Software Engineer
Director of IT & Information Security leading Azure cloud infrastructure, system administration, and security operations. Focuses on SOC2, HIPAA, NIST compliance, risk management, and safeguarding data confidentiality, integrity, and availability for a remote, high‑impact role.
This is a remote position.
The Director Cloud Infrastructure & SecOps is responsible for leading iCareManager ’s IT infrastructure, system administration, cloud strategy, and information security operations. This role ensures the confidentiality, integrity, and availability of company systems and data while maintaining compliance with regulatory requirements. The ideal candidate will have deep expertise in Azure cloud administration, cybersecurity best practices, risk management, and regulatory compliance (SOC2, HIPAA, NIST, etc.). As a strategic leader, this role will oversee IT operations, security initiatives, risk management, compliance efforts, cloud infrastructure, industry standards, and system reliability while fostering a security-first culture throughout the organization. This role also involves team leadership, budget management, strategic planning, and driving digital transformation across IT and security operations.
Key Responsibilities
Develop and enforce security policies, ensuring compliance with SOC2, GDPR, HIPAA, NIST, and ISO 27001.
Implement security controls and risk mitigation strategies to protect against cyber threats.
Act as a trusted security advisor, effectively communicating the organization’s security strategy, risk management approach, and cloud architecture to build confidence and foster strong relationships.
Oversee and conduct security assessments, penetration testing, and vulnerability management.
Oversee incident response, forensic analysis, and remediation efforts.
Lead internal and external security and IT compliance audits.
Monitor cybersecurity threats and proactively implement defence mechanisms.
Promote a security-first culture with awareness programs, training, and phishing simulations.
Conduct ongoing risk assessments and ensure mitigation plans for security and IT operations.
Enforce access control policies and least-privilege principles.
Establish and maintain third-party risk management programs.
Represent the company in customer, partner, and regulatory meetings to address security concerns, articulate compliance with international standards and ensure alignment with their security and infrastructure requirements.
Implement automated security testing and vulnerability scanning in development workflows.
Collaborate with engineering teams to integrate security best practices into software development lifecycles.
Implement and maintain security monitoring tools for real-time threat detection.
Establish automated alerting mechanisms and incident response strategies.
Conduct root cause analysis post-incident to enhance security resilience.
Evaluate security practices of vendors and third-party partners.
Monitor and manage cybersecurity risks associated with third-party relationships.
Establish an information security governance framework,
Posted June 19, 2026