This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

The Director of IT & Security will join Zócalo Health at a critical inflection point as the organization scales systems, headcount, and regulatory obligations. This role exists to establish centralized ownership and strategic direction for all IT operations, infrastructure, and end-user support, alongside security and access governance. A critical early objective is leading the organization toward HITRUST certification by December 2026.

This leader will serve as the single accountable owner for security posture, system access controls, and IT governance, reducing organizational risk and enabling safe, efficient growth.

This position reports to the Chief People & Compliance Officer, with a future-state possibility of transitioning under a future technical leader as the organization matures.

The Director of IT and Security will contribute in the following ways:

• Manage and maintain the company's technology infrastructure, including cloud services, networking, and internal application stack.
• Develop and execute the long-term IT roadmap to support Zócalo Health’s rapid growth and scalability.
• Oversee the IT operational budget, ensuring cost-effective technology investments and asset management.
• Lead the IT Helpdesk function, establishing service level agreements (SLAs) for excellent and timely end-user support and issue resolution.
• Manage the procurement, deployment, inventory, and lifecycle management of all company hardware, software, and SaaS assets.
• Ensure effective training and support for employees on all internal systems and productivity tools.
• Establish and regularly test a robust business continuity and disaster recovery plan for critical IT systems.
• Own and lead the HITRUST certification program, including control implementation, documentation, and audit readiness.
• Establish and enforce security policies, standards, and procedures.
• Own system access provisioning and de-provisioning across all platforms.
• Oversee MDM, endpoint security, and identity management.
• Lead vendor security reviews and ongoing risk assessments.
• Coordinate incident response and remediation efforts.
• Partner with Engineering, Product, Compliance, and Operations on security and IT initiatives.
• Manage outsourced IT and security vendors as appropriate.
• Build scalable IT and security governance that supports growth beyond 250 employees.

Qualifications

• 8+ years of experience in IT, security, or information security leadership.
• Strong background in managing and scaling cloud-based infrastructure.
• Proven experience leading an IT operations or end-user support team/Helpdesk function.
• Demonstrated ability to manage IT capital and operating budgets and vendor relationships for technical services.
• Direct experience leading security programs in regulated environments.
• Demonstrated experience with HITRUST, SOC 2, HIPAA, or similar frameworks.
• Strong understanding of access control, identity management, and endpoint security.
• Experience working in high-growth or startup environments.
• Ability to balance strategic leadership with hands-on execution.

Preferred Qualifications

• Prior experience in healthcare or healthtech organizations.
• Experience building security programs from early or mid-stage maturity.

Benefits

• Equity compensation package.
• Comprehensive benefits including medical, dental, and vision.
• 401k.
• Flexible PTO policy - take the time you need to recharge.
• $1,000 home office stipend.
• We provide the equipment needed for this role.
• Opportunity for rapid career progression with plenty of room for personal growth.