Director, Information Security

TRIMEDX is seeking a Director of Information Security, a senior leadership role with full programmatic authority over the organization’s security posture. The Director will build, mature, and operate a comprehensive security program organized across five pillars:
Governance, Risk and Compliance;
Threat and Vulnerability Management;
Identity and Access Management;
Application and Cloud Security; and Resilience and Incident Response.

• Owns the organizational risk register as a living management tool that reflects current exposure and drives resource decisions.
• Defines what security success looks like for the organization; develops and tracks KPIs that provide senior leadership a transparent, actionable view of risk posture and program ROI.
• Leads, develops, and grows the security team across five operational pillars; establishes clear ownership, career paths, and accountability structures.
• Shifts the security function from reactive, task-driven operations to a proactive, process-driven culture.
• Serves as the organization’s primary security authority; makes risk-based decisions independently within agreed organizational risk appetite.
• Serves as operational lead during and after security incidents – triage, resource coordination, retrospective and escalation to legal counsel and senior leadership per established protocols.

• Oversees execution of ISO 27001 and SOC 2 Type II compliance programs as a unified control framework; leads audit readiness, evidence collection, and control testing.
• Governs vendor risk management, including third‑party security assessments and ongoing vendor performance against security requirements.
• Establishes guardrails for AI/LLM adoption, referencing emerging standards such as ISO/IEC 42001.
• Serves as a cross‑functional risk consultant to managers and directors, helping them recognize and articulate risk within their own domains.
• Standardizes and streamlines response processes for customer security inquiries; develops a library of repeatable, high‑quality responses.

• Directs vulnerability management operations – scanning, prioritization, remediation tracking, and closure verification.
• Owns the external threat intelligence program, ensuring continuous monitoring of the threat landscape relevant to the organization’s industry.
• Oversees penetration testing engagements, including scope definition, vendor selection, and findings remediation.

• Sets IAM strategy and governance, including role‑based access design, MFA enforcement, privileged access management, and periodic access review cadence.
• Ensures IAM operates within a defined governance structure with clear strategic direction.

• Defines and maintains security baselines for cloud infrastructure (Azure), Dev Ops pipelines, and application development.
• Embeds security guardrails into the development lifecycle as a natural part of engineering – not a gate or afterthought.
• Owns API security standards and cloud security posture management.
• Partners with engineering and architecture to ensure new systems are designed with a security‑first approach.

• Owns DR and BCP strategy, annual testing, and tabletop exercises; ensures recovery objectives align with business needs.
• Ensures incident response plans are tested and current before they are needed.

• Operates with full programmatic authority within organizational risk appetite – makes security decisions independently.
• Escalates and provides recommendations to senior leadership on issues requiring executive or legal engagement.

• Briefs VP of IT and executive leadership using BLUF communication – clear context, current posture, and recommended action.
• Represents the security program during M&A due diligence and new customer onboarding, providing accurate and credible security posture assessments.
• Translates technical risk into business language that non‑technical stakeholders can act on without translation.

• Provides…