Senior Director, Information Security Delivery

Be part of a team that unleashes the power of leading-edge technologies to help improve the health and well-being of those most vulnerable in our country and communities. Working at Gainwell carries its rewards. You'll have an incredible opportunity to grow your career in a company that values work flexibility, learning, and career development. You'll add to your technical credentials and certifications while enjoying a generous, flexible vacation policy and educational assistance. We also have comprehensive leadership and technical development academies to help build your skills and capabilities.

Summary

The Sr. Director, Information Security Delivery – Sector Lead is a transformative executive leader responsible for the strategic oversight and execution of all security activities across a defined sector of client accounts. This role is accountable for driving security excellence, standardization, and measurable business value through a team of Information Security Officers (ISOs) who directly manage security for individual accounts. Reporting to the VP, Chief Business Information Security Officer, this leader will help shape a new culture of security transformation which will position security as a business enabler and client differentiator.

The Sr. Director will play a pivotal role in supporting the enterprise Vulnerability Management Program, ensuring sector alignment and execution, while fostering a culture of accountability, innovation, and continuous improvement. Frequent engagement with senior client stakeholders and Gainwell leadership is essential to ensure strategic alignment and delivery excellence. Healthcare experience is essential, with a strong preference for Medicaid expertise and familiarity with working alongside state and federal government entities.

Your role in our mission

• Serve as the security authority for all accounts within the assigned sector.
• Support and drive the transformation of security into a business value add, emphasizing proactive risk management, innovation, and client differentiation.
• Navigate complex regulatory environments and collaborate with state and federal government agencies to ensure alignment and compliance.
• Promote security as a strategic business enabler through thought leadership, client engagement, and internal advocacy.
• Drive consistency and standardization across accounts, reducing variation and improving efficiency.
• Define and enforce clear metrics that drive informed decision-making and continuous improvement.
• Lead the development and use of sector specific dashboards to provide real-time visibility into security posture, performance, and risk.
• Represent the security program in client meetings, governance forums, and strategic discussions.
• Tailor security strategies and communications to meet client-specific needs and expectations, especially in healthcare and Medicaid environments.
• Develop and implement client engagement frameworks that promote proactive communication, responsiveness, and trust-building.
• Collaborate with client leadership to co-create security strategies that align with business goals and regulatory requirements.
• Monitor and evaluate client satisfaction metrics, using feedback to continuously improve security services and delivery.
• Empower ISO teams to act as trusted advisors to clients, providing insights, recommendations, and thought leadership in security.
• Represent the sector in client escalations and strategic forums, ensuring timely resolution and alignment with client expectations.
• Promote the visibility of security achievements and innovations to clients, reinforcing the value of Gainwell's security program.
• Ensure security deliverables are not only compliant and effective but also presented in a way that builds client confidence and trust.
• Ensure ISO teams are aligned with vulnerability management processes, including identification, prioritization, remediation, and reporting.
• Champion the integration of vulnerability management into account level security strategies, ensuring alignment with business risk and regulatory requirements.
• Collaborate with infrastructure, application, cloud, and business teams to ensure cross-functional coordination and timely resolution of vulnerabilities.
• Support the development and enforcement of standardized vulnerability lifecycle processes across the sector.
• Participate in vulnerability governance forums, representing sector interests and ensuring strategic alignment with enterprise risk management.
• Promote transparency and visibility of vulnerability management efforts to clients and internal stakeholders through regular reporting and communication.
• Advocate for the use of automation and threat intelligence to enhance prioritization and accelerate remediation efforts.
• Ensure sector teams contribute meaningfully to the success of the enterprise vulnerability management program, even if not directly managing it.
• Ensure ISO teams are identifying and addressing emerging risks before they escalate, using threat intelligence, vulnerability data, and business context.
• Collaborate with enterprise risk management, compliance, and legal teams to align sector-level risk activities with broader organizational goals.
• Establish clear risk ownership and accountability across ISO teams, ensuring timely mitigation and escalation of critical issues.
• Develop and maintain sector-specific risk registers, tracking key risks, mitigation plans, and progress toward resolution.
• Use metrics and dashboards to monitor risk trends, identify systemic issues, and inform strategic decision-making.
• Ensure risk management practices are tailored to the healthcare environment, with a strong focus on Medicaid program requirements and state/federal regulations.
• Provide regular risk briefings to senior leadership and clients, reinforcing transparency and trust in the organization's security posture.
• Lead the advancement of security program maturity across all sector accounts, leveraging frameworks such as NIST Cybersecurity Framework, CIS Controls, and ISO 27001.
• Conduct regular maturity assessments to identify gaps, benchmark against industry peers, and prioritize initiatives that elevate program effectiveness.
• Develop and execute multi-year maturity roadmaps with clear milestones, KPIs, and alignment to business and regulatory priorities.
• Ensure ISO teams are actively contributing to maturity efforts by implementing best practices, standardizing processes, and driving measurable improvements.
• Use data-driven insights to inform strategic decisions, optimize resource allocation, and enhance security posture across the sector.
• Encourage cross-functional collaboration to integrate security maturity goals with IT, compliance, and business operations.
• Align continuous improvement efforts with healthcare-specific requirements, including Medicaid program mandates and state/federal regulations.
• Recognize and reward innovation and excellence in security delivery, reinforcing a high-performance culture across the sector.

What we're looking for

• Master's degree required, preferably an MBA.
• Bachelor's degree in Information Security, Computer Science, or a related field preferred.
• A minimum of 12 years of experience in information security, with at least 8 years in leadership roles.
• Relevant certifications such as CISSP, CISM, or CISA are required.
• Extensive experience in information security, including leadership roles with a focus on strategic planning, program development, and operational management.
• Experience in building and managing comprehensive information security programs, including metrics, dashboards, and continuous improvement initiatives.
• Proven track record of building and managing high-performing teams, developing and implementing comprehensive security programs, and driving continuous improvement initiatives.

What you should expect in this role

• This role will require regular travel to clients within the United States.
• The position may involve working outside of regular business hours to address security incidents or urgent issues.

The deadline to submit applications for this posting is November 3, 2025.

The pay range for this position is $200, $250,000.00 per year, however, the base pay offered may vary depending on geographic region, internal equity, job-related knowledge, skills, and experience among other factors. Put your passion to work at Gainwell. You'll have the opportunity to grow your career in a company that values work flexibility, learning, and career development. All salaried, full-time candidates are eligible for our generous, flexible vacation policy, a 401(k) employer match, comprehensive health benefits, and educational assistance. We also have a variety of leadership and technical development academies to help build your skills and capabilities.

We believe nothing is impossible when you bring together people who care deeply about making healthcare work better for everyone. Build your career with Gainwell, an industry leader. You'll be joining a company where collaboration, innovation, and inclusion fuel our growth. Learn more about Gainwell at our company website and visit our Careers site for all available job role openings.

Gainwell Technologies is an Equal Opportunity Employer, where all qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), age, sexual orientation, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.