Director of Information Security and Principal Cloud Security Architect

About the Opportunity

We are seeking an experienced Director of Information Security & Principal Cloud Security Architect to lead Flywheel’s security strategy and execution. This dual-role position is responsible for driving information security leadership at the organizational level while also providing hands-on technical expertise in cloud security architecture. 

This role requires deep expertise in cloud security (AWS and Azure) to safeguard cloud-based infrastructure and applications. 

Environment

We’re highly responsive to customer needs and constantly strive to make a positive contribution to the biomedical and life sciences communities we serve. Team members are recognized and rewarded when advocating for customer success and satisfaction over other concerns. We value self-motivated, creative individuals who work well in a collaborative environment – constantly generating and sharing new ideas and solutions with the team.  

Flywheel has a comprehensive benefits package and encourages a balanced work life and home life. 

Responsibilities

• Manage all aspects of Security Strategy and Operations for a SaaS platform in medical imaging space.
• Security Strategy & Leadership: Define, communicate and execute a comprehensive security strategy aligned with Flywheel’s business objectives, industry standards, and regulatory requirements. Stay up to date with the latest cloud security trends, tools, and services applying them to our cloud security strategy. 
• Secure SDLC: develop and recommend design patterns, tools and security best practices for Product Architecture, Development and Testing, with a goal of building securely by shifting left. 
• Security Controls: Establish and enforce security policies, standards, and procedures to protect customer and internal assets and data. Architect and implement security controls for cloud environment leveraging best practices for securing Kubernetes, AWS and Azure infrastructure, services and applications. 
• Risk and Threat Management:Develop threat models, conduct regular risk assessments, vulnerability analyses, and penetration testing to identify and mitigate potential threats. Implement proactive security controls and remediation plans. 
• Compliance: Ensure ongoing adherence to SOC2 and HITRUST certifications and stay abreast of evolving regulatory landscapes affecting the medical imaging industry.
• Incident Response & Forensics: Develop and execute incident response plans, lead real-time threat mitigation and forensic investigations. 
• Team Leadership: Manage and mentor the security team, fostering professional growth and ensuring the team’s effectiveness. 
• Cloud Security Architecture: Design, implement, and manage secure architectures for Flywheel’s product infrastructure and applications across AWS and Azure environments, and internal corporate systems. Work directly with Software Architects and Engineers to ensure system design meets security requirements. 
• Automation & Security Engineering: Develop internal applications and scripts to continuously test, monitor, and enhance security defenses. 
• Customer-Facing Security Advisory: Represent Flywheel’s security strategy and architecture to customers and prospects, ensuring trust and transparency in security operations. 
• Secure Deployment into Customer Ecosystem: Work with Flywheel customers to ensure secure deployment and integration of Flywheel's platform into customer ecosystem and customer managed cloud environments. 
• Advanced Security Incident Handling: Lead deep technical investigations for security incidents, applying advanced analysis, forensic research, and mitigation techniques. 
• Comply with company policies, including security, confidentiality, and data protection requirements, to maintain a secure work environment. 

What would make you a great fit

• Bachelor’s degree in Computer Science, Information Security, or a related field; advanced degree preferred.
• Minimum of 8 years in software engineering with focus on information security, with at least 3 years in a leadership role within a SaaS or healthcare technology environment.
• In-depth hands-on knowledge of security frameworks, Kubernetes, encryption standards, SIEM platforms, DevSecOps tools, and cloud security automation. Deep understanding of defense-in-depth strategies, zero-trust models, identity and access management (IAM), threat modeling, key management techniques, vulnerability assessment techniques, and secure coding practices. Excellent knowledge of WAF, intrusion detection/prevention systems (IDS/IPS), network segmentation, VPNs and network access control (NAC).
• Expert level practical knowledge of AWS and Azure Cloud Platforms, especially Managed Kubernetes, Cloud Storage, VPC, KMS, VM Services.
• AWS, Azure and relevant security certifications are highly desirable.
• Expertise in security regulations and frameworks (e.g., NIST, ISO 27001, SOC2, HITRUST, HIPAA, GDPR) to design systems and processes that protect data and demonstrate adherence to industry standards.
• Proven ability to lead and develop high-performing security teams.
• Excellent verbal and written communication skills, with the ability to convey complex security concepts to both internal and external audiences.
• Exceptional analytical skills and the ability to make decisions under pressure and resolve ambiguity. 

Do you feel like you don't have everything that's listed above? If you have some of the skills and experience that we’re looking for and are willing to use your talent to learn the rest, we encourage you to apply!

About Us

Flywheel is the leading research data platform that's transforming the way biomedical and imaging data are managed at leading life sciences, clinical, and academic institutions globally.

Flywheel provides a comprehensive research data solution with all the tools needed for curation, imaging processing, machine learning workflows, and secure collaboration. By leveraging cloud scalability and automating research workflows, Flywheel helps organizations scale research data and analysis, improve scientific collaboration, and accelerate discoveries.

Company Values

GO STEADY WITH LEVITY

The alchemy of effective teamwork happens when we each take ownership of both the menial and the magical every day. We’re serious, but never stuffy. We keep our cool under pressure because we assume best intentions and maintain perspective. This allows for true teamwork, with a dash of irreverence.

WORK BETTER TOGETHER 

We are tenacious and united in our pursuit of solving our customers’ biggest challenges, and no challenge is too big. Diverse backgrounds across our team make us more effective as we listen, absorb, collaborate, and iterate to innovate.

FIGURE IT OUT

We’re obsessed with uncovering the why of any given. Having an open mind allows us to be quick to fail and quick to adapt. We relentlessly pursue continual improvement through learning and imagining new possibilities.

GIVE A SHIT

We’re fueled by grit, boundless energy, and a deep belief that we are doing cool shit. We don’t hesitate to stand up and speak out because we trust that through tough, honest discourse we can drive change and make a real difference for our customers and our mission.