Director, Information Security

If you are wondering what makes TRIMEDX different, it's that all of our associates share in a common purpose of serving clients, patients, communities, and each other with equal measures of care and performance.

It is truly a culture like no other — We hope you will join our team!

• Everyone is focused on serving the customer and we do that by collaborating and supporting each other
• Associates look forward to coming to work each day
• Every associate matters and makes a difference

The Director of Information Security is a senior leadership position with full programmatic authority over the organization’s security posture. This role is accountable for building, maturing, and operating a comprehensive security program organized across five pillars:
Governance, Risk and Compliance;
Threat and Vulnerability Management;
Identity and Access Management;
Application and Cloud Security; and Resilience and Incident Response.

This role owns the organizational risk register, drives the compliance posture across ISO 27001 and SOC 2, and makes security decisions within established organizational risk appetite. The Director does not surface risks for others to own; they own the program and report outcomes to senior leadership. They lead a team of security professionals and serve as the primary security authority for engineering, operations, and executive leadership.

As AI tooling and accelerated engineering become central to the business, the Director establishes the governance frameworks and practical guardrails that allow teams to innovate without compromising data integrity or regulatory standing.

• Owns the organizational risk register as a living management tool that reflects current exposure and drives resource decisions.
• Defines what security success looks like for the organization; develops and tracks KPIs that provide senior leadership a transparent, actionable view of risk posture and program ROI.
• Leads, develops, and grows the security team across five operational pillars; establishes clear ownership, career paths, and accountability structures.
• Shifts the security function from reactive, task-driven operations to a proactive, process-driven culture.
• Serves as the organization’s primary security authority; makes risk-based decisions independently within agreed organizational risk appetite.
• Serves as operational lead during and after security incidents — triage, resource coordination, retrospective and escalation to legal counsel and senior leadership per established protocols.

• Oversees execution of ISO 27001 and SOC 2 Type II compliance programs as a unified control framework. Leads audit readiness, evidence collection, and control testing.
• Governs vendor risk management, including third-party security assessments and ongoing vendor performance against security requirements.
• Establishes guardrails for AI/LLM adoption, referencing emerging standards such as ISO/IEC 42001.
• Serves as a cross-functional risk consultant to managers and directors, helping them recognize and articulate risk within their own domains.
• Standardizes and streamlines the response process for customer security inquiries; develops a library of repeatable, high-quality responses.

• Directs vulnerability management operations — scanning, prioritization, remediation tracking, and closure verification.
• Owns the external threat intelligence program, ensuring the team monitors the threat landscape relevant to the organization’s industry.
• Oversees penetration testing engagements including scope definition, vendor selection, and findings remediation.

• Sets IAM strategy and governance including role-based access design, MFA enforcement, privileged access management, and periodic access review cadence.
• Ensures the IAM function operates within a defined governance structure with clear strategic direction.

• Defines and maintains security baselines for cloud infrastructure (Azure), Dev Ops pipelines, and application development.
• Embeds security guardrails into the development lifecycle as a…