectors, jump hosts), ensuring high availability and reliable telemetry for threat protection.
• Leverage scripting languages (PowerShell, Python) to automate the application of security baselines across server and endpoint environments to ensure continuous compliance with NIST CSF standards.

Qualifications

Required Experience, Education, Licenses or Certifications

• 12+ years of progressive experience in Information Security, Information Systems, or Systems Engineering, including at least 4 years leading cybersecurity programs, security architecture, or security operations at the organizational or regional level.
• Experience with NIST, CIS, CMMC, ISO 27001/2, GRC frameworks and their implementation process.
• At least one advanced Information Security Certification (e.g., CISSP, CISM, or equivalent).

Skills

• Required: In-depth knowledge of computer and network systems. Ability to describe technical information in easy-to-understand terms. Network design/implementation and tools, NIST Cybersecurity Framework, MITRE ATT&CK Framework, IDS/IPS, EDR, SIEM. Experience working in an enterprise level cybersecurity environment. Strong attention to detail and ability to work across multiple time zones.
• Preferred: Experience working with Linux environments, Python, log querying language (e.g., KQL/SPL), Shell Scripting, Docker. Project management experience is a plus.

We recognize at PIH that all candidates may not have 100% of the above-mentioned skills. You are still encouraged to apply if you believe your skills and experience are well-placed to meet the needs of this role.

Core Values and Competencies

• Demonstrates the organization’s core values of: Commitment, Humility, Integrity and Pragmatic Solidarity/Accompaniment.
• Accountability – Able to accept responsibility for one's actions, outcomes, and those of their team.
• Achieving results – Able to design and conduct work with clarity and integrity: to set realistic targets for themselves and others, ensure availability of resources, monitor progress and performance, accomplish meaningful outcomes, evaluate achievements, and integrate lessons learned.
• Adaptability – Able to adapt to change, to balance multiple demands, consider new approaches, and persist towards solutions in changing circumstances.
• Teamwork – Able to work well with others to achieve common goals. Exemplary interpersonal skills; ability to collaborate effectively with staff across departments and countries.

This vacancy may be used to fill similar positions.

Organizational Profile

Partners In Health (PIH) is a non-profit, global health organization that fights social injustice by bringing the benefits of modern medical science first and foremost to the most vulnerable communities around the world. PIH focuses on those who would not otherwise have access to quality health care. PIH partners with the world’s leading academic institutions to create rigorous evidence that shapes more sound and all-inclusive global health policies. PIH also supports local governments’ efforts to build capacity and strengthen national health systems.

As of today, PIH runs programs in 11 countries (Haiti, Kazakhstan, Lesotho, Liberia, Malawi, Mexico, Navajo Nation, Peru, Rwanda, Sierra Leone, United States), where it provides direct care to millions of patients, through public facilities and community engagement.

Partners In Health (PIH) is committed to the fundamental principle of equal opportunity and equal treatment for every prospective and current employee. It is the policy of PIH not to discriminate on the basis of race, color, national or ethnic origin, ancestry, age, religion, creed, disability, sex and gender, sexual orientation, gender identity and/or expression, military or veteran status, or any other characteristic protected under applicable federal, state or local law. PIH works in and with a number of governments in and outside the U.S., and to the extent applicable, this statement is intended to incorporate the prohibition of any unlawful discrimination covered by applicable laws in such countries, states and municipalities.

Application instructions

Please be sure to indicate you saw this position on Globaljobs.org