Director of Security

Job Title:  Director of Security

Department:  Information Security
Reporting to:  CISO

Location: Baltimore, MD (Not Remote – In-Office at least 2 days per week)

Hours of work: Typical hours of work are from 8:30 AM until 5:00 PM local time Monday through Friday. Flexibility of Working Hours dependent on location. Additional hours may be necessary as needed. This position is exempt from overtime.

Compensation: $125,000 annually.

Who we are:
InVita develops specialized medical software for regulated industries that support the advancement of public health and safety. We are the acknowledged leader in the markets we serve. Our subject matter expertise is unmatched in the industry and our products are used by public health and medical professionals across the globe. We have employees spanning across the US and two main offices (Baltimore & Los Angeles).

Overview:
As InVita's Director of Security you will help define and lead the company’s security strategy. Your role will focus on protecting sensitive data, ensuring regulatory compliance, and managing the security posture of InVita’s internal systems, offices, and employees. You will also oversee the integration and management of Arctic Wolf to strengthen security operations and monitoring.  You will enable InVita to not only maintain but exceed compliance with HIPAA, SOC 2, GDPR, FedRAMP, and other relevant frameworks, safeguarding customer trust and delivering a world-class, secure experience.

Essential Functions:
 

• Secure InVita’s internal systems, offices, and employees from all threats. Oversee the maintenance and operation of HIPAA, SOC 2, GDPR, FedRAMP, and other compliance frameworks.
• Anticipate and address evolving security risks by integrating robust security practices into InVita’s business and engineering processes
• Demonstrate InVita’s commitment to data protection by delivering transparent and effective security measures that inspire confidence.
• Partner closely with InVita’s leadership team to intertwine security with InVita’s overarching strategy and work.
• Facilitate InVita’s culture of security with training, education, and careful process design for how Security enables InVita and our customers.
• Help define a cyber security strategy and capability roadmap that keeps ahead of cyber threats while meeting InVita's growth objectives.
• Build and implement security measures specifically focused on safeguarding client information, ensuring it remains confidential, secure, and available.
• Help develop and oversee a strategic enterprise risk management program.
• Help create a cyber risk strategy and prioritize mitigation strategies to minimize vulnerabilities.
• Establish and track key metrics to evaluate enterprise-wide security effectiveness.
• Lead response efforts for suspected or confirmed incidents, conducting thorough investigations and communicating with leadership as necessary.
• Collaborate with sales and customer success teams to address client inquiries and concerns about security practices.
• Lead external audit programs (HIPAA, SOC 2, GDPR) and manage internal technical audits to ensure regulatory compliance.
• Oversee third-party risk assessments to ensure alignment with InVita’s security standards.
• Develop and maintain comprehensive business continuity and disaster recovery plans to protect operations and client data in critical scenarios.
• Work across departments to embed security principles into all facets of the organization.

• 5+ years of business experience in a combination of IT security, risk management, or Information Security
• Demonstrated executive level business and technical acumen
• Ability to develop and clearly articulate a compelling security strategy to key management stakeholders
• Pragmatic mindset, ability to handle difficult problems with partial data and under high pressure
• Strong knowledge of current and emerging cyber security risks and innovative risk management methods and solutions
• Strong understanding of security concepts and technologies
• Experience with compliance and audit strategies for cloud environments (IaaS, SaaS, etc.)
• Subject matter expertise in developing and executing company-wide program, policies, procedure, and controls
• Expertise in domains such as application development, application security, security operations, cybersecurity monitoring, vulnerability management, incident management/response, identity and access management, and cloud infrastructure (AWS/GCP/Azure)
• Excellent verbal and written skills and be comfortable presenting ideas and issues to different levels within and outside of the organization
• Subject matter expertise in developing and executing company-wide program, policies, procedure, and controls
• Relevant certifications such as CISSP, CISA, CISM or CRISC

• While performing the duties of this position, prolonged periods of sitting at a desk and working on a computer may be required. 
• Additionally, the employee is regularly required to talk or hear.
• The employee frequently is required to use hands or fingers, handle, or feel objects, tools, or controls.
• The employee is occasionally required to stand, walk, sit; reach with hands and arms; climb or balance; and stoop, kneel, crouch, or crawl.
• The employee must occasionally lift and/or move up to 15 pounds.
• Specific vision abilities required by this position include close vision, distance vision, color vision, peripheral vision, and the ability to adjust focus.
• The noise level in the work environment is usually moderate.

This job description in no way states or implies that these are the only duties to be performed by the employee(s) incumbent in this position. Employee(s) will be required to follow any other job-related instructions and perform any other job-related duties requested by any person authorized to give instructions or assignments.

This document does not create an employment contract, implied or otherwise, other than an "at-will" relationship. 

InVita provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.