Director - Information Security

Director - Information Security

Job Locations

US-NY-Rye

Job ID

2025-7757

Category

Information Technology

Minimum Rate

USD $190,000.00 / Yr.

Maximum Rate

USD $200,000.00 / Yr.

Work Location Type

Hybrid

Overview

Founded in 1964, New York Blood Center (NYBC) has served the tri-state area for more than 60 years, delivering 500,000 lifesaving blood products annually to 150+ hospitals, EMS and healthcare partners. NYBC is part of New York Blood Center Enterprises (NYBCe), which spans 17+ states and delivers one million blood products to 400+ U.S. hospitals annually. NYBCe additionally delivers cellular therapies, specialty pharmacy, and medical services to 200+ research, academic and biopharmaceutical organizations. NYBCe's Lindsley F. Kimball Research Institute is a leader in hematology and transfusion medicine research, dedicated to the study, prevention, treatment and cure of bloodborne and blood-related diseases. NYBC serves as a vital community lifeline dedicated to helping patients and advancing global public health. To learn more, visit nybc.org. Connect with us on Facebook, X, Instagram, and LinkedIn.

Responsibilities

The Director of Information Security provides leadership, direction, and oversight for enterprise information security operations with a focus on incident response, threat management, resiliency, and overall security posture improvement.

This role is responsible for directly managing the Information Security team, and for coordinating cross-functional efforts with IT Applications and IT Operations teams to ensure that enterprise systems remain secure, compliant, and resilient.

Working under the general direction of the Executive Director, Information Security and Compliance, the Director develops and executes tactical security initiatives aligned with enterprise strategies and risk management objectives. The position contributes to establishing policies, standards, and frameworks that safeguard organizational assets and data while ensuring business continuity.

This position operates within a 24 / 7 enterprise environment and follows a hybrid work schedule. The incumbent must be available to report on-site as needed in response to operational requirements, security incidents, or emergency situations that may impact critical systems or data integrity. The individual is expected to remain accessible and responsive to work-related emails, calls, or text messages as directed by their supervisor or management, including during evenings, weekends, and holidays when necessary to ensure the protection and continuity of enterprise operations.

Leads and coordinates enterprise incident response activities, including investigation, containment, eradication, recovery, and lessons learned for all security events and breaches.

• Develops and maintains incident response playbooks, tabletop exercises, and metrics to continuously improve detection and response capabilities.
• Oversees the Information Security team's daily operations, ensuring effective monitoring, alerting, and escalation for threats, vulnerabilities, and suspicious activity.
• Partners with Network and Infrastructure teams to strengthen security architecture, enhance system resiliency, and ensure secure configuration management.
• Implements and enforces security standards, controls, and procedures in alignment with organizational and regulatory requirements.
• Conducts and directs security risk assessments, vulnerability management programs, and remediation efforts.
• Develops and maintains business continuity and disaster recovery plans in collaboration with IT Infrastructure and Business Continuity teams.
• Collaborates with internal and external stakeholders to manage third-party risk assessments, ensuring vendors meet enterprise security standards.
• Supports ongoing compliance with applicable cybersecurity frameworks (e.g., NIST, HIPAA, PCI, ISO 27001) and organizational policies.
• Provides leadership in security awareness and training programs for employees, focusing on cyber hygiene, phishing prevention, and data protection.
• Reports regularly on key security metrics, incident trends, and program improvements to the Executive Director and senior IT leadership.
• Supports enterprise information security operations within a 24 / 7 environment, maintaining availability to respond to security incidents, operational needs, or emergencies. May be required to report on-site as needed to ensure system integrity, data protection, and business continuity.
• Contributes to enterprise-wide IT governance, risk, and compliance efforts.
• Recommends enhancements to security tools, systems, and processes.
• Participates in professional development and industry networking activities to maintain current knowledge of emerging threats and best practices.
• Performs other related duties as assigned.

Qualifications

Education :

Experience :

Licenses / Certification :

CISSP, CISM, CISA, GIAC (GCIH, GCIA, or GCFA), CEH, or PMP.

Knowledge :

Skills :

Abilities :

Any combination of education, training and experience equivalent to the requirements above that has supplied the necessary knowledge, skills, and experience to perform the essential functions of the job.

For applicants who will perform this position in New York City or Westchester County, the proposed annual salary is $190,000.00p / yr. to $200,000.00p / yr. For applicants who will perform this position outside of New York City or Westchester County, salary will reflect local market rates and be commensurate with the applicant's skills, job-related knowledge, and experience.