
Director, IT & Security
Posted 21 hours ago

Posted 21 hours ago
This is a fully remote position, open to applicants in Texas.
• Take charge of comprehensive IT operations, encompassing device lifecycle management, onboarding and offboarding processes, SaaS administration, identity and access management, help desk support, and office infrastructure across all locations.
• Spearhead the technical controls aspect of Tonal's HIPAA compliance initiative, executing the necessary safeguards mandated by the HIPAA Security Rule and HITECH Act.
• Oversee and implement Tonal's security program, which includes remediation from penetration testing, security policy formulation, conducting tabletop exercises, vendor security assessments, and incident response strategies.
• Manage Tonal's AI tool ecosystem, handling licensing, expenditure, API key governance, corporate AI policy, as well as data loss prevention and prompt injection safeguards.
• Administer Tonal's SaaS portfolio by managing contract renewals, optimizing licenses, and negotiating with vendors across essential platforms.
• Propel automation and enhance identity governance maturity, including Okta Identity Governance, expanding SCIM-based provisioning, establishing and enforcing RBAC frameworks, and promoting workflow automation and system integration.
• Lead and develop the IT & Security team, supervising engineers and administrators, overseeing virtual CISO engagement, managing the budget, and aligning the organizational structure to meet Tonal's needs.
• Maintain IT documentation and improve processes, ensuring runbooks are up-to-date, addressing gaps in onboarding, offboarding, and incident response, and fostering overall automation.
• Manage global physical infrastructure, including networking, Wi-Fi, audiovisual technology, and physical access, across a distributed, multi-office environment.
• Act as a trusted operator on Tonal's most sensitive issues, ranging from executive access provisioning to security incidents and legal holds.
• Regularly report to senior leadership and the C-suite, translating IT & Security roadmap priorities, progress, technical risks, and incident management into clear, actionable narratives.
• Over 10 years of experience in IT and security leadership, with comprehensive functional ownership and expertise in identity and access management, endpoint security, SaaS administration, network infrastructure, and security program management.
• Hands-on experience in implementing HIPAA compliance, going beyond mere policy documentation.
• Proven history of establishing a security program from the ground up, including policy development, penetration testing, and real incident response.
• Extensive knowledge in identity and access management, endpoint security, SaaS administration, and network infrastructure.
• Comfortable both in configuring technical systems and articulating security risks to executive leadership.
• Possess a start-up mindset, thriving in dynamic, resource-limited environments without compromising on security standards.
• Demonstrated ability to prioritize effectively with a lean team and limited budget, achieving measurable outcomes.
• Experience in managing a large SaaS portfolio, including contract renewals, vendor negotiations, and license governance.
• Strong leadership skills, with the ability to set clear expectations and foster the development of team members.
• Uphold high standards of trust, integrity, and discretion, given access to the company's most sensitive systems.
• Tonal is dedicated to addressing the diverse needs of individuals with disabilities in a timely manner, aligned with the principles of independence, dignity, integration, and equal opportunity.
Red River
Rimini Street
Nasstar
Reinsurance Group of America, Incorporated
Get handpicked remote jobs straight to your inbox weekly.