Were seeking an experienced Senior Infrastructure Security Manager
to lead the design, implementation, and governance of infrastructure security across our healthcare IT landscape. This role is pivotal in ensuring the confidentiality, integrity, and availability of systems that store, process, and transmit Protected Health Information (PHI).The ideal candidate will bring deep expertise in security architecture, compliance (HIPAA, HITECH), cloud security, and healthcare IT systems.
Responsibilities
You'll collaborate with engineering, DevOps, compliance, and operations teams to build, monitor, and evolve secure infrastructure at scale. As a thought leader in infrastructure security, youll shape our defense strategies, influence architecture decisions, and drive secure delivery of services in alignment with the ever-changing regulatory landscape in Responsibilities Security Leadership :
- Define and drive the infrastructure security strategy for healthcare data processing.
- Align security architecture with operational needs while ensuring compliance with HIPAA, HITECH, and other healthcare-specific regulations.
- Participate in risk assessments, security reviews, and architecture design for new systems and Security Oversight :
- Design, implement, and maintain infrastructure security frameworks across on-premise and cloud environments (AWS, Azure)
- Oversee security of data centers, cloud environments (Azure, AWS), and hybrid infrastructure hosting systems.
- Ensure secure implementation of core infrastructure : firewalls, load balancers, VPNs, servers, databases, storage, and backup systems.
- Lead configuration and management of security tools such as SIEM, endpoint detection, encryption, and identity/access & Risk Management :
- Implement layered security controls to protect systems that store and transmit PHI
- Lead regular audits, security assessments, and gap analyses of infrastructure.
- Maintain security documentation and ensure incident response and business continuity procedures meet healthcare regulatory requirements.
- Collaborate with DevOps and engineering teams to integrate security into CI/CD pipelines and infrastructure as code
- Lead incident response planning and execution, ensuring fast resolution and clear post-incident reporting
- Ensure compliance with HIPAA, HITECH, NIST, HITRUST, ISO 27001, and SOC 2 across all infrastructure Response & Monitoring :
- Lead incident detection, response, investigation, and root cause analysis for infrastructure security events.
- Coordinate with other IT teams to minimize the impact of cyber threats.
- Maintain and optimize security monitoring systems (SIEM, IDS/IPS, log management, anomaly & Stakeholder Engagement :
- Manage and mentor a team of infrastructure and security professionals.
- Collaborate with IT, compliance, legal, and leadership to balance risk with operational efficiency.
- Engage with third-party vendors and managed services providers (MSPs) securely.
- Provide strategic reporting on risk posture, security metrics, and roadmap updates to executive Qualifications :
- Bachelors or Masters degree in Computer Science, Information Security, or related discipline.
- 15+ years of IT experience with at least 5 in infrastructure security, preferably in a healthcare setting.
- Deep understanding of PHI, PII, and healthcare data protection laws.
- Proven experience managing infrastructure security in enterprise or healthcare IT environments
- In-depth understanding of HIPAA, HITECH, HITRUST, and other compliance requirements
- Strong knowledge of network security, identity and access management (IAM), encryption, and key management
- Hands-on experience with SIEM tools, firewalls, vulnerability scanners, IDS/IPS, and cloud-native security tools
- Excellent communication and leadership skills with the ability to influence across all levels of the organization
- Experience with configuration management tools (Ansible, Chef, Salt Stack)
- Proven experience managing CI/CD, container orchestration (Docker, Kubernetes), and observability tools (Prometheus, Grafana, Datadog).
- Strong communicator with experience working across security, compliance, and engineering teams.
- Experience designing and implementing infrastructure security and governance platform adhering to compliance standards (HIPPA, SOC 2) Certifications :
- CISSP, CISM, or CISA
- HCISPP (Healthcare Information Security and Privacy Practitioner) strongly preferred
- AWS/Azure Security Certifications
- HITRUST, CEH, or GIAC Skills :
- Experience with healthcare IT systems
- Expertise in securing hybrid environments.
- Proficiency in infrastructure as code (Terraform/Ansible), micro segmentation, and Zero Trust Skills :
- Exceptional leadership and collaboration skills include stakeholders.
- Strong communication and ability to convey risk in operational terms.
- Adept at balancing security with continuity of system Qualifications :
- Bachelors degree in Information Technology, Computer Science, or related field.
- Experience with zero-trust architectures or secure data zones.
- Familiarity with US healthcare data interoperability standards (FHIR, HL7).
- Experience working with Electronic Health Record (EHR) integrations.
- Good knowledge of forensics and Log analysis, Playbooks.
(ref:hirist.tech)
