Director of IT Security

Director of IT Security

Reporting directly to the Co-Founder and Chief Technology Officer, the Director of IT Security will oversee the implementation, configuration, maintenance and ongoing performance of VEDA’s IT infrastructure and systems. This key team member will work across internal teams and with vendors and partners to support the SOC’s mission of preventing, detecting, and responding to cyber threats as VEDA scales nationally.  The Director of IT Security will ensure adherence to federal and state regulations, maintaining the highest standards for security, compliance and privacy.


Candidate Responsibilities

  • Develop, implement and manage VEDA’s cloud security infrastructure, including applications, network and server security and compliance and data management
  • Build and manage VEDA’s enterprise cloud security strategy and technical roadmap, including build-out of budget requirements; ensure integration with VEDA’s overall IT and enterprise strategy
  • Build and maintain privacy and security practices in compliance with SOC and HIPAA requirements
  • Manage HITRUST, SOC 2 Type II certification process; ensure that sufficient policies and procedures are in place to successfully protect client data
  • Detect, understand, triage and escalate current threats against VEDA’s network
  • Oversee maintenance of on-premise and cloud-based IT infrastructure
  • Establish security measures required to successfully onboard large, multi-state payer organizations, including secure file exchange capability
  • Ensure privacy incident response procedures are integrated into existing processes and included in regular testing standards
  • Proactively research and provide recommendations for continuous improvement of information security technologies, processes and capability
  • Configuring corporate IT networks and provisioning secure mobile devices



  • Bachelors or master’s degree in computer science, information systems, business administration or related field, or equivalent work experience
  • 5+ years of in-depth knowledge of various information security control frameworks, best practice standards, and regulatory requirements
  • Cloud Infrastructure expertise; knowledge of AWS services and security controls
  • Experience with configuration of secure corporate IT networks and understanding of SIEM and network intrusion detection tools
  • Experience working directly with product and product development organizations; ability to translate between privacy regulations and technical requirements
  • Experience applying appropriate regulatory and / or statutory compliance for programs like HITRUST, SOC, PCI, HIPAA, ISO, NIST, and information security
  • Comprehensive experience with Amazon Web Services and/or Microsoft Azure as well as understanding of Identity and Access Management, Data Protection, Secure DevOps, Security Operations, and other Cloud security domains
  • Self-starter; ability to operate in a lean, start-up environment

Please send resume’s and questions to