Zócalo Health is hiring a Director of IT and Security

Role Overview

As Director of IT and Security, you will lead the design, implementation, and governance of technology and security systems within a rapidly expanding primary care organization. Your work will ensure that infrastructure, access controls, and operational policies evolve in alignment with company growth, regulatory demands, and patient data protection standards.

Key Responsibilities

• Direct the architecture and maintenance of cloud platforms, internal applications, and network systems to ensure reliability and performance.
• Develop and guide execution of a multi-year IT strategy that supports organizational scale and operational resilience.
• Oversee budget planning for IT spending, balancing innovation with fiscal responsibility and efficient resource allocation.
• Lead the internal support function, defining response standards and improving user experience across all technical systems.
• Manage the full lifecycle of hardware, software, and SaaS tools—from procurement to decommissioning.
• Ensure staff are trained and supported in using internal platforms effectively and securely.
• Design, document, and regularly test disaster recovery and continuity protocols for critical systems.
• Own the end-to-end process for achieving and maintaining HITRUST certification, including control implementation and audit coordination.
• Define and enforce security policies, access governance, and identity management practices across all platforms.
• Manage endpoint protection, mobile device policies, and identity infrastructure to reduce risk exposure.
• Conduct security assessments for third-party vendors and maintain ongoing risk evaluation processes.
• Lead incident response activities, including investigation, remediation, and post-event review.
• Collaborate with Engineering, Product, Compliance, and Operations teams to align security and IT initiatives with business goals.
• Supervise external IT and security service providers, ensuring performance and accountability.
• Build governance frameworks that support long-term scalability beyond 250 employees.

Qualifications

• Minimum of 8 years in leadership roles focused on IT, cybersecurity, or information systems management.
• Proven experience scaling cloud environments in high-growth or startup settings.
• Track record managing helpdesk operations and delivering timely technical support.
• Experience overseeing IT budgets, vendor contracts, and technology procurement.
• Direct involvement in security programs within regulated industries, particularly healthcare.
• Familiarity with HITRUST, SOC 2, HIPAA, or equivalent compliance frameworks.
• Solid knowledge of identity and access management, endpoint security, and authentication systems.
• Ability to lead strategically while remaining engaged in technical execution.

Preferred Experience

• Prior work in healthcare or health technology environments.
• Experience maturing security programs from early or mid-stage foundations.

Compensation & Benefits

• Annual salary range: $165,000–$180,000
• Equity compensation included
• Medical, dental, and vision insurance
• 401(k) plan
• Flexible paid time off—take what you need to rest and recharge
• $1,000 home office stipend
• Company-provided equipment
• Clear pathways for career advancement and professional development

Work Environment

This is a fully remote position open to candidates across the U.S. There are no location-based restrictions for this role.

Company Values

Diversity and inclusion are central to our mission. We believe that innovation and trust grow from embracing different perspectives and lived experiences. Employment decisions are made without regard to race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.