Director of Enterprise Security

At Definitive Healthcare, our passion is to transform data, analytics and expertise into healthcare commercial intelligence. We help clients uncover the right markets, opportunities and people, so they can shape tomorrow's healthcare industry. Our SaaS platform creates new paths to commercial success in the healthcare market, so companies can identify where to go next.

Our employees are kind, collaborative, energetic, approachable and driven. On top of that, we value the unique perspectives, backgrounds and voices of our employees. Why? Because their diverse experiences drive new ideas and help us build a better community.

For over 10 years, we've built a collaborative culture driven by employees who share a passion for improving the healthcare ecosystem, enjoy giving back to the local community and value diversity and inclusion.

One of the hallmarks of our culture is our commitment to community service. Through the DefinitiveCares program, employees can work with their choice of more than 40 charitable organizations, supporting causes from hunger and homelessness to healthcare, LGBTQ+ issues, racial justice, women's initiatives and more. 2021 marked the sixth year that we had 100% employee participation in DefinitiveCares.

We also provide a range of opportunities for employees to connect with each other. Employees can join any of our employee run affinity groups supporting causes such as women's empowerment, LGBTQ+, Black, indigenous and people of color (BIPOC), disabilities and working parents and potential for many more. Affinity groups often enable greater education companywide through training, events and speaker series.

We're also a great place to work. For five years in a row, we've been recognized by the Boston Business Journal and the Boston Globe as a best place to work in Massachusetts. In 2022, Energage recognized us for Culture Excellence in Compensation & Benefits, Innovation, Great Leadership, Purpose & Value and Work-Life Flexibility

Think you'd be a good addition to our team? Explore our available positions here. We'd love the chance to get to know you.

Position Summary

Reporting directly to the Vice President, Information Technology, the Director of Enterprise Security (DES) responsibilities include offering guidance, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders.

The prime responsibilities of the DES role are to identify, quantify and proactively address security issues and changes in the businesses risk profile. The DES will focus on improving the end-to-end risk posture, and ensure appropriate controls are implemented across the technology landscape to operate within risk appetite. The DES will be expected to drive effective risk & controls management and support the IT team through identification of control weaknesses and recommendations for improved security; articulation of the business impact and associated risk; and educate on proactive measures to remediate.

The DES will manage the overall security program, ensuring the security compliance facing off to auditors, Cybersecurity DDQ's (Due Diligence Questionnaires) from clients, and providing all Cybersecurity training. You will partner closely with the IT/Engineering/DevOps departments to ensure the work is appropriately prioritized to ensure the technology landscape is operating within the risk appetite and provide transparent reporting to senior management on the overall risk position.

Primary Job Functions

• Define and articulate a clear vision for the organization's information security strategy, aligning it with the overall business objectives and technological advancements. Lead the development and implementation of comprehensive security programs that not only protect the organization's assets but also enable business innovation and growth.
• Cultivate strong relationships with leaders across key business units, such as HR, Legal, and Finance, to ensure that security measures are seamlessly integrated with business processes and aligned with organizational goals. Act as a trusted advisor to these departments, offering insights on security implications related to their specific functions and initiatives.
• Lead cross-departmental security committees or working groups to facilitate open dialogue on security challenges, priorities, and strategies. Encourage collaborative planning and execution of security initiatives, ensuring that each department's unique needs and risks are addressed in the overall security framework.
• Champion the importance of security within all business units by providing regular updates on the security landscape, emerging threats, and the organization's security posture. Utilize these sessions as opportunities to advocate for security best practices and the adoption of secure behaviors at all levels of the organization.
• Serve as a visionary leader who can anticipate emerging security trends and adapt strategies to mitigate future risks. Influence organizational culture and policies to prioritize security at every level, ensuring it is integrated into the DNA of the organization's operations and decision-making processes.
• Actively participate in strategic projects and initiatives across the organization to provide security guidance from the inception phase. Ensure that security considerations are embedded in project lifecycles, from planning and design to implementation and review.
• Champion a culture of security awareness and best practices throughout the organization, engaging with all levels of staff to foster an environment where every employee understands their role in maintaining security. Initiate and lead enterprise-wide security awareness and training programs that empower employees to be proactive in recognizing and mitigating security threats.
• Act as the principal security advisor to C-suite executives and the board, providing strategic insights and updates on the security landscape, risk management, and compliance matters. Build strong relationships with stakeholders across the organization to ensure seamless collaboration and support for security initiatives.
• Encourage innovation within the security team by fostering an environment that supports creativity, experimentation, and the exploration of cutting-edge security technologies and practices. Regularly review and refine security strategies and processes to ensure they remain effective against evolving threats and align with industry best practices.
• Lead, mentor, and develop a high-performing security team, setting clear goals and expectations, providing regular feedback, and supporting career development. Create an environment that promotes teamwork, diversity, inclusion, and mutual respect, where team members are motivated to achieve excellence.
• Develop strategic goals and objectives for the department and provide written and verbal updates to the CPTO and business leadership.
• Ensure that all information security policies remain up-to-date and are regularly reviewed.
• Ensure all firm information security systems are configured and operating according to policies and standards.
• Ensure technology risk impacting the business is effectively identified, quantified, communicated, and managed, including recommendations for resolution, and identifying the root cause/key themes.
• Develop and articulate strategic goals and objectives for the information security department, aligning with business objectives and technological advancements. Provide regular updates to CPTO and senior leadership to ensure strategic alignment and transparency.
• Oversee the development, implementation, and regular review of information security policies and systems to ensure they are up-to-date, effective, and aligned with industry best practices and compliance standards.
• Lead comprehensive risk management efforts, including the identification, quantification, and communication of technology risks to the business. Collaborate with relevant departments to implement effective risk mitigation strategies and ensure the organization operates within its risk appetite.
• Establish and maintain partnerships with third-party providers, such as Managed Detection and Response services, to enhance the organization's security posture through advanced logging, monitoring, and incident response capabilities.
• Direct the organization's incident response efforts, including leading high-level strategy for triage, containment, investigation, and remediation of security incidents. Ensure the development and maintenance of incident response plans and playbooks.
• Champion security awareness and best practices across the organization, leading enterprise-wide training and awareness programs to foster a security-conscious culture.
• Drive the continuous assessment and improvement of security controls and processes to address emerging threats and vulnerabilities. This includes overseeing the management of security technologies such as privileged access management software and ensuring the effectiveness of security controls.
• Facilitate cross-functional collaboration to integrate security considerations into business and IT projects from inception through execution, ensuring that security is a foundational element of all organizational initiatives.
• Provide leadership in conducting and responding to security audits, third-party reviews, and client due diligence inquiries, ensuring that the organization's security measures meet or exceed industry standards and client expectations.

