Director of Information Security (SaaS and AI)

IntegriChain is the data and application backbone for market access departments of Life Sciences manufacturers. We deliver the data, the applications, and the business process infrastructure for patient access and therapy commercialization. More than 250 manufacturers rely on our ICyte Platform to orchestrate their commercial and government payer contracting, patient services, and distribution channels. ICyte is the first and only platform that unites the financial, operational, and commercial data sets required to support therapy access in the era of specialty and precision medicine. With ICyte, Life Sciences innovators can digitalize their market access operations, freeing up resources to focus on more data-driven decision support.  With ICyte, Life Sciences innovators are digitalizing labor-intensive processes – freeing up their best talent to identify and resolve coverage and availability hurdles and to manage pricing and forecasting complexity.

We are headquartered in Philadelphia, PA (USA), with offices in: Ambler, PA (USA); Pune, India; and Medellín, Colombia. For more information, visit www.integrichain.com, or follow us on Twitter @IntegriChain and LinkedIn.

Living in PA, NJ, NY is a must. Regular visits to our Philadelphia office are required

Role Overview

The Director of Information Security is responsible for leading and advancing IntegriChain’s information security program across cloud infrastructure, applications, and enterprise systems. This role combines strategic leadership with hands-on technical execution and plays a critical role in protecting data, ensuring platform trust, and meeting regulatory requirements

You will lead a team of security professionals while working closely with Technology Operations, DevOps, Engineering, IT, and legal teams to embed security into how systems are designed, built, and operated. This role is ideal for a security leader who wants to stay close to the technology, guide teams through complex security challenges, and raise the overall security maturity of the organization.

How a Day in This Role Looks

Your day often starts by checking in on the security posture of the environment, reviewing alerts, recent changes, and any emerging risks. You connect with members of the security team and technology operations to align on priorities, ongoing investigations, and upcoming work.

Throughout the day, you work directly with DevOps, SRE, cloud, and application engineering teams to remove security-related roadblocks and help teams move forward safely. This includes participating in design and architecture discussions, reviewing proposed changes, and helping teams think through security tradeoffs in real-world systems.

You spend time being hands-on, whether that means reviewing configurations, validating controls, investigating an issue, or helping implement a security improvement. At the same time, you balance this with people leadership, coaching team members, setting direction, and ensuring the team is focused on the highest-impact work.

Because teams are distributed across multiple time zones, you coordinate work through a mix of real-time collaboration and clear asynchronous communication. When security incidents or urgent issues arise, you are actively involved in guiding response, coordinating with stakeholders, and ensuring lessons learned lead to meaningful improvements.

Key Responsibilities

Security Leadership and Strategy

• Own and evolve the company’s information security strategy, roadmap, and operating model.
• Lead, mentor, and grow a high-performing information security team.
• Establish clear priorities, metrics, and accountability for security outcomes.
• Serve as a trusted security advisor to technology and business leadership.

Cloud, Infrastructure, and Application Security

• Partner closely with DevOps, SRE, and Cloud teams to design and secure cloud infrastructure and services.
• Provide hands-on guidance and implementation support for cloud security controls, identity and access management, and network security.
•    Work with engineering teams to embed secure design, threat modeling, and security best practices into application development

Operational Security

• Lead security monitoring, detection, and incident response activities.
• Participate directly in security investigations, root cause analysis, and remediation efforts.
• Ensure security tooling is effective, well-integrated, and operationally sustainable.

Operational Security

• Lead security monitoring, detection, and incident response activities.
• Participate directly in security investigations, root cause analysis, and remediation efforts.
• Ensure security tooling is effective, well-integrated, and operationally sustainable.

Risk, Compliance, and Governance

• Own security risk management processes including risk assessments and remediation tracking.
• Support customer and regulatory compliance requirements such as SOC 2, HIPAA, and related frameworks.
• Partner with legal, compliance, and customer-facing teams on audits, assessments, and security reviews.
• Develop and implement security policies, standards, and procedures aligned with business needs.

Cross-Functional Collaboration

• Work closely with the VP, Technology Operations to align security priorities with operational goals.
• Partner with DevOps and SRE leadership to ensure security is built into reliability and operational processes.
• Collaborate with Product and Engineering leaders to balance security, velocity, and customer impact.
• Communicate clearly with stakeholders on security posture, risks, and improvement initiatives.

Required

• 10 or more years of experience in information security, with experience spanning cloud, infrastructure, and application security.
• Proven experience building security programs for AI-enabled platforms (MUST)
• 3 or more years of experience leading or managing security teams.
• Strong hands-on experience securing cloud environments such as AWS, Azure, or GCP.
• Deep understanding of identity and access management, network security, vulnerability management, and incident response.
• Experience partnering with legal teams to review customer and vendor security requirements in contracts.
• Experience working closely with DevOps, SRE, and engineering teams to implement security by design and privacy by design frameworks.
• Strong communication skills with the ability to explain security risks and decisions clearly.
• Hands-on experience supporting ISO 27001, SOC 2, HIPAA, or similar compliance frameworks.
• Hands on experience leading security incident preparedness and response.
• Background building or scaling security programs in growing technology organizations.
• Agile mindset to develop creative solutions to problems as they arise.

Preferred

• Experience working with globally distributed teams.
• Experience with GRC tools, such as OneTrust, AuditBoard, or similar.

What does IntegriChain have to offer?

• Mission driven: Work with the purpose of helping to improve patients' lives! 
• Excellent and affordable medical benefits + non-medical perks including Flexible Paid Time Off and much more!
• Robust Learning & Development opportunities including over 700+ development courses free to all employees

#LI-ZG1

IntegriChain is committed to equal treatment and opportunity in all aspects of recruitment, selection, and employment without regard to race, color, religion, national origin, ethnicity, age, sex, marital status, physical or mental disability, gender identity, sexual orientation, veteran or military status, or any other category protected under the law. IntegriChain is an equal opportunity employer; committed to creating a community of inclusion, and an environment free from discrimination, harassment, and retaliation.

Our policy on visa sponsorship for US based positions: Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by IntegriChain.