Back to jobs
Director of Infrastructure & Security
ColombiaPosted 1 weeks ago
Full-timehybrid
Job Description
Director of Infrastructure & Security
Department: Engineering
Employment Type: Full Time
Location: Colombia
Reporting To: Patrick Schmid
Description
Newfire Global Partners is a leading technology firm that specializes in building transformative software solutions for some of the world’s most innovative companies. With a presence across four continents, Newfire Global brings deep expertise in digital healthcare, AI-driven analytics, and enterprise technology. The firm’s track record of delivering scalable, high-impact solutions has made it a trusted partner for organizations seeking to drive meaningful change through technology.
We are passionate about the purpose-driven mission to help improve the quality of care for patients and are building a collaborative, innovative, and inclusive culture. We are a fully funded company founded by serial entrepreneurs with a stable client base.
About the Engagement
About the Engagement
Newfire is sourcing a Director of Infrastructure & Security for a US-based digital health client operating in a highly regulated environment. The client manages a mobile-first platform delivering healthcare services at scale, subject to HIPAA, SOC 2, PCI, and NIST compliance requirements. This is a senior leadership role embedded within the client's engineering organization, reporting to the Director of Engineering and serving as the Security Officer for the compliance program.
Role Overview
Role Overview
This is a hands-on leadership position for someone who can own the full infrastructure and cybersecurity program — from day-to-day operations and team management to audit readiness and strategic roadmap execution. The ideal candidate has grown from a DevOps or cloud infrastructure background into security and compliance leadership, and is comfortable translating technical risk into business-aligned decisions for non-technical stakeholders.
Your day-to-day activities:
Infrastructure & Cybersecurity Leadership
- Own the design, roadmap, and execution of the client's infrastructure and cybersecurity programs, aligned to HIPAA, NIST, SOC 2, PCI, and internal InfoSec standards
- Oversee secure-by-default architectural design across all platforms
- Manage infrastructure budget, team resourcing, and resource allocation
- Serve as a strategic partner to product, legal, and engineering leadership
Team Development & Operational Management
- Lead, mentor, and manage the Infrastructure and Security team with sprint-based delivery practices and measurable throughput
- Drive a shift from reactive to proactive operations by building organizational visibility into workload, capacity, and priorities
- Own the InfraSec support request intake and triage process
- Establish cross-functional prioritization cadence with Engineering, Product, Data, and Leadership
Technical Leadership
- Act as a hands-on technical leader contributing directly to security and infrastructure design, review, and implementation
- Serve as senior escalation point for complex deployments, secure architecture, and incident resolution
- Champion engineering self-service for routine InfraSec operations with appropriate guardrails
- As a Senior team member, you will be expected to actively participate in our hiring processes by serving on interview panels for future roles across the company.
Security Program Oversight
- Maintain cybersecurity policies and documentation aligned with applicable standards
- Own audit readiness for HIPAA, SOC 2 Type 2, PCI SAQ-D, and internal InfoSec assurance engagements
- Lead Vanta implementation and ongoing compliance automation
- Lead third-party and vendor risk assessments; maintain the vendor security catalog
Risk Management & Threat Response
- Conduct ongoing vulnerability assessments, threat detection, and mitigation
- Own and maintain incident response and disaster recovery plans
- Drive continuous risk-management education across the organization
Access & Endpoint Security
- Manage identity and access governance across employees, contractors, and systems
- Maintain endpoint protection coverage (CrowdStrike, Tenable) aligned to applicable control frameworks
Please note that employment will be contingent upon providing documentation verifying your legal work authorization in the country of residence, in accordance with applicable law.
Required Skills & Qualifications
- 7+ years of experience in infrastructure and cybersecurity, with at least 3 years in a people management or team lead capacity in a regulated environment
- Deep expertise in HIPAA, NIST, and SOC 2 compliance
- Proven track record building operational processes: intake triage, sprint-based delivery, cycle time measurement, and cross-functional prioritization
- Strong technical fluency across cloud infrastructure (AWS preferred), endpoint security, access management, and compliance tooling (Vanta, CrowdStrike, Tenable)
- Excellent communication skills — able to translate security posture and risk for non-technical stakeholders and executive leadership
- Experience managing vendor risk assessment programs and third-party security reviews
- US East Coast timezone overlap required
- Professional certifications preferred: CISSP, CISM, or GIAC GCED
Key Performance Indicators
- SOC 2 Type 2: zero critical Trust Services Criteria exceptions
- PCI SAQ-D: 100% annual submission with no major gaps
- Incident response: 90% of incidents triaged within SLA (high severity within 1 hour)
- Infrastructure uptime: 99.9% monthly across mission-critical systems
- Sprint delivery: 90% of committed items delivered on time
- Change failure rate: less than 5% of changes resulting in an incident or unplanned rollback.