Director, Information Security
Indianapolis, IN - USA
Job Summary
If you are wondering what makes TRIMEDX different its that all of our associates share in a common purpose of serving clients patients communities and each other with equal measures of care and performance.
- Everyone is focused on serving the customer and we do that by collaborating and supporting each other
- Associates look forward to coming to work each day
- Every associate matters and makes a difference
It is truly a culture like no other We hope you will join our team! Find out more about our company and culture here.
The Director of Information Security is a senior leadership position with full programmatic authority over the organizations security posture. This role is accountable for building maturing and operating a comprehensive security program organized across five pillars: Governance Risk and Compliance; Threat and Vulnerability Management; Identity and Access Management; Application and Cloud Security; and Resilience and Incident Response.
This role owns the organizational risk register drives the compliance posture across ISO 27001 and SOC 2 and makes security decisions within established organizational risk appetite. The Director does not surface risks for others to own; they own the program and report outcomes to senior leadership. They lead a team of security professionals and serve as the primary security authority for engineering operations and executive leadership.
As AI tooling and accelerated engineering become central to the business the Director establishes the governance frameworks and practical guardrails that allow teams to innovate without compromising data integrity or regulatory standing.
Responsibilities
Accountabilities
Owns the organizational risk register as a living management tool that reflects current exposure and drives resource decisions.
Defines what security success looks like for the organization; develops and tracks KPIs that provide senior leadership a transparent actionable view of risk posture and program ROI.
Leads develops and grows the security team across five operational pillars; establishes clear ownership career paths and accountability structures.
Shifts the security function from reactive task-driven operations to a proactive process-driven culture.
Serves as the organizations primary security authority; makes risk-based decisions independently within agreed organizational risk appetite.
Serves as operational lead during and after security incidents triage resource coordination retrospective and escalation to legal counsel and senior leadership per established protocols.
Governance Risk & Compliance (Pillar 1)
Oversees execution of ISO 27001 and SOC 2 Type II compliance programs as a unified control framework. Leads audit readiness evidence collection and control testing.
Governs vendor risk management including third-party security assessments and ongoing vendor performance against security requirements.
Establishes guardrails for AI/LLM adoption referencing emerging standards such as ISO/IEC 42001.
Serves as a cross-functional risk consultant to managers and directors helping them recognize and articulate risk within their own domains.
Standardizes and streamlines the response process for customer security inquiries; develops a library of repeatable high-quality responses.
Threat & Vulnerability Management (Pillar 2)
Directs vulnerability management operations scanning prioritization remediation tracking and closure verification.
Owns the external threat intelligence program ensuring the team monitors the threat landscape relevant to the organizations industry.
Oversees penetration testing engagements including scope definition vendor selection and findings remediation.
Identity & Access Management (Pillar 3)
Sets IAM strategy and governance including role-based access design MFA enforcement privileged access management and periodic access review cadence.
Ensures the IAM function operates within a defined governance structure with clear strategic direction.
Application & Cloud Security (Pillar 4)
Defines and maintains security baselines for cloud infrastructure (Azure) DevOps pipelines and application development.
Embeds security guardrails into the development lifecycle as a natural part of engineering not a gate or afterthought.
Owns API security standards and cloud security posture management.
Partners with engineering and architecture to ensure new systems are designed with security first approach to development.
Resilience & Incident Response (Pillar 5)
Owns DR and BCP strategy annual testing and tabletop exercises. Ensures recovery objectives are clearly defined achievable and aligned with business needs.
Ensures incident response plans are tested and current before they are needed.
Decision Making / Autonomy
Operates with full programmatic authority within the organizational risk appetite makes security decisions independently rather than seeking approval on every call.
Escalates and provides recommendation to senior leadership on issues requiring executive or legal engagement.
Communications / Interactions
Briefs the VP of IT and executive leadership using BLUF (Bottom Line Up Front) communication clear context current posture and recommended action.
Represents the security program during M&A due diligence and new customer onboarding providing accurate and credible security posture assessments.
Translates technical risk into business language that non-technical stakeholders can act on without requiring translation.
Leadership
Leadership: Provide clear direction to ensure collective achievement of goals and objectives. Create an environment of respect collaboration and open communication.
Associate Development: Identify and support development needs of direct reports and team members including connecting them to resources both internally and externally to ensure a culture of continuous improvement.
Associate Engagement: Create high levels of employee engagement by understanding organizational and personal drivers that impact drivers and developing action plans that deliver increased engagement.
Performance management: Set clear goals and expectations for teams monitor and enable performance and intervene with appropriate action when performance gaps occur and provide timely honest feedback. Ensure that associates complete assigned actions by required deadlines.
All other duties as assigned.
Skills and Experience
Required Experience
Minimum of 10 years of experience in Information Security or a related field is required. At least 5 years of people management experience leading technical security teams is also required.
Demonstrated track record of building security programs from a reactive state to a proactive process-driven posture.
Multi-framework compliance experience: hands-on ownership of ISO 27001 SOC 2 and at least one additional framework (NIST HIPAA or equivalent).
Technical credibility across vulnerability management IAM platforms (Okta Entra ID) and cloud security (Azure preferred).
Experience leading or contributing to security due diligence in M&A or major customer onboarding contexts.
BLUF communicator: structures every briefing around the bottom line with supporting context available but not leading.
Preferred Experience
Experience managing a security program under a rapidly changing environment and adoption of new technology.
Experience or a strong perspective on establishing guardrails for AI/LLM adoption referencing frameworks such as ISO/IEC 42001.
Familiarity with vulnerability management IAM platforms and Azure cloud security standards.
Relevant certifications: CISSP CISM ISO 27001 Lead Implementer or Lead Auditor CCSP or Azure Security Engineer Associate.
Education and Qualifications
Bachelors degree in MIS Computer Science or related field is required or equivalent experience.
#LI-Remote
At TRIMEDX we are committed to cultivating a workplace culture where every associate feels valued supported and empowered to thrive. This culture reflects our belief that our people are our foundation their well-being is essential and shared success is built through meaningful work recognition and opportunities for growth.
We embrace peoples differences which include age race color ethnicity gender gender identity sexual orientation national origin education genetics veteran status disability religion beliefs opinions and life experiences.
Visit our website to view our Workplace Culture Commitment along with our social channels to see what our team is up to: Facebook LinkedIn Twitter.
TRIMEDX is an Equal Opportunity Employer. Drug-Free Workplace.
Because we are committed to providing a safe and productive work environment TRIMEDX is a drug-free workplace. Accordingly Associates are prohibited from engaging in the unlawful manufacture sale distribution dispensation possession or use of any controlled substance or marijuana or otherwise being under the influence thereof on all TRIMEDX and Customer property or during working/on-call hours.
Required Experience:
Director
About Company
TRIMEDX delivers clinical engineering management through the clinical engineering services, clinical asset informatics, & medical device cybersecurity.