Senior Director, Information Security Delivery - VM IR SS

Be part of a team that unleashes the power of leading-edge technologies to help improve the health and well-being of those most vulnerable in our country and communities. Working at Gainwell carries its rewards. You’ll have an incredible opportunity to grow your career in a company that values work flexibility, learning, and career development. You’ll add to your technical credentials and certifications while enjoying a generous, flexible vacation policy and educational assistance. We also have comprehensive leadership and technical development academies to help build your skills and capabilities.

Summary

The Senior Director, Information Security Delivery is a transformative executive leader responsible for building and leading a world-class Vulnerability Management Program, a centralized Incident Response capability, and a high-performing Security Shared Services organization. Reporting directly to the VP, Deputy Chief Business Information Security Officer, this role will drive enterprise-wide risk reduction, operational excellence, and client differentiation through scalable, standardized, and measurable security practices. This leader will be instrumental in elevating the maturity of the organization’s security programs, centralizing embedded resources, and delivering measurable business value through security innovation and execution.

Your role in our mission

• Build, lead, and run a dedicated vulnerability management team, including analysts, engineers, and program managers, with a strong emphasis on cross-functional collaboration across infrastructure, application, cloud, and business teams.
• Develop and implement a comprehensive vulnerability lifecycle framework, encompassing identification, prioritization, remediation, and reporting, aligned with business risk and regulatory requirements.
• Drive measurable risk reduction through automation, prioritization based on business impact, and integration with threat intelligence and incident response.
• Continuously improve program maturity and effectiveness, leveraging metrics, benchmarking, and innovation to position the organization as a leader in vulnerability management.
• Utilize technology to enhance the vulnerability management program, including the selection and implementation of tools for vulnerability scanning, assessment, and reporting.
• Establish vulnerability management as a strategic enterprise function, transforming it from a reactive process into a proactive, risk-reducing capability that serves as a competitive differentiator for clients.
• Design and operationalize a centralized incident response function, capable of rapid detection, containment, and recovery from security incidents across all accounts.
• Develop and maintain incident response playbooks, escalation protocols, and communication plans tailored to various threat scenarios and business impacts.
• Lead response efforts for high-severity incidents, coordinating technical and business stakeholders to ensure timely resolution and root cause analysis.
• Establish post-incident review processes to capture lessons learned, drive continuous improvement, and enhance organizational resilience.
• Ensure compliance with legal, regulatory, and contractual obligations, including breach notification and forensic investigation requirements.
• Lead the centralization of embedded security analysts and engineers into a unified Security Shared Services organization, driving standardization, scalability, and efficiency.
• Implement a shared services operating model, including intake processes, service catalogs, performance metrics, and capacity planning.
• Foster a culture of excellence and accountability, ensuring shared services staff are empowered, supported, and aligned with enterprise security goals.
• Drive process optimization and automation, reducing operational overhead and enabling faster, more consistent service delivery.
• Collaborate with account teams, ISO leaders, and business stakeholders to ensure seamless integration and high client satisfaction.
• Lead the advancement of security program maturity across vulnerability management, incident response, and shared services using the NIST Cybersecurity Framework and other industry standards.
• Conduct regular maturity assessments, identifying gaps, benchmarking against peers, and prioritizing initiatives to elevate program effectiveness.
• Develop and execute multi-year maturity roadmaps, with clear milestones, KPIs, and business alignment.
• Position program maturity as a client differentiator, showcasing the organization’s commitment to excellence, transparency, and resilience.
• Develop and execute strategic roadmaps for vulnerability management, incident response, and shared services, aligned with enterprise security objectives.
• Define and track KPIs and OKRs across all domains to measure effectiveness, maturity, and business impact.
• Lead quality assurance initiatives, ensuring high standards in security deliverables and client outcomes.
• Provide regular executive-level reporting, including dashboards, risk summaries, and strategic recommendations.
• Position security capabilities as a client differentiator, showcasing maturity, responsiveness, and innovation in security operations.
• Engage with internal and external stakeholders, including IT, legal, compliance, and business units, to align security initiatives with business needs.
• Represent the organization in client meetings, governance forums, and industry events, reinforcing the value and leadership of the security program.
• Drive the execution of the centralized metrics program that addresses risk, performance, and effectiveness at various organizational levels. This includes defining metrics that provide meaningful insights into the organization's information security posture and performance.
• Use metrics and dashboards to drive informed decision-making and continuous improvement. This includes analyzing data to identify trends, assess risks, and make evidence-based recommendations for enhancing information security practices.
• Implement standardization across the organization to eliminate variation in information security practices. This involves developing and enforcing standardized policies, procedures, and guidelines that ensure consistency and reliability in information security operations.
• Hold teams accountable for adhering to established standards and achieving performance targets. This includes setting clear expectations, providing regular feedback, and implementing performance management processes to ensure accountability.
• Monitor the effectiveness of the vulnerability management program by regularly reviewing and analyzing metrics, conducting audits, and implementing continuous improvement initiatives.
• Foster a culture of security awareness and accountability within the organization, ensuring that all employees understand their role in the vulnerability management process and are committed to maintaining a secure environment.
• Communicate the status and effectiveness of the vulnerability management program to senior leadership and other stakeholders, providing regular updates and reports on key metrics and progress. 

What we're looking for

• Master's degree required, preferably in Computer Science or Data Analytics
• Bachelor's degree in Information Security, Computer Science, or a related field preferred
• A minimum of 12 years of experience in information security, with at least 8 years in leadership roles.
• Relevant certifications such as CISSP, CISM, or CISA are required

What you should expect in this role

• Fully remote opportunity with the option to work anywhere within the United States.
• Opportunities to travel through your work (0-10%).

The deadline to submit applications for this posting is October 21, 2025.

The pay range for this position is $143,600.00 - $205,200.00 per year, however, the base pay offered may vary depending on geographic region, internal equity, job-related knowledge, skills, and experience among other factors. Put your passion to work at Gainwell. You’ll have the opportunity to grow your career in a company that values work flexibility, learning, and career development. All salaried, full-time candidates are eligible for our generous, flexible vacation policy, a 401(k) employer match, comprehensive health benefits, and educational assistance. We also have a variety of leadership and technical development academies to help build your skills and capabilities.

We believe nothing is impossible when you bring together people who care deeply about making healthcare work better for everyone. Build your career with Gainwell, an industry leader. You’ll be joining a company where collaboration, innovation, and inclusion fuel our growth. Learn more about Gainwell at our company website and visit our Careers site for all available job role openings.

Gainwell Technologies is an Equal Opportunity Employer, where all qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), age, sexual orientation, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.