Director Of Information Security And Principal Cloud Security Architect

Summary

Join Flywheel as their experienced Director of Information Security & Principal Cloud Security Architect to lead the company's security strategy and execution. This dual role demands deep expertise in cloud security (AWS and Azure) to protect cloud-based infrastructure and applications. You will manage all aspects of security strategy and operations for a SaaS platform, define and execute a comprehensive security strategy, and ensure adherence to SOC2 and HITRUST certifications. The position requires strong leadership skills to manage and mentor the security team. Flywheel offers a comprehensive benefits package and encourages a balanced work-life integration. This role requires a blend of technical expertise and leadership capabilities within a fast-paced environment.

Requirements

• Have a Bachelor’s degree in Computer Science, Information Security, or a related field
• Have a minimum of 8 years in software engineering with focus on information security
• Have at least 3 years in a leadership role within a SaaS or healthcare technology environment
• Possess in-depth hands-on knowledge of security frameworks, Kubernetes, encryption standards, SIEM platforms, DevSecOps tools, and cloud security automation
• Have a deep understanding of defense-in-depth strategies, zero-trust models, identity and access management (IAM), threat modeling, key management techniques, vulnerability assessment techniques, and secure coding practices
• Possess excellent knowledge of WAF, intrusion detection/prevention systems (IDS/IPS), network segmentation, VPNs and network access control (NAC)
• Have expert level practical knowledge of AWS and Azure Cloud Platforms, especially Managed Kubernetes, Cloud Storage, VPC, KMS, VM Services
• Possess expertise in security regulations and frameworks (e.g., NIST, ISO 27001, SOC2, HITRUST, HIPAA, GDPR) to design systems and processes that protect data and demonstrate adherence to industry standards
• Have a proven ability to lead and develop high-performing security teams
• Possess excellent verbal and written communication skills, with the ability to convey complex security concepts to both internal and external audiences
• Have exceptional analytical skills and the ability to make decisions under pressure and resolve ambiguity

Responsibilities

• Manage all aspects of Security Strategy and Operations for a SaaS platform in medical imaging space
• Define, communicate and execute a comprehensive security strategy aligned with Flywheel’s business objectives, industry standards, and regulatory requirements
• Stay up to date with the latest cloud security trends, tools, and services applying them to our cloud security strategy
• Develop and recommend design patterns, tools and security best practices for Product Architecture, Development and Testing, with a goal of building securely by shifting left
• Establish and enforce security policies, standards, and procedures to protect customer and internal assets and data
• Architect and implement security controls for cloud environment leveraging best practices for securing Kubernetes, AWS and Azure infrastructure, services and applications
• Develop threat models, conduct regular risk assessments, vulnerability analyses, and penetration testing to identify and mitigate potential threats
• Implement proactive security controls and remediation plans
• Ensure ongoing adherence to SOC2 and HITRUST certifications and stay abreast of evolving regulatory landscapes affecting the medical imaging industry
• Develop and execute incident response plans, lead real-time threat mitigation and forensic investigations
• Manage and mentor the security team, fostering professional growth and ensuring the team’s effectiveness
• Design, implement, and manage secure architectures for Flywheel’s product infrastructure and applications across AWS and Azure environments, and internal corporate systems
• Work directly with Software Architects and Engineers to ensure system design meets security requirements
• Develop internal applications and scripts to continuously test, monitor, and enhance security defenses
• Represent Flywheel’s security strategy and architecture to customers and prospects, ensuring trust and transparency in security operations
• Work with Flywheel customers to ensure secure deployment and integration of Flywheel's platform into customer ecosystem and customer managed cloud environments
• Lead deep technical investigations for security incidents, applying advanced analysis, forensic research, and mitigation techniques

Preferred Qualifications

• Have an advanced degree
• Have AWS, Azure and relevant security certifications

Benefits

• Flywheel has a comprehensive benefits package
• Flywheel encourages a balanced work life and home life