Sr. Director of Information Security

Company Overview: TapestryHealth is dedicated to improving the quality of care for patients in skilled nursing facilities. We deliver innovative, technology-enabled healthcare solutions designed to enhance patient outcomes, optimize operations, and support the unique needs of long-term care providers. With a team of experienced professionals and cutting-edge tools, we collaborate with our partners to ensure the highest standards of care while reducing barriers to access and efficiency. Together, we are transforming healthcare for the better — one patient, one facility, and one solution at a time. Position Overview We are seeking a dynamic, technical, and visionary Director of Information Security to design, build, and protect our digital ecosystem from the ground up. In this role, you won't just sit in a boardroom managing spreadsheets, you will be the primary architect of our security posture, acting as a player-coach. Initially, you will be deeply hands-on, assessing our current vulnerabilities, hardening our infrastructure, and implementing robust security frameworks. As you establish our baseline defense, you will have the mandate and budget to recruit, hire, and mentor a high-performing security team to scale our operations. Key Responsibilities: Phase 1: Establish & Execute (Hands-On Focus) Architect & Implement: Evaluate our current infrastructure, cloud (AWS/Azure/GCP) and on prem environments, and applications to design and deploy robust security controls. Incident Response & Monitoring: Set up and manage SIEM, EDR, and vulnerability scanning tools. Act as the primary incident responder for any security anomalies. Identity & Access Management: Audit and enforce strict IAM, PAM, and MFA protocols across all corporate and production systems. Compliance & Governance: Align our security programs with industry standards (e.g., SOC 2, ISO 27001, NIST, HIPAA, or GDPR as applicable) and manage internal/external audits. Phase 2: Scale & Lead (Team Building Focus) Talent Acquisition: Own the roadmap for security headcount. Source, interview, and hire specialized talent (e.g., SecOps, GRC, AppSec engineers). Leadership & Mentorship: Define clear KPIs, foster a culture of continuous learning, and provide technical mentorship to your growing team. Security Culture: Lead company-wide security awareness training and champion a "security-first" mindset across engineering and business operations. Vendor & Budget Management: Evaluate and manage third-party security vendors, MSSPs, and tool budgets to optimize ROI. Required Qualifications: Technical Requirements Experience: 7+ years of progressive experience in cybersecurity, with at least 2+ years in a team leadership or supervisory role. Cloud Security: Deep, practical knowledge of securing public cloud environments (AWS, Azure, or GCP). SecOps & Architecture: Proven hands-on experience with firewalls, network security, penetration testing, endpoint protection, and log analysis. Framework Fluency: Direct experience implementing and auditing frameworks such as SOC 2, NIST CSF, or ISO 27001. Code/Scripting (Preferred): Ability to write basic scripts (Python, Bash, PowerShell) to automate security workflows is a major plus. Leadership & Soft Skills The "Builder" Mentality: You thrive in ambiguity and enjoy building processes and teams from scratch rather than just maintaining legacy systems. Communication: Ability to translate complex technical risks into clear, actionable business insights for non-technical executives. Certifications: CISSP, CISM, CEH, or cloud-specific security certifications (e.g., AWS Certified Security) are highly desirable but secondary to proven, practical capability. The anticipated annualized salary for this role is 200-215K. This remote position follows a location-based compensation structure. The posted salary range represents the potential pay range across various U.S. geographic markets. Actual compensation will be determined based on the candidate’s primary work location, experience, qualifications, and internal equity considerations, in accordance with applicable pay transparency laws. Apply To This Job