Certifications (Any of the Following)

• (CISSP) Certified Information Systems Security Professional
• (CISM) Certified Information Security Manager
• (Security+) CompTIA Security+
• (CEH) EC-Council Certified Ethical Hacker
• (GISF) GIAC Information Security Fundamentals
• (GSEC) GIAC Security Essentials

Basic Qualifications:

• Bachelor's degree in computer science or a related field, or equivalent work experience
• Minimum 8 years of experience at the senior level working in information security.
• Extensive experience with technologies used for vulnerability management, identity and privileged access management, data protection, security information and event management (SIEM), endpoint detection and response (EDR), and data loss prevention (DLP)
• Experience with Active Directory and Group Policy
• Experience with information security frameworks including SOC2, ISO 27001, NIST Cybersecurity Framework, and other compliance frameworks.
• Experience undergoing audits and developing security policies and procedures.
• CISA (Certified Information Security Auditor) or Certified Ethical Hacker (CEH) is a plus.
• Familiarity with Artificial Intelligence (AI) and Machine Learning (ML) usage and security controls is a plus.
• Experience conducting security vulnerability assessments, penetration testing, and ethical hacking is required; familiarity with the ISO/IEC 27001 standards and compliance is required.
• Clear understanding of the latest Microsoft Windows, Apple OSx, and Linux operating systems; intimate knowledge of mobile devices.
• Must understand information systems security; network architecture; network security; general database concepts; document management; hardware and software troubleshooting; electronic mail systems, such as Exchange, Document Management Systems; intrusion test tools; and computer forensic tools.
• Excellent written and verbal communication skills, including the ability to articulate complex issues to technical and non-technical stakeholders.
• Demonstrated critical thinking, problem-solving, and project management skills.

Why we love Definitive, and why you will too

• Industry leading products
• Work hard, and have fun doing it
• Incredibly fast growth means limitless opportunity
• Flexible and dynamic culture
• Work alongside some of the most talented and dedicated teammates
• Definitive Cares, our community service group, gives all of us a chance to give back
• Competitive benefits package including great healthcare benefits and a 401(k) match

What our Employees are saying about us on Glassdoor:

"Great Work atmosphere, great work life balance, excellent company to work for, amazing top notch product, incredible customer service, lots of tools to help you succeed."

-Business Development Manager

"Great team. Amazing growth. Employees are treated very well."

-Research Analyst

"I have waited 36 years to work at a dream job for a dream company and I am so happy to have finally got there."

-Profile Analyst

If you don't fit all of these qualifications, but believe you're still a great fit, feel free to apply and tell us why in your cover letter.

If you are a California, Colorado, New York City or Washington resident and this role is a remote role, you can receive additional information about the compensation and benefits for this role, which we will provide upon request.

Definitive Hiring Philosophy

Definitive Healthcare is an equal opportunity employer that celebrates diversity and is committed to creating an inclusive workplace with equal opportunity for all applicants and teammates. Our goal is to recruit the most talented people from a diverse candidate pool regardless of race, color, religion, age, gender, gender identity, sexual orientation or any other status. If you're interested in working in a fast growing, exciting working environment – we encourage you to apply

Privacy
Your privacy is important to us. Please review our Candidate Privacy Notice which tells you how we use and process your personal information

Please note: All communications regarding the hiring process at Definitive Healthcare will come directly from one of our corporate recruiters or coordinators with an email address. We will never request any money transfer or purchase of equipment with a promise of reimbursement. If you receive any suspicious communications, please reach out to to confirm your status in the application process.