Position Summary

Phreesia is looking for aDirector, Security Operations & Infrastructureto serve as a senior member of the CISO’s leadership team and own the operational backbone of our security program. This roleprovidesleadership, oversight, and hands-on guidancefor two critical sub-teams: Threat ResponseandSecurity Infrastructure.

TheThreat Responseteamis responsible forenterprise-wide security incident detection, triage, containment, response, and forensics. TheSecurity Infrastructureteam owns all security and IT tooling across the companyndpoint management, identity infrastructure, SIEM/SOAR, network security appliances, cloud security tooling, and the platforms that keep every employee and system running in a dynamic,multi-cloud (AWS, Azure, GCP) and multi-OS (Windows, macOS, Linux)environment.

This role is ideal for adeeply technical security leaderwho has personally responded to and led security incidents, and who can also build and manage a team of senior engineers and architects capable of running a broad tool portfolioconsistently and to high customer satisfaction. The successful candidate has a technical background but isruthlessly diligent about process, standards, execution, and being rightsomeone who treats operational excellence as a discipline, not an afterthought.

A keyobjectiveof this role is to drivestandardization, reliability, and security maturityacross infrastructure and incident operations while enabling Phreesiaontinued growth. The Director will function as akey contributor to our target-state enterprise and security architecture, ensuring that security tooling and incident response capabilities are considered early in the design of new products, platforms, and integrations.

This position willbe responsible forcollaborating with the GRC, IAM, Security Architecture, Product & Engineering, and Phreesia leadershipteams on emerging challenges and operationalpriorities. The Director will stay current onevolving threats, technologies, and operational best practicesand will ensure our security operations programanticipatesrather than reacts to changes.

Candidates must be comfortableleading through both direct management and influence in a highly matrixed environment. You will directly manage threat response and infrastructure managers, while also driving outcomes through collaboration with engineering, product, and infrastructure teams across the company. This individual hashands-on experience building, running, and improving security operations and infrastructure programsin regulated data environments such as healthcare and payments, and is comfortable working across multiple compliance frameworks (PCI DSS, HITRUST, SOC 2, SOX ITGC, HIPAA/NIST) simultaneously.

The ideal candidatedemonstratesstrong analytical, interpersonal communication skills, and operational management capabilities: able to triage complex incidents under pressure, design practical tooling strategies, oversee implementation and hardening, and present clear status and risk updates to senior executives. They should be equally comfortable leading a live incident bridge, reviewinga firewallchange request, and walking a customerontrol environment.

Job Responsibilities

Whatyoudo

Threat Response Leadership

• Own enterprise-wide security incident responsensure the team can detect, triage,contain, eradicate, and recover from incidents across cloud, on-prem, SaaS, and endpoint environments with speed and precision.

• Maintain and continuously improve theincident response plan, playbooks, escalation procedures, and communication templates, ensuring they are tested, current, and aligned to NIST CSF 2.0.

• Serve asincidentcommander or executive sponsorfor high-severity incidents; make real-time decisions on containment and remediation under pressure.

• Drivepost-incident reviewsthat produce actionable findings, root-cause analysis, and measurable improvements ocumentation.

• Coordinate threat response acrossUS and India teams, ensuring consistent coverage, quality, and process regardless of geography.

• Partner withLegal & Privacythroughout the incident response lifecyclensuringnotification assessments, evidence preservation, regulatory reporting obligations, and litigation hold requirements are met in coordination with response activities.

• Think ahead of the curveontinuously assess the threat landscape,identifyemergingrisksand attack vectors likely toimpactefore they materialize, and developcontingency plans, tabletop exercises, and pre-positioned response strategiesompany is prepared, not surprised.

Security Infrastructure Leadership

• Own the security and IT tooling portfolio cross the company: endpoint management (MDM, EDR), identity infrastructure, SIEM/SOAR, network security, vulnerability scanning, email security, cloud security posture management, and related platforms.

• Ensure all tools areoperatedconsistently, reliably, and to high customer satisfactionvery employee and system as a customer of the infrastructure team.

• Drivestandardization and process disciplineacross tool administration: change management, patching, configuration baselines, and lifecycle management.

• Partner withSecurity Architectureto translate architectural decisions into operational realitynsuring new tools are deployedcorrectly nd legacy tools are retired cleanly.

• Managevendor relationships and contractsfor securitytooling;own renewal timelines, license optimization, and performance accountability.

Operational & Strategic

• Build andmaintainoperational metrics and dashboardsthat provide the CISO and leadership with clear visibility into incident trends, MTTD/MTTR, tool health, SLA performance, and infrastructure posture.

• Establish and enforceoperational standardsacross both sub-teams: runbooks, on-call rotations, escalation paths, change management, and documentation requirements.

• Collaborate closely withGRCto ensure incident response and infrastructure operations satisfy audit and compliance requirements across PCI DSS, HITRUST, SOC 2, and SOX ITGC.

• Act as amatrixed leader, influencing teams youdondirectly manage while providing clear, actionable guidance to executives, developers, and staff.

• Function as theCISOunctional backup for incident response and security infrastructure mattersustomer meetings and partner with theLegal/Privacy team on litigation-related security matters. (The Director, GRC & Data Protection serves as CISO backup for auditor and regulatorngagements.)

• Recruit, develop, andretainhigh-performing talent; build a culture that values precision, accountability, continuous improvement, and teamwork.

Education

Bachelor egreerequired; advanced degree preferred.

Certifications

One or more preferred: CISSP, CISM, GIAC (GCIH, GCIA, GCFA), CCSP, or similar.

Incident response or forensics certifications (GCIH, GCFE, GCFA,EnCE) are a strong differentiator.

Experience, Knowledge & Skills

• 10+ yearsin information security, with5+ years in leadership rolesmanaging security operations, incident response, or infrastructure/engineering teams.

• Prior role as aDirector of Security Operations, Head of Incident Response, or Security Infrastructure leadfor an organization of meaningful scale and complexity.

• Hands-on incident response experienceeen personally led incident bridges, performed triage, coordinated containment, and driven remediation for significant security events. This is not a role for someone who has only managed from a distance.

• Proven experiencemanaging a team of senior engineers/architectsresponsible for running a broad portfolio of security and IT tools in amulti-cloud (AWS, Azure, GCP) and multi-OS (Windows, macOS, Linux)environment.

• Experience in