Director, Security Operations & Infrastructure

May 26, 2026

Other Jobs To Apply

No other job posts for this day.

Job Description:<div><div><div><div>Position Summary </div></div><div><div>Phreesia is looking for a Director, Security Operations & Infrastructure to serve as a senior member of the CISO’s leadership team and own the operational backbone of our security program. This role provides leadership, oversight, and hands-on guidance for two critical sub-teams: Threat Response and Security Infrastructure. </div><div>The Threat Response team is responsible for enterprise-wide security incident detection, triage, containment, response, and forensics. The Security Infrastructure team owns all security and IT tooling across the company—endpoint management, identity infrastructure, SIEM/SOAR, network security appliances, cloud security tooling, and the platforms that keep every employee and system running in a dynamic, multi-cloud (AWS, Azure, GCP) and multi-OS (Windows, macOS, Linux) environment. </div><div>This role is ideal for a deeply technical security leader who has personally responded to and led security incidents, and who can also build and manage a team of senior engineers and architects capable of running a broad tool portfolio consistently and to high customer satisfaction. The successful candidate has a technical background but is ruthlessly diligent about process, standards, execution, and being right—someone who treats operational excellence as a discipline, not an afterthought. </div><div>A key objective of this role is to drive standardization, reliability, and security maturity across infrastructure and incident operations while enabling Phreesia’s continued growth. The Director will function as a key contributor to our target-state enterprise and security architecture, ensuring that security tooling and incident response capabilities are considered early in the design of new products, platforms, and integrations. </div><div>This position will be responsible for collaborating with the GRC, IAM, Security Architecture, Product & Engineering, and Phreesia leadership teams on emerging challenges and operational priorities. The Director will stay current on evolving threats, technologies, and operational best practices and will ensure our security operations program anticipates rather than reacts to changes. </div><div>Candidates must be comfortable leading through both direct management and influence in a highly matrixed environment. You will directly manage threat response and infrastructure managers, while also driving outcomes through collaboration with engineering, product, and infrastructure teams across the company. This individual has hands-on experience building, running, and improving security operations and infrastructure programs in regulated data environments such as healthcare and payments, and is comfortable working across multiple compliance frameworks (PCI DSS, HITRUST, SOC 2, SOX ITGC, HIPAA/NIST) simultaneously. </div><div>The ideal candidate demonstrates strong analytical, interpersonal communication skills, and operational management capabilities: able to triage complex incidents under pressure, design practical tooling strategies, oversee implementation and hardening, and present clear status and risk updates to senior executives. They should be equally comfortable leading a live incident bridge, reviewing a firewall change request, and walking a customer’s security team through Phreesia’s control environment. </div></div></div></div><div> </div><div><div><div><div>Job Responsibilities </div></div><div><div>What you’ll do </div><div>Threat Response Leadership </div><div><ul><li>Own enterprise-wide security incident response—ensure the team can detect, triage, contain, eradicate, and recover from incidents across cloud, on-prem, SaaS, and endpoint environments with speed and precision. </li></ul></div><div><ul><li>Maintain and continuously improve the incident response plan, playbooks, escalation procedures, and communication templates, ensuring they are tested, current, and aligned to NIST CSF 2.0. </li></ul></div><div><ul><li>Serve as incident commander or executive sponsor for high-severity incidents; make real-time decisions on containment and remediation under pressure. </li></ul></div><div><ul><li>Drive post-incident reviews that produce actionable findings, root-cause analysis, and measurable improvements—not just documentation. </li></ul></div><div><ul><li>Coordinate threat response across US and India teams, ensuring consistent coverage, quality, and process regardless of geography. </li></ul></div><div><ul><li>Partner with Legal & Privacy