Director of Technology Security & Governance

The Opportunity

The Director of Technology Security & Governance will play a critical leadership role in safeguarding the organization's technology environment while establishing a disciplined, enterprise-wide approach to technology governance. This leader will be responsible for advancing information security and privacy programs that protect patient and organizational data, while also designing and operating a structured intake, prioritization, and oversight process for technology initiatives.

Operating within a highly regulated healthcare environment, this role ensures the confidentiality, integrity, and availability of systems and data, while enabling thoughtful, transparent decision-making around technology investments. The Director will partner closely with IT, Compliance, Clinical, Revenue Cycle, Finance, Operations, and Executive leadership to embed security, privacy, and governance into both strategic planning and day-to-day operations.

This is an opportunity to balance strategic leadership with hands-on execution, building scalable frameworks that support growth, mitigate risk, and drive operational excellence across the enterprise.

This role is not remote. This position is based onsite at ConvenientMD headquarters in Portsmouth, NH.

Your Impact

• Information Security Leadership
  • Lead and manage the organization's technology security function, ensuring robust protection of systems, infrastructure, and sensitive data
  • Develop, implement, and continuously evolve comprehensive cybersecurity strategies, policies, and procedures
  • Oversee security risk management, including risk assessments, vulnerability management, remediation planning, and risk acceptance processes
  • Monitor emerging threats and lead incident response efforts, ensuring rapid, coordinated mitigation and recovery
  • Ensure appropriate safeguards are in place across clinical, financial, and operational systems, including EHRs, cloud platforms, and third-party technologies
  • Provide clear, executive-level reporting on security posture, risks, and mitigation strategies
• Privacy & Regulatory Compliance
  • Partner with Compliance and Legal to support adherence to HIPAA, HITECH, and other applicable privacy regulations
  • Contribute to the development and delivery of privacy policies, training programs, and organizational awareness initiatives
  • Support audits, regulatory inquiries, and security and privacy assessments
  • Champion a culture of security awareness and best practices across the organization
• Technology Governance & Prioritization
  • Design, implement, and manage an enterprise-wide technology governance framework, including project intake, evaluation, and prioritization
  • Establish clear criteria for assessing technology initiatives, including security, privacy, risk, regulatory impact, resource capacity, and strategic alignment
  • Partner with executive leadership to drive transparent portfolio management and prioritization decisions
  • Ensure security and privacy considerations are embedded early in project planning and solution design
• Operational Excellence & Continuous Improvement
  • Collaborate cross-functionally to deliver secure, scalable, and effective technology solutions
  • Analyze support volume and trends to identify opportunities for efficiency and reduction through technology
  • Establish and track KPIs, driving accountability, continuous improvement, and program maturity
• Strategic Partnership & Communication
  • Act as a trusted advisor to executives, clinicians, and business leaders on security, privacy, and governance matters
  • Translate complex technical and regulatory concepts into clear, actionable, business-focused insights

Who You Are

• Experience: Minimum of 4 years of experience in healthcare technology and 4 years in IT security and governance
• Healthcare technology leader: Proven track record of building and managing high-performing security and governance programs within a healthcare environment
• Cybersecurity expert: Deep understanding of cybersecurity frameworks, threat management, incident response, and regulatory requirements in healthcare
• Strategic and hands-on operator: Ability to balance long-term strategy with day-to-day execution in a complex, regulated environment
• Clear and influential communicator: Skilled at translating complex technical concepts into business-focused insights for diverse stakeholders
• Process and governance builder: Experienced in developing policies, documentation, and structured frameworks that drive consistency, accountability, and scalability
• Collaborative partner: Trusted relationship-builder who works effectively across IT, Compliance, Clinical, and executive teams