IT Director

About Pacific Health Group

At Pacific Health Group, we are at the forefront of revolutionizing healthcare. You will play a vital role in this mission. We are dedicated to improving health outcomes by addressing social determinants of health and coordinating comprehensive community-based services, particularly through our programs. If you are passionate about making a difference and thrive in a dynamic, mission-driven environment, we invite you to join our team.

Overview

The Director of Information Technology & Information Security is responsible for the end-to-end ownership of all technology systems, data security, and regulatory compliance at Pacific Health Group. This role establishes, governs, and enforces the organization’s security posture, ensuring that all systems, data, and operations meet or exceed HIPAA, HITECH, and industry best practices.

This position functions as the single point of accountability for IT infrastructure, cybersecurity, data protection, PHI safeguards, and security governance. The role requires both strategic leadership and hands-on execution in a regulated healthcare environment.

Core Areas of Responsibility

1. Information Security Program Ownership

• Architect and maintain a formal, organization-wide Information Security Program.
• Define and enforce security controls across applications, infrastructure, devices, and users.
• Establish policies for data classification, encryption, access control, logging, monitoring, and retention.
• Ensure least-privilege access and zero-trust principles are implemented across systems.
• Continuously monitor evolving threat landscapes and proactively adapt controls.

2. HIPAA, PHI & Regulatory Compliance

• Serve as the internal authority for HIPAA Security Rule and Privacy Rule compliance.
• Ensure proper safeguards for the creation, storage, transmission, and disposal of PHI.
• Maintain compliance documentation, risk assessments, and audit evidence.
• Lead HIPAA risk analyses and remediation plans.
• Oversee Business Associate Agreements (BAAs) from a security and IT standpoint.
• Coordinate and support internal and external audits, assessments, and investigations.

3. IT Infrastructure & Systems Oversight

• Own the design, implementation, and maintenance of all IT systems, including:
• Cloud platforms
• Networks and connectivity
• End-user devices and endpoints
• SaaS applications and internal tools
• Ensure systems are secure, resilient, and scalable.
• Implement and maintain:
• Backup and disaster recovery plans
• Business continuity procedures
• System redundancy and failover strategies
• Approve and govern all technology deployments and architectural changes.

4. Cybersecurity Operations & Incident Response

• Establish formal incident response plans and escalation procedures.
• Lead response efforts for security incidents, attempted breaches, phishing, impersonation, or data exposure.
• Conduct root cause analysis and implement corrective actions.
• Ensure proper breach notification processes are followed when required by law.
• Maintain logs, alerts, and monitoring systems to detect suspicious activity.

5. Data Protection & Privacy

• Define and enforce controls for sensitive data, PHI, and confidential business information.
• Ensure encryption standards are applied to data at rest and in transit.
• Govern data access, sharing, and retention policies.
• Partner with legal and compliance stakeholders on privacy matters.
• Prevent unauthorized data access, leakage, or misuse.

6. Vendor, Tool & Third-Party Risk Management

• Evaluate security posture of third-party vendors and platforms.
• Approve technology vendors based on security, compliance, and risk criteria.
• Monitor ongoing vendor compliance and contractual obligations.
• Ensure third-party access is controlled, monitored, and revoked as needed.

7. Governance, Training & Enforcement

• Develop and enforce IT and security policies applicable to all staff.
• Deliver security awareness training, including phishing and impersonation prevention.
• Ensure staff understand approved communication channels and security protocols.
• Investigate and address violations of IT or security policy.
• Establish clear escalation paths and disciplinary guidance related to security breaches.

8. Strategy, Reporting & Executive Advisory

• Define a long-term IT and security roadmap aligned with business growth.
• Provide regular reporting to executive leadership on:
• Security risks
• Compliance status
• Incidents and trends
• Improvement initiatives
• Advise leadership on technology risk, investments, and trade-offs.
• Balance operational efficiency with regulatory and security requirements.

Required Qualifications

• Extensive experience in IT, cybersecurity, or information security leadership.
• Demonstrated expertise in HIPAA compliance and healthcare data protection.
• Strong understanding of cloud security, endpoint security, and identity management.
• Experience creating policies, controls, and compliance frameworks from the ground up.
• Ability to operate with high autonomy and accountability.

Preferred Qualifications

• CISSP, CISM, or equivalent security certifications.
• Prior experience in healthcare, health tech, or regulated industries.
• Experience managing audits, risk assessments, and compliance programs.
• Familiarity with NIST, ISO 27001, or similar security frameworks.

Authority & Accountability

• This role has authority to approve or deny technology tools, vendors, and system access.
• Responsible for enforcing security policy across all departments.
• Accountable for protecting company data, systems, and regulatory standing.

Compensation

• Salary Range: $78,500-82,500 (based on experience and qualifications)
  

Work Location

• In-person with frequent local travel throughout San Diego County.
• Candidates should be based in or near Rancho Bernardo, Poway, Rancho Peñasquitos, or Scripps Ranch.

Time Off & Leave

• 160 Hours of Paid Time Off (PTO)
• 12 Paid Holidays per year, including your birthday and one floating holiday after 1 year of employment
• 4 Paid Volunteer Hours per Month to support causes you care about
• Bereavement Leave, including Fur Baby Bereavement

Health & Wellness

• 90% Employer-paid Employee-Only Medical Benefits
• Flexible Spending Account (FSA)
• Short-Term & Long-Term Disability | AD&D
• Employee Assistance Program (EAP)

Financial & Professional

• 401(k) with Company Match
• Monthly Stipend
• Opportunities for professional development and internal growth

Culture & Perks

• Employee Discounts via Great Work Perks and Perks at Work
• Quarterly In-Person Events

Equal Opportunity Employer
Pacific Health Group is an Equal Opportunity Employer. We are committed to creating an inclusive and equitable workplace where all individuals are treated with dignity and respect. All qualified applicants will receive consideration for employment without regard to race, color, religion or creed, sex (including pregnancy, childbirth, breastfeeding, and related medical conditions), gender, gender identity or gender expression, sexual orientation, national origin or ancestry, citizenship status, physical or mental disability, medical condition (including cancer and genetic characteristics), age (40 and over), marital status, military or veteran status, genetic information, or status as a victim of domestic violence, assault, or stalking. We value diversity in all forms and encourage individuals from historically underrepresented communities to apply.

Job Application & Offer Disclaimer

Pacific Health Group is committed to maintaining a transparent, lawful, and secure hiring process in compliance with California labor laws and employment standards. No candidate will be offered employment without meeting the required qualifications and skillset for the position and successfully completing all steps of our recruitment process, which include:

• Submission of a completed internal application via our HRIS system
• A formal pre-screen with our recruiting team
• Completion of a skills assessment (if applicable to the position)
• Participation in a final interview with hiring leadership
• Receipt of a formal verbal offer from our authorized hiring team

Pacific Health Group is committed to fairness, equity, and transparency in our hiring practices. We use AI (Artificial Intelligence) tools to help match candidate resumes against our job descriptions, focusing on qualifications, skillsets, and location.

All resumes that meet these criteria are then reviewed by HI (Human Interaction) — our recruiting and HR team. Pacific Health Group remains true to our Equal Employment Opportunity (EEO) statement, ensuring that every candidate is given fair and consistent consideration.