throughout the incident response lifecycle—ensuring timely notification assessments, evidence preservation, regulatory reporting obligations, and litigation hold requirements are met in coordination with response activities. </li></ul></div><div><ul><li>Think ahead of the curve—continuously assess the threat landscape, identify emerging risks and attack vectors likely to impact Phreesia before they materialize, and develop contingency plans, tabletop exercises, and pre-positioned response strategies so the organization is prepared, not surprised. </li></ul></div><div>Security Infrastructure Leadership </div><div><ul><li>Own the security and IT tooling portfolio across the company: endpoint management (MDM, EDR), identity infrastructure, SIEM/SOAR, network security, vulnerability scanning, email security, cloud security posture management, and related platforms. </li></ul></div><div><ul><li>Ensure all tools are operated consistently, reliably, and to high customer satisfaction—treat every employee and system as a customer of the infrastructure team. </li></ul></div><div><ul><li>Drive standardization and process discipline across tool administration: change management, patching, configuration baselines, and lifecycle management. </li></ul></div><div><ul><li>Partner with Security Architecture to translate architectural decisions into operational reality—ensuring new tools are deployed correctly and legacy tools are retired cleanly. </li></ul></div><div><ul><li>Manage vendor relationships and contracts for security tooling; own renewal timelines, license optimization, and performance accountability. </li></ul></div><div>Operational & Strategic </div><div><ul><li>Build and maintain operational metrics and dashboards that provide the CISO and leadership with clear visibility into incident trends, MTTD/MTTR, tool health, SLA performance, and infrastructure posture. </li></ul></div><div><ul><li>Establish and enforce operational standards across both sub-teams: runbooks, on-call rotations, escalation paths, change management, and documentation requirements. </li></ul></div><div><ul><li>Collaborate closely with GRC to ensure incident response and infrastructure operations satisfy audit and compliance requirements across PCI DSS, HITRUST, SOC 2, and SOX ITGC. </li></ul></div><div><ul><li>Act as a matrixed leader, influencing teams you don’t directly manage while providing clear, actionable guidance to executives, developers, and staff. </li></ul></div><div><ul><li>Function as the CISO’s functional backup for incident response and security infrastructure matters—represent the security program in customer meetings and partner with the Legal/Privacy team on litigation-related security matters. (The Director, GRC & Data Protection serves as CISO backup for auditor and regulator engagements.) </li></ul></div><div><ul><li>Recruit, develop, and retain high-performing talent; build a culture that values precision, accountability, continuous improvement, and teamwork. </li></ul></div></div></div></div><div> What You’ll Bring</div><div><div><div><div>Education </div></div><div><div>Bachelor’s degree required; advanced degree preferred. </div></div><div><div>Certifications </div></div><div><div>One or more preferred: CISSP, CISM, GIAC (GCIH, GCIA, GCFA), CCSP, or similar. </div><div>Incident response or forensics certifications (GCIH, GCFE, GCFA, EnCE) are a strong differentiator. </div></div><div><div>Experience, Knowledge & Skills </div></div><div><div><ul><li>10+ years in information security, with 5+ years in leadership roles managing security operations, incident response, or infrastructure/engineering teams. </li></ul></div><div><ul><li>Prior role as a Director of Security Operations, Head of Incident Response, or Security Infrastructure lead for an organization of meaningful scale and complexity. </li></ul></div><div><ul><li>Hands-on incident response experience—you have personally led incident bridges, performed triage, coordinated containment, and driven remediation for significant security events. This is not a role for someone who has only managed from a distance. </li></ul></div><div><ul><li>Proven experience managing a team of senior engineers/architects responsible for running a broad portfolio of security and IT tools in a multi-cloud (AWS, Azure, GCP) and multi-OS (Windows, macOS, Linux) environment. </li></ul></div><div><ul><li>Experience in healthcare, health IT, payments, or other highly regulated data environments where PCI, HITRUST, SOX, and SOC 2 interact. </li></ul></div><div><ul><li>Significant experience in a product-driven, SaaS, or cloud-platform company, working closely with Product, Engineering, and Infrastructure organizations. </li></ul></div><div><ul><li>Ruthlessly process-oriented—demonstrated track record of building and enforcing standards, runbooks, change management, and operational discipline across distributed teams. </li></ul></div><div><ul><li>Forward-looking and proactive—demonstrated ability to anticipate emerging threats, technology shifts, and operational risks before they impact the business, and to develop contingency plans and preparedness exercises accordingly. </li></ul></div><div><ul><li>Strong technical fluency across: SIEM/SOAR platforms, EDR/XDR, network security, cloud security (AWS, Azure, GCP native controls), endpoint management (MDM, patching), identity infrastructure, and vulnerability management. </li></ul></div><div><ul><li>Exceptional written and verbal communication skills, including direct experience presenting to senior executives, boards, customers, and auditors on security posture, incident status, and operational metrics. </li></ul></div><div><ul><li>Proven effectiveness in a highly matrixed organization, influencing cross-functional stakeholders and resolving conflicting priorities. </li></ul></div><div><ul><li>Experience managing geographically distributed teams (US, Canada, India) with varying time zones and cultural contexts. </li></ul></div></div><div><div>Technology </div></div><div><div>Deep familiarity with security and infrastructure tooling, including but not limited to: </div><div><ul><li>AI/LLM Platforms (OpenAI, Anthropic, Google, LLM Gateways) </li></ul></div><div><ul><li>SIEM/SOAR (e.g., Splunk, Sentinel, Palo Alto XSIAM, Swimlane) </li></ul></div><div><ul><li>EDR/XDR (e.g., CrowdStrike, SentinelOne, Microsoft Defender) </li></ul></div><div><ul><li>Cloud security (AWS Security Hub, Azure Defender, GCP SCC, CSPM tools) </li></ul></div><div><ul><li>Network security (firewalls, IDS/IPS, DNS security, web gateways) </li></ul></div><div><ul><li>Endpoint management (Jamf, Intune, patch management solutions) </li></ul></div><div><ul><li>Identity infrastructure (Okta, Azure AD/Entra ID, PAM solutions) </li></ul></div><div><ul><li>Vulnerability management (Qualys, Tenable, Rapid7) </li></ul></div><div><ul><li>Email security and DLP platforms (Mimecast, Proofpoint, Cyera) </li></ul></div></div><div><div>Total cash compensation for U.S.-based employees ranges from $245,000–$265,000, inclusive of base salary and variable incentive, and is dependent on qualifications. In addition, Phreesia offers a highly competitive and comprehensive Total Rewards package.Other </div></div><div><div>This position requires occasional travel for team meetings, incident response coordination, customer engagements, and audit support. </div><div>Must be able to participate in an on-call rotation for critical security incidents. </div></div></div></div>Who We Are:At Phreesia, we’re looking for smart and passionate people to help drive our mission of creating a better, more engaging healthcare experience. We’re committed to helping healthcare organizations succeed in an ever-evolving landscape by transforming the way healthcare is delivered. Our SaaS platform digitizes appointment check-in and offers tools to engage patients, improve efficiency, optimize staffing, and enhance clinical care.Phreesia cares about our employees by providing a diverse and dynamic work environment. We’re a five-time winner of Modern Healthcare Magazine’s Best Places to Work in Healthcare award and we’ve been recognized on the Bloomberg Gender Equality Index. We are dedicated to continuously improving our employee experience by launching new programs and initiatives. If you thrive in a culture of recognition, value inclusivity, professional development, and growth opportunities, Phreesia could be a great fit!Top-rated Employee Benefits:<ul><li>100% Remote work + home office expense reimbursements</li><li>Competitive compensation</li><li>Flexible PTO + 8 company holidays</li><li>Monthly reimbursement for cell phone + internet + wellness</li><li>100% Paid 12-week parental leave to our U.S. employees, as well as a generous parental benefit to our employees in Canada</li><li>Variety of insurance coverage for people (and pets!)</li><li>Continuing education and professional certification reimbursement</li><li>Opportunity to join an Employee Resource Group. Learn more here: <a href="https://www.phreesia.com/dei/" target="_blank" rel="noopener noreferrer">https://www.phreesia.com/workforce/</a></li></ul>We strive to provide a diverse and inclusive environment and are an equal opportunity employer.

Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...

DISCLAIMER