Director of Security

by | Feb 24, 2026

Website ProviderTrust

ProviderTrust Summary

ProviderTrust was founded in 2010 with a mission to create safer healthcare for everyone through OIG and state Medicaid exclusion monitoring. Today, the organization has developed the industry’s most accurate dataset for ongoing exclusion monitoring and primary source verification, serving the nation’s top health systems, payers, and healthcare organizations. Our solutions monitor employees, vendors, provider networks, licenses, credentials, and more for OIG and state Medicaid exclusions, sanctions or disciplinary actions, license expirations, or suspensions. With a team of 100+ employees, our Nashville-based company has consistently been recognized as one of the Best Places to Work by Modern Healthcare, Inc. Magazine, and the Nashville Business Journal. To learn more, visit providertrust.com

Position Summary

The Director of Security & IT Operations is responsible for the company’s information security program and day-to-day IT operations. This role provides strategic leadership and hands-on oversight for security governance, risk identification and mitigation, and compliance with HITRUST, SOC, and internal IT services, including help desk, device management, identity and access management, and user lifecycle processes.

This leader will balance strong security controls, operational efficiency, and business enablement, ensuring ProviderTrust’s systems, data, and workforce remain secure, productive, and audit-ready.

This role is critical to protecting ProviderTrust’s reputation, customer trust, and regulatory standing. The Director of Security & IT Operations will directly influence how we safeguard millions of records, support audits, enable our workforce, and scale securely as the company grows.

Required

  • 8+ years of experience in information security, IT operations, or related fields, with at least 3 years in a leadership role.
  • Direct experience leading HITRUST and/or SOC 2 programs.
  • Strong understanding of securing PII-heavy environments (even without PHI).
  • Hands-on experience managing IT operations, including help desk, endpoint management, and IAM.
  • Experience leading audits, working with external assessors, and managing remediation efforts.
  • Strong knowledge of security frameworks and controls (HITRUST CSF, SOC, NIST, ISO concepts).
  • Excellent communication skills with the ability to explain security concepts to non-technical stakeholders.

Preferred

  • Experience in healthcare technology, data platforms, or regulated SaaS environments.
  • Familiarity with NCQA, credentialing, or provider data ecosystems.
  • Experience scaling security and IT programs in a growing organization.
  • Security certifications (e.g., CISSP, CISM, HITRUST CCSFP) are a plus.

Job Responsibilties

Security Leadership & Governance

  • Own and mature ProviderTrust’s information security program, policies, and standards aligned to HITRUST, SOC 2, and industry best practices.
  • Serve as the primary security leader responsible for protecting large-scale PII datasets across applications, infrastructure, and internal systems.
  • Conduct and oversee risk assessments, threat modeling, and control evaluations.
  • Define security strategy, roadmap, and annual objectives in partnership with Engineering and Compliance leadership.
  • Act as the escalation point for security incidents and lead incident response activities.

 

Compliance, Audit & Risk Management

  • Serve as the primary owner for HITRUST certification activities for Engineering, including control implementation, evidence collection, remediation tracking, and audit coordination.
  • Own SOC 2 readiness and ongoing compliance, including trust principles, control design, and audit support.
  • Partner with Legal, Compliance, and Privacy stakeholders to address regulatory and contractual security requirements.
  • Manage third-party risk assessments, vendor security reviews, and due diligence processes.
  • Maintain audit-ready documentation, policies, procedures, and evidence production.

 

IT Operations & End-User Services

  • Lead the internal IT function, including:
    • Help desk and end-user support
    • Device provisioning, management, and lifecycle (laptops, mobile devices)
    • User onboarding, offboarding, and access changes
    • Identity and access management (IAM), SSO, MFA, and role-based access
  • Ensure IT services are reliable, secure, and aligned with employee productivity needs.
  • Establish and monitor SLAs, KPIs, and service quality metrics for IT operations.
  • Own endpoint security, patching, configuration standards, and asset management.

 

Technical & Security Controls

  • Oversee implementation and effectiveness of security tooling (e.g., IAM, EDR, MDM, vulnerability management, logging and monitoring).
  • Partner with Engineering and Cloud teams to ensure secure system architecture and secure SDLC practices.
  • Ensure appropriate data protection controls for PII, including encryption, access controls, logging, and monitoring.
  • Support business continuity, disaster recovery, and backup strategies.

 

Leadership & Collaboration

  • Build, mentor, and manage security and IT team members.
  • Translate technical and security risks into clear business impact for leadership.
  • Partner cross-functionally with Engineering, Product, Legal, Compliance, HR, and Operations.
  • Promote a strong security-aware culture across the organization.

What It’s Like to Work Here

At ProviderTrust, we recognize that experience is built in many ways. If you have relevant skills that are not reflected in your resume or your experience doesn’t match our exact requirements, we welcome your candidacy and encourage you to share more. We champion building a team that embodies empathy, equity, respect, and inclusivity while actively supporting our community, clients, partners, and friends. We value differences of opinion and embrace unique perspectives. We desire an environment that allows all team members to bring their whole selves to work unashamedly. We carefully consider every application and will either move forward with you, find another team that might be a better fit, keep in touch for future opportunities, or thank you for your time. ProviderTrust is an equal opportunity employer.

To be great at ProviderTrust, we find our team members have these things in common:

  • Gain energy from working in a fast-paced, creative environment
  • Decision-making that employs a blend of data-driven insights and intuition
  • Ability to multitask and handle multiple projects concurrently
  • Resilience and positivity, able to address setbacks and bounce back quickly
  • Resourcefulness, discovering creative ways to get things done
  • Joy in making an immediate and positive impact
  • Diverse interests that are welcomed and extend beyond our organization

 

Things That Make Us A Great Place To Work

  • Hybrid schedule: 3 days in office
  • 16-week paid primary caregiver with a 2-week phase-back leave policy
  • 4-week paid secondary caregiver leave policy
  • Competitive base salary and incentive package with 401k matching, HSA employer contribution, and company-paid life and disability insurance
  • Medical, dental, and vision benefits: PT pays 80% of your premiums. We also offer access to a range of free mental health and well-being resources.
  • Unlimited PTO, 11 paid holidays, and a flexible work schedule
  • Internal professional growth, development, and mobility
  • Daily all-company morning huddles to sync up across the business
  • In-office experience: fully stocked kitchen, ergonomic desk setup, dog-friendly, and many celebrations!
  • Remote experience: home office set-up with technology provided, remote-friendly meetings and celebrations, and interest-specific Slack channels for connecting across teams
  • Fitness stipend, wellness program, and cell phone reimbursement
  • Modern Healthcare Best Places to Work (2021-2025)
  • The Tennessean Top Work Places (2022-2025)

To apply for this job please visit providertrust.careers.hibob.com.