Well

Senior Director, Information Security

Well$190K — $230K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 8+ years in compliance, risk management, information security, and IT roles in a high-growth environment.
  • Knowledge of security management frameworks like SOC, HIPAA/HITRUST, NIST, and ISO.
  • Ability to develop security policies and governance programs relevant to health-related contexts.
  • Strong collaborative skills with a focus on partnership across technical and business teams.
  • Deep understanding of software engineering workflows and optimization strategies.
  • Experience with cloud computing in virtualized environments.
  • Professional security management certification(s) required.
  • Experienced in contract and vendor negotiations and management, especially in managed services.
  • Familiarity with internal audit methodologies and control framework evaluation for SaaS companies.
  • Knowledge of AI security best practices and risk mitigation in healthcare or SaaS.

Responsibilities

  • Partner with infrastructure and engineering teams to build a comprehensive enterprise security program.
  • Facilitate risk assessment and management processes with business units.
  • Align policies with both strategic and operational business realities through committee interactions.
  • Serve as the main security expert for clients regarding data privacy issues.
  • Oversee selection and management of vendors for third-party audits and certifications.
  • Design and test business continuity and disaster recovery strategies to ensure platform resilience.
  • Lead continuous security monitoring operations and vulnerability management programs.
  • Raise awareness of risk management and ensure compliance training across the company.
  • Contribute to business technology planning with insights on current and future technology needs.
  • Ensure the security of all systems and sensitive member data in compliance with data and security policies.

Benefits

  • Collaborative work environment with executive management.
  • Opportunity to influence strategic policy development.
  • Access to innovative technology and security practices.
  • Professional development and training opportunities in security management.
  • Potential for performance bonuses and incentives.
Full Job Description
Description

Position Title: Senior Director, Information Security (Security Officer)

Reporting to: VP, Legal & General Counsel (Privacy Officer)

Location: Preference for Chapel Hill, NC or Newton, MA

Compensation: $190,000 - $230,000 per year, depending on qualifications, plus bonus potential and benefits

Description: As the Security Officer for Well, you will collaborate with executive management and key operational teams to determine acceptable levels of risk for the organization and you will be responsible for developing and maintaining the company's information security management program, which includes policies designed to protect enterprise communications, systems and assets from both internal and external threats. Reporting to the VP, Legal & General Counsel, you will provide independent partnership to our key operational teams, most notably the technology organization, driving both the development of policies that achieve the right posture, given our strategic and operational needs, and consulting on the implementation of such policies that you own and maintain on an ongoing basis. You will also serve as the subject matter expert and key contact for customers on security and member data privacy issues as they relate to the use of our platform, in close collaboration with the General Counsel (Privacy Officer). Additionally, you will collaborate with the General Counsel to provide independent risk reporting and escalation directly to the Board of Directors.

Key Responsibilities:
  • Partner with infrastructure and engineering teams to develop and monitor a strategic, comprehensive enterprise security and IT risk management framework and program
  • Work directly with the business units to facilitate risk assessment and risk management processes
  • Understand and interact with related disciplines (e.g., through committees or working groups) to ensure our policies are tuned correctly to balance strategic and operational realities, and the consistent application of our policies and standards across all technology projects, systems and services
  • Serve as a subject matter expert and point of contact for customers, potential customers, and sales colleagues on security and member data privacy issues as they relate to the use of our platform (e.g., in RFP responses, contracts, implementation, security audits)
  • Lead selection and management of external vendors to conduct third-party audits, assessments and certifications (e.g., HITRUST, SOC2, etc.)
  • Partner with infrastructure and engineering teams to design, maintain, and regularly test business continuity and disaster recovery strategies to ensure platform resilience and data availability, as well as to lead incident response plan (IRP) development and act as quarterback for IRP issues
  • Partner with infrastructure and engineering teams on continuous security monitoring operations, vulnerability management programs, threat intelligence, and the deployment of the corporate endpoint/network security stack
  • Partner with business stakeholders across the company to raise awareness of risk management concerns and ensure compliance with required policy acknowledgments and training
  • Assist with overall business technology planning, providing a current knowledge and future vision of technology and systems
  • Take personal responsibility for keeping all Well systems and data, including sensitive member data, secure and safe, according to Well data and security policies and HIPAA guidelines


Requirements

  • Minimum of 8 years of experience in a combination of compliance, risk management, information security and IT roles in a high-growth organization
  • Knowledge of common information security management frameworks, such as SOC, HIPAA/HITRUST, NIST and ISO
  • Demonstrated ability to develop effective security policies and governance programs in a health-related business context
  • Commercially minded, strong track record of partnership across the business, including successful collaboration with technical teams
  • Deep understanding of software engineering workflows and work products along with the ability to apply this knowledge to optimize strategies that achieve strategic alignment with organizational objectives
  • Experience with Cloud computing across virtualized environments
  • Professional security management certification(s)
  • Experience with contract and vendor negotiations and management, including managed services
  • Familiarity with internal audit methodologies applicable to SaaS companies, IT general controls (ITGC) testing, and control framework evaluation (e.g. COSO, COBIT); experience building or managing an internal audit function
  • Familiarity with AI security best practices and governance frameworks (e.g., NIST AI RMF, OWASP LLM Top 10, ISO/IEC 42001), including experience assessing and mitigating AI-specific risks such as model security, data integrity, and prompt injection in a healthcare or SaaS context

About Well

Well is a healthcare company that provides a wide range of services to individuals and families. The company was founded in 2000 and has since grown to become one of the largest healthcare providers in the region. Well is known for its expertise in primary care, urgent care, and specialty care. The company has a team of experienced professionals who are dedicated to providing the best possible care to their patients. Well is committed to using the latest technology and techniques to ensure that their patients receive the most accurate and up-to-date information.
Learn more about Well
Size
10,000 employees
Industry

Similar Jobs

More Jobs at Well

More Information Technology Jobs

Find similar Senior Director, Information Security jobs: