Director of IT Operations & Security

Director Of It Operations & Security The director of it operations & security is accountable for reliable, scalable day-to-day it operations across qualderm's multi-state clinic footprint and for building a practical, risk-based security program that protects patients, providers, teammates, and business continuity. This leader drives operational excellence (service desk, infrastructure, identity, endpoint, network, vendor performance) while maturing security governance, controls, and incident readiness in a healthcare environment. It Operations Leadership (Multi-site Healthcare) own it service delivery across clinics and corporate teams: incident, request, problem, and change management. lead service desk performance (triage quality, first-contact resolution, aht, backlog hygiene), escalation paths, and knowledge management. ensure high availability and performance of core it platforms: identity (entra id), m365, endpoint management (intune), networking/wifi, and infrastructure services. establish and maintain operational standards: device lifecycle, patching cadence, backup/restore, remote support, site onboarding/offboarding playbooks, vendor runbooks. drive vendor governance for msps, telecom/isp, security providers, and infrastructure partnersensure kpis, accountability, and cost control. manage operational budgeting: renewals, licensing optimization, hardware standards, and cost-to-support metrics. Security Program Ownership (Practical & Scalable) lead qualderm's security operations and risk reduction roadmap aligned to hipaa and healthcare expectations. implement and maintain foundational controls: identity & access management (mfa, conditional access, privileged access) endpoint security (edr, encryption, secure configuration baselines) vulnerability management (scanning, remediation slas, reporting) email and collaboration security (phishing protection, dlp where appropriate) logging/monitoring (siem where needed), alert triage, and incident response playbooks own incident response readiness: tabletop exercises, communication plans, evidence preservation, and post-incident improvements. partner with compliance/legal on security policies, risk assessments, baas, vendor security reviews, and audit readiness. drive security awareness with measurable outcomes (phishing resilience, training completion, high-risk user targeting). Operational Governance & Continuous Improvement build a "single source of truth" operating cadence: weekly metrics, monthly risk and reliability reviews, quarterly roadmap updates. create and maintain documentation: sops, runbooks, asset standards, disaster recovery procedures, and escalation matrices. identify automation opportunities in service workflows (e.g., provisioning, access requests, device setup, ticket routing) to reduce manual work.

Created: 2026-04-07