Senior Director, Information Security

United States Boston, Massachusetts Remote, United States

Apply

Description

Position Title: Senior Director, Information Security 
Reports to: Managing Director, Strategic Information Systems 
Location:  Employees in this role can work from our Boston, MA office, remotely within the U.S. or hybrid of these two options (5-10% travel) 
Position Type: Full-Time, Regular, Exempt, 40 hours/week
 
Position Overview  
The Senior Director, Information Security serves as Partners In Health’s seniormost cybersecurity leader, accountable for the integrity and resilience of PIH’s global security posture. This role functions as PIH’s information security officer, setting enterprisewide cyber strategy, defining acceptable risk, and ensuring alignment with the NIST Cybersecurity Framework across all platforms and care delivery sites.  

In this capacity, the Senior Director, Information Security will own the comprehensive security and compliance landscape, serving as the subject matter expert for risk management and policy development. This role will drive the continuous evolution of our GRC maturity, establishing the frameworks required to identify coverage gaps and ensuring that all security standards are robustly documented, maintained, and adhered to across the organization.  In continuous collaboration with the Senior Director, Global IT and the Senior Director, Enterprise Systems, the Senior Director, Information Security will be responsible for defining and driving a prioritized list of security improvements across the organization and for reporting to executive leadership on progress maintaining and improving the organization’s cybersecurity posture over time. 

This role demands a seamless integration of policy leadership and technical execution. As a hands-on technical lead, the Senior Director, Information Security will design the security architectures, automated workflows, and system baselines that enforce these policies technically. The Senior Director, Information Security is the designated owner for organizational risks, responsible for working directly with U.S. and global care delivery IT teams to translate high-level compliance requirements into concrete infrastructure configurations, ensuring our security posture is defensible, documented, and resilient. Given the existential risk that cyber threats pose to global health operations, this role is entrusted with safeguarding systems that underpin patient care, supply chains, and sensitive health data in every geography where PIH operates. 

Responsibilities 
Team & Program Management (40%) 
  • Manage a team dedicated to leading cybersecurity initiatives for the organization—this will include several direct reports as well as dotted-line technical oversight of IT colleagues implementing cybersecurity policies globally. 
  • Lead the strategic alignment of the organization to the NIST CSF by developing and maintaining a robust policy library, ensuring operational procedures map directly to compliance standards. 
  • Establish a continuous compliance and audit process, creating and managing Plans of Action and Milestones (POA&M) to track and remediate security risks identified through ongoing assessments. 
  • Establish, maintain, and regularly communicate results of an organization-wide cybersecurity scorecard, based on key performance indicators aligned with prioritized cybersecurity threat scenarios. 
  • Oversee the organizational Cyber Security Incident Response Plan (CSIRP), utilizing expertise in adversary methods to design relevant tabletop exercises and lead global response coordination. 
  • Direct global security awareness and phishing simulation programs, utilizing data from real-world threats to customize training and drive behavioral change across the staff. 
  
Technical Leadership (30%) 
  • Act as the Incident Commander during critical security events. Direct the technical response, perform advanced root cause analysis, ensure threat containment, and author post-incident executive briefings. 
  • Lead the implementation and optimization of the defensive stack (EDR/XDR, SIEM, and Vulnerability Management), ensuring maximum visibility and efficacy across on-premise and cloud environments. 
  • Responsible for integrating security throughout the Software Development Life Cycle (SDLC) by conducting architectural reviews, performing SAST/DAST testing, and partnering with engineering teams to remediate vulnerabilities. 
  • Conduct technical gap analyses and security assessments against industry benchmarks (NIST CSF), coordinating directly with infrastructure teams to prioritize and remediate hardened configurations. 
  • Lead technical initiatives for Identity and Access Management (IAM) and Privileged Access Management (PAM), designing controls to prevent credential theft and lateral movement. 
  • Translate audit findings and threat intelligence into actionable engineering projects, bridging the gap between high-level compliance requirements and technical implementation. 
  • Represent PIH in relevant cybersecurity partnerships, vendor relationships, and sector working groups, ensuring our approach reflects both best practice and the realities of global health delivery in lowresource settings. 
Infrastructure Security (30%) 
  • Implement and maintain configuration management workflows (utilizing tools like Ansible, Chef, or native cloud tools) to standardize deployments. 
  • Provide subject matter expertise in securing and managing hybrid infrastructure environments (VMware, Azure, AWS), ensuring secure architecture for system workloads. 
  • Collaborate with the infrastructure team to operationalize vulnerability data, prioritizing and automating patch management processes with defined Service Level Agreements (SLAs). 
  • Maintain the health and performance of underlying infrastructure supporting critical security tools (e.g., log forwarders, SIEM collectors, jump hosts), ensuring high availability and reliable telemetry for threat protection. 
  • Leverage scripting languages (PowerShell, Python) to automate the application of security baselines across server and endpoint environments to ensure continuous compliance with NIST CSF standards. 
  
Required Experience, Education, Licenses or Certifications 
  • 12+ years of progressive experience in Information Security, Information Systems, or Systems Engineering, including at least 4 years leading cybersecurity programs, security architecture, or security operations at the organizational or regional level. 
  • Experience with NIST, CIS, CMMC, ISO 27001/2, GRC frameworks and their implementation process. 
  • At least one advanced Information Security Certification (e.g., CISSP, CISM, or equivalent). 
Skills 
  • Required: In-depth knowledge of computer and network systems.  Ability to describe technical information in easy-to-understand terms.  Network design/implementation and tools, NIST Cybersecurity Framework, MITRE ATT&CK Framework, IDS/IPS, EDR, SIEM. Experience working in an enterprise level cybersecurity environment. Strong attention to detail and ability to work across multiple time zones. 
  • Preferred: Experience working with Linux environments, Python, log querying language (e.g., KQL/SPL), Shell Scripting, Docker Project management experience is a plus. 
  
We recognize at PIH that all candidates may not have 100% of the above-mentioned skills. You are still encouraged to apply if you believe your skills and experience are well-placed to meet the needs of this role. 
  
Core Values and Competencies 
  • Demonstrates the organization’s core values of: Commitment, Humility, Integrity and Pragmatic Solidarity/Accompaniment.  
  • Accountability – Able to accept responsibility for one's actions, outcomes, and those of their team. 
  • Achieving results – Able to design and conduct work with clarity and integrity: to set realistic targets for themselves and others, ensure availability of resources, monitor progress and performance, accomplish meaningful outcomes, evaluate achievements, and integrate lessons learned.  
  • Adaptability – Able to adapt to change, to balance multiple demands, consider new approaches, and persist towards solutions in changing circumstances.  
  • Teamwork – Able to work well with others to achieve common goals. Exemplary interpersonal skills; ability to collaborate effectively with staff across departments and countries.  
  
This vacancy may be used to fill similar positions. 
  
 
Organizational Profile   
Partners In Health (PIH) is a non-profit, global health organization that fights social injustice by bringing the benefits of modern medical science first and foremost to the most vulnerable communities around the world. PIH focuses on those who would not otherwise have access to quality health care. PIH partners with the world’s leading academic institutions to create rigorous evidence that shapes more sound and all-inclusive global health policies. PIH also supports local governments’ efforts to build capacity and strengthen national health systems. 
As of today, PIH runs programs in 11 countries (Haiti, Kazakhstan, Lesotho, Liberia, Malawi, Mexico, Navajo Nation, Peru, Rwanda, Sierra Leone, United States), where it provides direct care to millions of patients, through public facilities and community engagement. 
Partners In Health (PIH) is committed to the fundamental principle of equal opportunity and equal treatment for every prospective and current employee. It is the policy of PIH not to discriminate on the basis of race, color, national or ethnic origin, ancestry, age, religion, creed, disability, sex and gender, sexual orientation, gender identity and/or expression, military or veteran status, or any other characteristic protected under applicable federal, state or local law.  PIH works in and with a number of governments in and outside the U.S., and to the extent applicable, this statement is intended to incorporate the prohibition of any unlawful discrimination covered by applicable laws in such countries, states and municipalities.   
Partners In Health participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the Form I-9. Any offer of employment is contingent upon the successful completion of applicable background checks. 
Our Benefits Are Built for Real Life 
We know you do your best work when you’re supported. 
  • Work from anywhere in the U.S. for most roles, with flexibility baked into how we operate 
  • Comprehensive health coverage (medical, dental, vision, disability, and life insurance) so you can focus on what matters 
  • A 401(k) with automatic employer contributions to help you invest in your future 
  • Flexible PTO with no cap, plus generous holidays, summer and winter breaks, and a sabbatical program 
  • Professional development support and home office reimbursements to help you grow and work comfortably wherever you are 
(Some roles may require specific locations or on-site presence. Benefits are subject to plan terms.) 
The expected starting salary range for new hires in this position is between $130,000-160,000/year and may vary depending on multiple individualized factors, including market for the position, job-related knowledge, skills, and experience.  
Partners In Health will ensure that persons with disabilities are provided reasonable accommodations for the hiring process. If a reasonable accommodation is needed, please contact: [email protected]. 






Position Title: Senior Director, Information Security  

Reports to: Managing Director, Strategic Information Systems  

Location: Employees in this role can work from our Boston, MA office, remotely within the U.S. or  

hybrid of these two options (5-10% travel)  

Position Type: Full-Time, Regular, Exempt, 40 hours/week  

Position Overview  

The Senior Director, Informaꢀon Security serves as Partners In Health’s senior-most cybersecurity leader,  

accountable for the integrity and resilience of PIH’s global security posture. This role funcꢀons as PIH’s  

informaꢀon security officer, seꢁng enterprise-wide cyber strategy, defining acceptable risk, and ensuring  

alignment with the NIST Cybersecurity Framework across all plaꢂorms and care delivery sites.  

In this capacity, the Senior Director, Informaꢀon Security will own the comprehensive security and  

compliance landscape, serving as the subject maꢃer expert for risk management and policy  

development. This role will drive the conꢀnuous evoluꢀon of our GRC maturity, establishing the  

frameworks required to idenꢀfy coverage gaps and ensuring that all security standards are robustly  

documented, maintained, and adhered to across the organizaꢀon. In conꢀnuous collaboraꢀon with the  

Senior Director, Global IT and the Senior Director, Enterprise Systems, the Senior Director, Informaꢀon  

Security will be responsible for defining and driving a prioriꢀzed list of security improvements across the  

organizaꢀon and for reporꢀng to execuꢀve leadership on progress maintaining and improving the  

organizaꢀon’s cybersecurity posture over ꢀme.  

This role demands a seamless integraꢀon of policy leadership and technical execuꢀon. As a hands-on  

technical lead, the Senior Director, Informaꢀon Security will design the security architectures, automated  

workflows, and system baselines that enforce these policies technically. The Senior Director, Informaꢀon  

Security is the designated owner for organizaꢀonal risks, responsible for working directly with U.S. and  

global care delivery IT teams to translate high-level compliance requirements into concrete  

infrastructure configuraꢀons, ensuring our security posture is defensible, documented, and resilient.  

Given the existenꢀal risk that cyber threats pose to global health operaꢀons, this role is entrusted with  

safeguarding systems that underpin paꢀent care, supply chains, and sensiꢀve health data in every  

geography where PIH operates.  

Responsibilities  

Team & Program Management (40%)  


Manage a team dedicated to leading cybersecurity iniꢀaꢀves for the organizaꢀon—this will  

include several direct reports as well as doꢃed-line technical oversight of IT colleagues  

implemenꢀng cybersecurity policies globally.  


Lead the strategic alignment of the organizaꢀon to the NIST CSF by developing and maintaining a  

robust policy library, ensuring operaꢀonal procedures map directly to compliance standards.  








