Well

Senior Director, Information Security

Well$190K — $230K *
US-AnywhereRemote in Chapel Hill, NC
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 8+ years of experience in compliance, risk management, and information security within a high-growth environment.
  • Knowledge of security management frameworks like SOC, HIPAA/HITRUST, NIST, and ISO.
  • Proven ability to create effective security policies in a health-related business.
  • Strong partnership skills across business functions, especially with technical teams.
  • Understanding of software engineering processes to align security strategies with business objectives.
  • Experience in Cloud computing and virtualized systems.
  • Relevant professional security management certifications.

Responsibilities

  • Develop and monitor a comprehensive enterprise security and IT risk management framework.
  • Facilitate risk assessments and management processes with business units.
  • Ensure policies are applied consistently across technology projects and services.
  • Act as a subject matter expert on security and privacy for customers and sales teams.
  • Manage external vendors for audits and certifications like HITRUST and SOC2.
  • Design and test business continuity and disaster recovery strategies.
  • Implement continuous security monitoring and vulnerability management programs.

Benefits

  • Comprehensive health and wellness benefits.
  • Generous paid time off policy.
  • 401(k) plan with company match.
  • Professional development opportunities.
  • Flexible work arrangements including potential remote options.
Full Job Description
Description

Position Title: Senior Director, Information Security (Security Officer)

Reporting to: VP, Legal & General Counsel (Privacy Officer)

Location: Preference for Chapel Hill, NC or Newton, MA

Compensation: $190,000 - $230,000 per year, depending on qualifications, plus bonus potential and benefits

Description: As the Security Officer for Well, you will collaborate with executive management and key operational teams to determine acceptable levels of risk for the organization and you will be responsible for developing and maintaining the company's information security management program, which includes policies designed to protect enterprise communications, systems and assets from both internal and external threats. Reporting to the VP, Legal & General Counsel, you will provide independent partnership to our key operational teams, most notably the technology organization, driving both the development of policies that achieve the right posture, given our strategic and operational needs, and consulting on the implementation of such policies that you own and maintain on an ongoing basis. You will also serve as the subject matter expert and key contact for customers on security and member data privacy issues as they relate to the use of our platform, in close collaboration with the General Counsel (Privacy Officer). Additionally, you will collaborate with the General Counsel to provide independent risk reporting and escalation directly to the Board of Directors.

Key Responsibilities:
  • Partner with infrastructure and engineering teams to develop and monitor a strategic, comprehensive enterprise security and IT risk management framework and program
  • Work directly with the business units to facilitate risk assessment and risk management processes
  • Understand and interact with related disciplines (e.g., through committees or working groups) to ensure our policies are tuned correctly to balance strategic and operational realities, and the consistent application of our policies and standards across all technology projects, systems and services
  • Serve as a subject matter expert and point of contact for customers, potential customers, and sales colleagues on security and member data privacy issues as they relate to the use of our platform (e.g., in RFP responses, contracts, implementation, security audits)
  • Lead selection and management of external vendors to conduct third-party audits, assessments and certifications (e.g., HITRUST, SOC2, etc.)
  • Partner with infrastructure and engineering teams to design, maintain, and regularly test business continuity and disaster recovery strategies to ensure platform resilience and data availability, as well as to lead incident response plan (IRP) development and act as quarterback for IRP issues
  • Partner with infrastructure and engineering teams on continuous security monitoring operations, vulnerability management programs, threat intelligence, and the deployment of the corporate endpoint/network security stack
  • Partner with business stakeholders across the company to raise awareness of risk management concerns and ensure compliance with required policy acknowledgments and training
  • Assist with overall business technology planning, providing a current knowledge and future vision of technology and systems
  • Take personal responsibility for keeping all Well systems and data, including sensitive member data, secure and safe, according to Well data and security policies and HIPAA guidelines


Requirements

  • Minimum of 8 years of experience in a combination of compliance, risk management, information security and IT roles in a high-growth organization
  • Knowledge of common information security management frameworks, such as SOC, HIPAA/HITRUST, NIST and ISO
  • Demonstrated ability to develop effective security policies and governance programs in a health-related business context
  • Commercially minded, strong track record of partnership across the business, including successful collaboration with technical teams
  • Deep understanding of software engineering workflows and work products along with the ability to apply this knowledge to optimize strategies that achieve strategic alignment with organizational objectives
  • Experience with Cloud computing across virtualized environments
  • Professional security management certification(s)
  • Experience with contract and vendor negotiations and management, including managed services
  • Familiarity with internal audit methodologies applicable to SaaS companies, IT general controls (ITGC) testing, and control framework evaluation (e.g. COSO, COBIT); experience building or managing an internal audit function
  • Familiarity with AI security best practices and governance frameworks (e.g., NIST AI RMF, OWASP LLM Top 10, ISO/IEC 42001), including experience assessing and mitigating AI-specific risks such as model security, data integrity, and prompt injection in a healthcare or SaaS context

About Well

Well is a healthcare company that provides a wide range of services to individuals and families. The company was founded in 2000 and has since grown to become one of the largest healthcare providers in the region. Well is known for its expertise in primary care, urgent care, and specialty care. The company has a team of experienced professionals who are dedicated to providing the best possible care to their patients. Well is committed to using the latest technology and techniques to ensure that their patients receive the most accurate and up-to-date information.
Learn more about Well
Size
10,000 employees
Industry

Similar Jobs

More Jobs at Well

More Information Technology Jobs

Find similar Senior Director, Information Security jobs: