Information security Jobs in Boston, MA

Position Overview

The Senior Director, Information Security serves as PartnersInHealth’ssenior‑mostcybersecurity leader, accountable for the integrity and resilience of PIH’s global security posture.This role functions as PIH’s information security officer, settingenterprise‑widecyber strategy, defining acceptable risk, and ensuring alignment with the NIST Cybersecurity Framework across all platforms and care delivery sites. In this capacity,the Senior Director, Information Securitywill own the comprehensive security and compliance landscape, serving as the subject matter expert for risk management and policy development.This rolewill drive the continuous evolution of our GRC maturity,establishingthe frameworks required toidentifycoverage gaps and ensuring that all security standards are robustly documented,maintained, and adhered to across the organization.In continuous collaboration with theSenior Director, Global ITand theSenior Director,Enterprise Systems,theSenior Director, Information Securitywill be responsible fordefining anddriving a prioritized list of security improvements across the organizationand for reporting to executive leadership on progress maintaining and improving the organization’s cybersecurity posture over time.This role demands a seamless integration of policy leadership and technical execution.As a hands-ontechnicallead,the Senior Director, Information Securitywill design the security architectures, automated workflows, and system baselines that enforce these policies technically.The Senior Director, Information Securityis the designated owner for organizational risks,responsibleforworkingdirectly with U.S.andglobal care deliveryIT teams to translate high-level compliance requirements into concrete infrastructure configurations, ensuring our security posture is defensible, documented, and resilient.Given the existential risk that cyber threats pose to global health operations, this role is entrusted with safeguarding systems that underpin patient care, supply chains, and sensitive health data in every geography where PIH operates.ResponsibilitiesTeam &Program Management (40%)

• Manage a team dedicated to leadingcybersecurityinitiatives for the organization—this will include several direct reports as well as dotted-linetechnical oversight ofIT colleagues implementing cybersecurity policies globally.
• Lead the strategic alignment of the organization to the NIST CSFby developing andmaintaininga robust policy library, ensuring operational procedures map directly to compliance standards.
• Establish a continuous compliance and audit process, creating and managing Plans of Action and Milestones (POA&M) to track and remediate security risksidentifiedthrough ongoing assessments.
• Establish,maintain,andregularlycommunicate results of an organization-wide cybersecurity scorecard, based on key performance indicators aligned with prioritized cybersecurity threat scenarios.
• Oversee the organizational Cyber Security Incident Response Plan (CSIRP),utilizingexpertisein adversarymethodsto design relevant tabletop exercises andleadglobal response coordination.
• Directglobalsecurity awareness and phishing simulation programs,utilizingdata from real-world threats to customize training and drive behavioral change across the staff.

Technical Leadership(30%)

• Act as the Incident Commander during critical security events. Direct the technical response, perform advanced root cause analysis, ensure threat containment, and author post-incident executive briefings.
• Lead the implementation and optimization of the defensive stack (EDR/XDR, SIEM, and Vulnerability Management), ensuring maximum visibility and efficacy acrosson-premiseand cloud environments.
• Responsible for integrating security throughout the Software Development Life Cycle (SDLC) by conducting architectural reviews, performing SAST/DAST testing, and partnering with engineering teams to remediate vulnerabilities.
• Conduct technical gap analyses and security assessments against industry benchmarks(NIST CSF), coordinating directly with infrastructure teams to prioritize and remediate hardened configurations.
• Lead technical initiatives for Identity and Access Management (IAM) and Privileged Access Management (PAM), designing controls to prevent credential theft and lateral movement.
• Translate audit findings and threat intelligence into actionable engineering projects, bridging the gap between high-level compliance requirements and technical implementation.
• Represent PIH in relevant cybersecurity partnerships, vendor relationships, and sector working groups, ensuring our approach reflects both best practice and the realities of global health delivery inlowresourcesettings.

InfrastructureSecurity(30%)

• Implement andmaintainconfiguration management workflows (utilizingtools like Ansible, Chef, or native cloud tools) to standardize deployments.
• Provide subject matter expertise in securing and managing hybrid infrastructure environments (VMware, Azure, AWS), ensuring secure architecture for system workloads.
• Collaborate with the infrastructure team to operationalize vulnerability data, prioritizing and automating patch management processes with defined Service Level Agreements (SLAs).
• Maintain the health and performance of underlying infrastructure supporting critical security tools (., log forwarders, SIEM collectors, jump hosts), ensuring high availability and reliable telemetry for threat protection.
• Leverage scripting languages (PowerShell, Python) toautomatethe application of security baselines across server and endpointenvironmentsto ensure continuous compliance with NIST CSF standards.

Required Experience, Education, Licenses or Certifications

• 12+years of progressive experience in Information Security, Information Systems, or Systems Engineering, including at least 4 years leading cybersecurity programs, security architecture, or security operations at the organizational or regional level.
• Experience with NIST, CIS, CMMC, ISO 27001/2, GRCframeworksand their implementation process.
• At least one advanced Information Security Certification (., CISSP, CISM, or equivalent).

Skills

• Required:In-depth knowledge of computer and network systems.Ability to describe technical information in easy-to-understand terms.Network design/implementation and tools,NIST Cybersecurity Framework, MITRE ATT&CK Framework, IDS/IPS, EDR, SIEM. Experience working in an enterprise level cybersecurity environment. Strong attention to detail and ability to work across multiple time zones.
• Preferred:Experience working with Linux environments, Python,log querying language (., KQL/SPL), Shell Scripting, Docker. Project management experience is a plus.

We recognize at PIH that all candidates may not have 100% of the above-mentioned skills. You are still encouraged to apply if you believe your skills and experience are well-placed to meet the needs of this role.Core Values and Competencies

• Demonstrates the organization’s core values of: Commitment, Humility,Integrityand Pragmatic Solidarity/Accompaniment.
• Accountability – Able to accept responsibility for one's actions, outcomes, and those of their team.
• Achieving results – Able to design and conduct work with clarity and integrity: to set realistic targets for themselves and others, ensure availability of resources,monitorprogress and performance,accomplishmeaningful outcomes, evaluate achievements, and integrate lessons learned.
• Adaptability – Able to adapt to change, to balance multiple demands, considernew approaches, and persist towards solutions in changing circumstances.
• Teamwork – Able to work well with others to achieve common goals. Exemplary interpersonal skills; ability to collaborate effectively with staff across departments and countries.

This vacancy may be used to fill similar positions.Organizational Profile Partners In Health (PIH) is a non-profit, global health organization that fights social injustice by bringing the benefits of modern medical sciencefirst and foremostto the most vulnerable communities around the world.PIH focuses on those who would not otherwise have access to quality health care.PIH partners with the world’s leading academic institutions to create rigorous evidence that shapes more sound and all-inclusive global health policies. PIH also supports local governments’ efforts to build capacity and strengthen national health systems.As of today, PIH runs programs in 11 countries (Haiti, Kazakhstan, Lesotho, Liberia, Malawi, Mexico, Navajo Nation, Peru, Rwanda, Sierra Leone, United States), where it provides direct care to millions of patients, through public facilities and community engagement.Partners In Health (PIH)iscommitted to the fundamental principle of equal opportunity and equal treatment for every prospective and current employee. It is the policy of PIH not to discriminate on the basis of race, color, national or ethnic origin, ancestry, age, religion, creed, disability, sex and gender, sexual orientation, gender identity and/or expression, military or veteran status, or any other characteristic protected under applicable federal, state or local law. PIH works in and witha number ofgovernments in and outside the ., and to the extent applicable, this statement is intended to incorporate the prohibition of any unlawful discrimination covered by applicable laws in such countries,statesand municipalities. Partners In Healthparticipatesin E-Verify and will provide the federal government with your Form I-9 information to confirm that youare authorized towork in the . If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completedthe FormI-9. Any offer of employment is contingent upon the successful completion of applicable background checks.Our Benefits Are Built for Real LifeWe know you do your best work whenyou’resupported.

• Work from anywhere in the . for most roles, with flexibility baked into how we operate
• Comprehensive health coverage (medical, dental, vision, disability, and life insurance) so you can focus on what matters
• A 401(k) with automatic employer contributions to help you invest in your future
• Flexible PTO with no cap, plus generous holidays, summer and winter breaks, and a sabbatical program
• Professional development support and home office reimbursements to help you grow and work comfortably wherever you are

(Some roles may require specific locations or on-site presence. Benefits are subject to planThe expected starting salary range for new hires in this position is between$130,000-160,000/yearand may vary depending on multiple individualized factors, including market for the position, job-related knowledge, skills, and experience. Partners In Health will ensure that persons with disabilities areprovidedreasonable accommodations for the hiring process. Ifa reasonableaccommodation is needed, please contact: or
the hiring process. If a reasonable accommodation is needed, please contact: