Senior Director, Head of Information Security

Summary

Join Flatiron Health as their Head of Security, leading their information security program and protecting patient, customer, and company data. You will define and execute a security strategy, embedding security in the development lifecycle and communicating risk effectively. This role involves overseeing product and cloud security, GRC, incident response, and implementing scalable security processes. You will collaborate with various teams to align security initiatives with business priorities and ensure the secure use of confidential data. The ideal candidate has 10+ years of progressive experience in information security, including 5+ years in a senior leadership role, and a proven track record of leading security in a product-focused, data-driven technology company.

Requirements

• You're a kind, passionate and collaborative problem-solver who values the opportunity to think beyond the way things are
• In addition, you’re an experienced leader with 10+ years of progressive experience in information security, including 5+ years in a senior leadership role (e.g., CISO, Head of Security Engineering, Director of Security)
• You have experience building and mentoring high-performing, cross-functional security teams
• Proven track record of leading security at a product-focused, data-driven technology company, ideally in healthcare, life sciences, or another regulated industry
• Experience securing data products and services
• Demonstrated success in integrating security into agile development processes and influencing product and engineering roadmaps
• Deep understanding of programmatic security, including automation, infrastructure-as-code, and secure CI/CD practices
• Hands-on experience with both modern cloud-native architectures and legacy technology stacks, with a pragmatic approach to modernization and risk management
• You have excellent communication and stakeholder management skills, with the ability to translate risk into business terms and influence prioritization decisions

Responsibilities

• Define and lead Flatiron’s enterprise-wide information security strategy, ensuring alignment with business goals, regulatory requirements, and risk appetite
• Develop a strategy that is global in scope, balancing enterprise-wide consistency and local complexity
• Oversee product and cloud security engineering, GRC (governance, risk management, compliance), and incident detection and response functions
• Implement scalable “shift-left” security processes and tooling to integrate security early in the product and infrastructure development lifecycle
• Develop frameworks to translate technical security risks into business impact, enabling informed prioritization and decision-making
• Launch and maintain security risk and performance metrics dashboards to track areas of risk and progress over time
• Collaborate with product and platform leaders to ensure security initiatives are aligned with business priorities and delivery timelines
• Guide the secure development and delivery of Flatiron’s data products and services, including oversight of AI governance frameworks
• Ensure security practices support the safe, compliant, and scalable use of confidential data (including PHI/PII)
• Lead security efforts across both modern cloud-native stacks (e.g., Kubernetes, Snowflake, GitLab CI/CD) and legacy monolithic/on-premises systems, driving secure modernization
• Foster a strong security culture through education, tooling, cross-functional collaboration, and the development of a high-performing, customer-oriented security team

Preferred Qualifications

• You have a Bachelors or an advanced technical degree in such fields as security or engineering
• You have strong knowledge of regulatory frameworks such as HIPAA, GDPR, and other data privacy laws
• You have supported an international business and applied global security standards

Benefits

• Work/life autonomy via flexible work hours and flexible paid time off
• Comprehensive compensation package
• 401(k) contribution to help you reach your retirement planning goals
• Financial health resources including 1:1 financial advice
• Mental well-being tools and services
• Parental benefits and policies including family-building care and generous leave
• Path to parenthood programs supporting fertility, adoption and surrogacy
• Travel support for safe healthcare services