Grayson Search Partners
Head of Information Security
Grayson Search Partners, Nashville, Tennessee, United States, 37247
Get AI-powered advice on this job and more exclusive features.
The Head of Information Security will lead the organization’s cybersecurity and IT risk management program, ensuring the confidentiality, integrity, and availability of enterprise systems, data, and services. This role is accountable for building and executing a comprehensive security strategy aligned to business goals, industry best practices, and regulatory requirements for a Healthcare Benefits Administrator business with multiple U.S. locations and offshore employees. Reporting to the CTO (or equivalent executive), this leader will oversee all aspects of IT security operations, governance, and compliance while fostering a strong culture of security awareness across the enterprise.
Key Responsibilities:
Strategic Leadership
Develop, implement, and continuously improve an enterprise-wide information security and IT risk management strategy aligned to organizational objectives.
Advise executive leadership and the Board on security posture, emerging threats, and resource investments.
Integrate security into business processes, product development, and IT operations, including DevSecOps practices.
Establish and maintain security policies, standards, and procedures in accordance with frameworks such as ISO 27001, NIST, CIS, PCI, HIPAA.
Security Operations
Lead day-to-day IT security operations, including configuration, monitoring, analysis, and troubleshooting of security systems and services.
Oversee 24x7 monitoring, incident detection, and response activities.
Serve as the primary escalation point for security events, coordinating containment, investigation, and post-incident reviews.
Implement and manage threat detection tools (e.g., SIEM, EDR/MDR), vulnerability scanning, and automated security testing.
Conduct enterprise risk assessments and develop mitigation strategies.
Ensure compliance with federal, state, and industry regulations governing PII, PHI, and other sensitive data.
Coordinate security audits, vendor risk assessments, and penetration testing.
Maintain cyber insurance coverage and incident response plans.
Governance & Program Management
Align security controls with enterprise architecture, cloud computing standards, and hybrid infrastructure security principles.
Lead cybersecurity projects from concept through implementation and post-production support.
Track and manage security budgets, ensuring cost-effective solutions.
Manage vendor relationships, contract negotiations, and service performance reviews.
Team Development & Culture
Build and lead a hybrid cybersecurity program and team
Provide technical consultation and training to IT and business teams on secure design and operational practices.
Foster a culture of security awareness through organization-wide training programs.
Required Qualifications
Bachelor’s degree in Information Security, Information Technology, or related field; Master’s degree in Business or Technology preferred.
5-7 years of progressive experience in IT infrastructure, cybersecurity operations, and risk management, including leadership roles.
Professional certifications: CISSP required; CISM preferred; ITIL and other security-related certifications a plus.
Proven experience securing hybrid environments, including AWS, Azure, and private cloud.
Strong knowledge of security tools and technologies: SIEM, DLP, MFA, EDR/MDR, MDM, vulnerability scanning, firewall management, and email/web filtering.
Demonstrated ability to translate complex technical risks into actionable business decisions.
Desired Competencies
Strategic vision with the ability to balance security, operational, and business priorities.
Excellent leadership, communication, and relationship-building skills across technical and non-technical stakeholders.
Strong problem-solving skills with the ability to act decisively in high-pressure situations.
Experience in regulated industries, preferably insurance, healthcare, or financial services.
Compliance & Regulatory Competencies
Adherence to HIPAA, PCI requirements.
Strong understanding of third-party risk management and vendor due diligence.
Implementation of controls for multi-jurisdictional data privacy and security laws.
Seniority level Director
Employment type Full-time
Job function Information Technology
#J-18808-Ljbffr
The Head of Information Security will lead the organization’s cybersecurity and IT risk management program, ensuring the confidentiality, integrity, and availability of enterprise systems, data, and services. This role is accountable for building and executing a comprehensive security strategy aligned to business goals, industry best practices, and regulatory requirements for a Healthcare Benefits Administrator business with multiple U.S. locations and offshore employees. Reporting to the CTO (or equivalent executive), this leader will oversee all aspects of IT security operations, governance, and compliance while fostering a strong culture of security awareness across the enterprise.
Key Responsibilities:
Strategic Leadership
Develop, implement, and continuously improve an enterprise-wide information security and IT risk management strategy aligned to organizational objectives.
Advise executive leadership and the Board on security posture, emerging threats, and resource investments.
Integrate security into business processes, product development, and IT operations, including DevSecOps practices.
Establish and maintain security policies, standards, and procedures in accordance with frameworks such as ISO 27001, NIST, CIS, PCI, HIPAA.
Security Operations
Lead day-to-day IT security operations, including configuration, monitoring, analysis, and troubleshooting of security systems and services.
Oversee 24x7 monitoring, incident detection, and response activities.
Serve as the primary escalation point for security events, coordinating containment, investigation, and post-incident reviews.
Implement and manage threat detection tools (e.g., SIEM, EDR/MDR), vulnerability scanning, and automated security testing.
Conduct enterprise risk assessments and develop mitigation strategies.
Ensure compliance with federal, state, and industry regulations governing PII, PHI, and other sensitive data.
Coordinate security audits, vendor risk assessments, and penetration testing.
Maintain cyber insurance coverage and incident response plans.
Governance & Program Management
Align security controls with enterprise architecture, cloud computing standards, and hybrid infrastructure security principles.
Lead cybersecurity projects from concept through implementation and post-production support.
Track and manage security budgets, ensuring cost-effective solutions.
Manage vendor relationships, contract negotiations, and service performance reviews.
Team Development & Culture
Build and lead a hybrid cybersecurity program and team
Provide technical consultation and training to IT and business teams on secure design and operational practices.
Foster a culture of security awareness through organization-wide training programs.
Required Qualifications
Bachelor’s degree in Information Security, Information Technology, or related field; Master’s degree in Business or Technology preferred.
5-7 years of progressive experience in IT infrastructure, cybersecurity operations, and risk management, including leadership roles.
Professional certifications: CISSP required; CISM preferred; ITIL and other security-related certifications a plus.
Proven experience securing hybrid environments, including AWS, Azure, and private cloud.
Strong knowledge of security tools and technologies: SIEM, DLP, MFA, EDR/MDR, MDM, vulnerability scanning, firewall management, and email/web filtering.
Demonstrated ability to translate complex technical risks into actionable business decisions.
Desired Competencies
Strategic vision with the ability to balance security, operational, and business priorities.
Excellent leadership, communication, and relationship-building skills across technical and non-technical stakeholders.
Strong problem-solving skills with the ability to act decisively in high-pressure situations.
Experience in regulated industries, preferably insurance, healthcare, or financial services.
Compliance & Regulatory Competencies
Adherence to HIPAA, PCI requirements.
Strong understanding of third-party risk management and vendor due diligence.
Implementation of controls for multi-jurisdictional data privacy and security laws.
Seniority level Director
Employment type Full-time
Job function Information Technology
#J-18808-Ljbffr