Establish a conꢀnuous compliance and audit process, creaꢀng and managing Plans of Acꢀon and  

Milestones (POA&M) to track and remediate security risks idenꢀfied through ongoing  

assessments.  

Establish, maintain, and regularly communicate results of an organizaꢀon-wide cybersecurity  

scorecard, based on key performance indicators aligned with prioriꢀzed cybersecurity threat  

scenarios.  



Oversee the organizaꢀonal Cyber Security Incident Response Plan (CSIRP), uꢀlizing experꢀse in  

adversary methods to design relevant tabletop exercises and lead global response coordinaꢀon.  

Direct global security awareness and phishing simulaꢀon programs, uꢀlizing data from real-  

world threats to customize training and drive behavioral change across the staff.  

Technical Leadership (30%)  





Act as the Incident Commander during criꢀcal security events. Direct the technical response,  

perform advanced root cause analysis, ensure threat containment, and author post-incident  

execuꢀve briefings.  

Lead the implementaꢀon and opꢀmizaꢀon of the defensive stack (EDR/XDR, SIEM, and  

Vulnerability Management), ensuring maximum visibility and efficacy across on-premise and  

cloud environments.  

Responsible for integraꢀng security throughout the Soꢄware Development Life Cycle (SDLC) by  

conducꢀng architectural reviews, performing SAST/DAST tesꢀng, and partnering with  

engineering teams to remediate vulnerabiliꢀes.  

Conduct technical gap analyses and security assessments against industry benchmarks (NIST  

CSF), coordinaꢀng directly with infrastructure teams to prioriꢀze and remediate hardened  

configuraꢀons.  




Lead technical iniꢀaꢀves for Idenꢀty and Access Management (IAM) and Privileged Access  

Management (PAM), designing controls to prevent credenꢀal theꢄ and lateral movement.  

Translate audit findings and threat intelligence into acꢀonable engineering projects, bridging the  

gap between high-level compliance requirements and technical implementaꢀon.  

Represent PIH in relevant cybersecurity partnerships, vendor relationships, and sector working  

groups, ensuring our approach reflects both best practice and the realities of global health  

delivery in lowresource settings.  

Infrastructure Security (30%)  





Implement and maintain configuraꢀon management workflows (uꢀlizing tools like Ansible, Chef,  

or naꢀve cloud tools) to standardize deployments.  

Provide subject maꢃer experꢀse in securing and managing hybrid infrastructure environments  

(VMware, Azure, AWS), ensuring secure architecture for system workloads.  

Collaborate with the infrastructure team to operaꢀonalize vulnerability data, prioriꢀzing and  

automaꢀng patch management processes with defined Service Level Agreements (SLAs).  

Maintain the health and performance of underlying infrastructure supporꢀng criꢀcal security  

tools (e.g., log forwarders, SIEM collectors, jump hosts), ensuring high availability and reliable  

telemetry for threat protecꢀon.  


Leverage scripꢀng languages (PowerShell, Python) to automate the applicaꢀon of security  

baselines across server and endpoint environments to ensure conꢀnuous compliance with NIST  

CSF standards.  






Required Experience, Educaꢀon, Licenses or Cerꢀficaꢀons  


12+ years of progressive experience in Informaꢀon Security, Informaꢀon Systems, or Systems  

Engineering, including at least 4 years leading cybersecurity programs, security architecture, or  

security operaꢀons at the organizaꢀonal or regional level.  


Experience with NIST, CIS, CMMC, ISO 27001/2, GRC frameworks and their implementation  

process.  


Skills  


At least one advanced Information Security Certification (e.g., CISSP, CISM, or equivalent).  

Required: In-depth knowledge of computer and network systems. Ability to describe technical  

information in easy-to-understand terms. Network design/implementaꢀon and tools, NIST  

Cybersecurity Framework, MITRE ATT&CK Framework, IDS/IPS, EDR, SIEM. Experience working in  

an enterprise level cybersecurity environment. Strong aꢃenꢀon to detail and ability to work  

across mulꢀple ꢀme zones.  


Preferred: Experience working with Linux environments, Python, log querying language (e.g.,  

KQL/SPL), Shell Scripꢀng, Docker. Project management experience is a plus.  

We recognize at PIH that all candidates may not have 100% of the above-menꢀoned skills. You are sꢀll encouraged  

to apply if you believe your skills and experience are well-placed to meet the needs of this role.  

Core Values and Competencies  


Demonstrates the organizaꢀon’s core values of: Commitment, Humility, Integrity and Pragmaꢀc  

Solidarity/Accompaniment.  



Accountability – Able to accept responsibility for one's acꢀons, outcomes, and those of their team.  

Achieving results – Able to design and conduct work with clarity and integrity: to set realisꢀc  

targets for themselves and others, ensure availability of resources, monitor progress and  

performance, accomplish meaningful outcomes, evaluate achievements, and integrate lessons  

learned.  



Adaptability – Able to adapt to change, to balance mulꢀple demands, consider new approaches,  

and persist towards soluꢀons in changing circumstances.  

Teamwork – Able to work well with others to achieve common goals. Exemplary interpersonal  

skills; ability to collaborate effecꢀvely with staff across departments and countries.  

This vacancy may be used to fill similar posiꢀons.  

Organizational Profile  

Partners In Health (PIH) is a non-profit, global health organization that fights social injustice by bringing  

the benefits of modern medical science first and foremost to the most vulnerable communities around  

the world. PIH focuses on those who would not otherwise have access to quality health care. PIH  




partners with the world’s leading academic institutions to create rigorous evidence that shapes more  

sound and all-inclusive global health policies. PIH also supports local governments’ efforts to build  

capacity and strengthen national health systems.  

As of today, PIH runs programs in 11 countries (Haiti, Kazakhstan, Lesotho, Liberia, Malawi, Mexico,  

Navajo Nation, Peru, Rwanda, Sierra Leone, United States), where it provides direct care to millions of  

patients, through public facilities and community engagement.  

Partners In Health (PIH) is committed to the fundamental principle of equal opportunity and equal  

treatment for every prospective and current employee. It is the policy of PIH not to discriminate on the  

basis of race, color, national or ethnic origin, ancestry, age, religion, creed, disability, sex and gender,  

sexual orientation, gender identity and/or expression, military or veteran status, or any other  

characteristic protected under applicable federal, state or local law. PIH works in and with a number of  

governments in and outside the U.S., and to the extent applicable, this statement is intended to  

incorporate the prohibition of any unlawful discrimination covered by applicable laws in such countries,  

states and municipalities.  

Partners In Health participates in E-Verify and will provide the federal government with your Form I-9  

information to confirm that you are authorized to work in the U.S. If E-Verify cannot confirm that you  

are authorized to work, this employer is required to give you written instructions and an opportunity to  

contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin  

to resolve the issue before the employer can take any action against you, including terminating your  

employment. Employers can only use E-Verify once you have accepted a job offer and completed the  

Form I-9. Any offer of employment is contingent upon the successful completion of applicable  

background checks.  

Our Benefits Are Built for Real Life  

We know you do your best work when you’re supported.  



Work from anywhere in the U.S. for most roles, with flexibility baked into how we operate  

Comprehensive health coverage (medical, dental, vision, disability, and life insurance) so you  

can focus on what matters  



A 401(k) with automatic employer contributions to help you invest in your future  

Flexible PTO with no cap, plus generous holidays, summer and winter breaks, and a sabbatical  

program  


Professional development support and home office reimbursements to help you grow and work  

comfortably wherever you are  

(Some roles may require specific locations or on-site presence. Benefits are subject to plan terms.)  

The expected starting salary range for new hires in this position is between $130,000-160,000/year and  

may vary depending on multiple individualized factors, including market for the position, job-related  

knowledge, skills, and experience.  






Partners In Health will ensure that persons with disabilities are provided reasonable accommodations for  

the hiring process. If a reasonable accommodation is needed, please contact: pihrecruitment@pih.org.  


Apply Apply Later
← Back to Current Openings

Share