Ensure all tools are operated consistently, reliably, and to high customer satisfaction —treat every employee and system as a customer of the infrastructure team.
Drive standardization and process discipline across tool administration: change management, patching, configuration baselines, and lifecycle management.
Manage vendor relationships and contracts for security tooling; own renewal timelines, license optimization, and performance accountability.
Operational & Strategic Build and maintain operational metrics and dashboards that provide the CISO and leadership with clear visibility into incident trends, MTTD/MTTR, tool health, SLA performance, and infrastructure posture.
Establish and enforce operational standards across both sub-teams: runbooks, on-call rotations, escalation paths, change management, and documentation requirements.
Collaborate closely with GRC to ensure incident response and infrastructure operations satisfy audit and compliance
Requirements
The Security Infrastructure team owns all security and IT tooling across the company—endpoint management, identity infrastructure, SIEM/SOAR, network security appliances, cloud security tooling, and the platforms that keep every employee and system running in a dynamic, multi-cloud (AWS, Azure, GCP) and multi-OS (Windows, macOS, Linux) environment.
experience building, running, and improving security operations and infrastructure programs in regulated data environments such as healthcare and payments, and is comfortable working across multiple compliance frameworks (PCI DSS, HITRUST, SOC 2, SOX ITGC, HIPAA/NIST) simultaneously.
experience managing a team of senior engineers/architects responsible for running a broad portfolio of security and IT tools in a multi-cloud (AWS, Azure, GCP) and multi-OS (Windows, macOS, Linux) environment.
Experience in healthcare, health IT, payments, or other highly regulated data environments where PCI, HITRUST, SOX, and SOC 2 interact. Significant
experience in a product-driven, SaaS, or cloud-platform company , working closely with Product, Engineering, and Infrastructure organizations.
Forward-looking and proactive — demonstrated ability to anticipate emerging threats, technology shifts, and operational risks before they impact the business, and to develop contingency plans and preparedness exercises accordingly.
experience presenting to senior executives, boards, customers, and auditors on security posture, incident status, and operational metrics.
Experience managing geographically distributed teams (US, Canada, India) with varying time zones and cultural contexts.
Technology Deep familiarity with security and infrastructure tooling, including but not limited to: AI/LLM Platforms (OpenAI, Anthropic, Google, LLM Gateways) SIEM/SOAR (e.g., Splunk, Sentinel, Palo Alto XSIAM, Swimlane) EDR/XDR (e.g., CrowdStrike, SentinelOne , Microsoft Defender) Cloud security (AWS Security Hub, Azure Defender, GCP SCC, CSPM tools) Network security (firewalls, IDS/IPS, DNS security, web gateways) Endpoint management ( Jamf , Intune, patch management solutions ) Identity infrastructure
Must be able to participate in an on-call rotation for critical security incidents.
experience by launching new programs and initiatives.
Benefits
In addition, Phreesia offers a highly competitive and comprehensive Total Rewards package.
Who We Are: At Phreesia, we’re looking for smart and passionate people to help drive our mission of creating a better, more engaging healthcare experience.
Benefits: 100% Remote work + home office expense reimbursements Competitive compensation Flexible PTO + 8 company holidays Monthly reimbursement for cell phone + internet + wellness 100% Paid 12-week parental leave to our U.S. employees, as well as a generous parental benefit to our employees in Canada Variety of insurance coverage for people (and pets!) Continuing education and professional certification reimbursement Opportunity to join an Employee Resource Group.
Contact
Learn more here: https://www.phreesia.com/workforce/ We strive to provide a diverse and inclusive environment and are an equal opportunity employer.
Additional details
Job Description: Position Summary Phreesia is looking for a Director, Security Operations & Infrastructure to serve as a senior member of the CISO’s leadership team and own the operational backbone of our security program.
This role provides leadership, oversight, and hands-on guidance for two critical sub-teams: Threat Response and Security Infrastructure .
The Threat Response team is responsible for enterprise-wide security incident detection, triage, containment, response , and forensics .
This role is ideal for a deeply technical security leader who has personally responded to and led security incidents, and who can also build and manage a team of senior engineers and architects capable of running a broad tool portfolio consistently and to high customer satisfaction .
The successful candidate has a technical background but is ruthlessly diligent about process, standards, execution, and being right —someone who treats operational excellence as a discipline, not an afterthought.
A key objective of this role is to drive standardization, reliability, and security maturity across infrastructure and incident operations while enabling Phreesia’s continued growth.
The Director will function as a key contributor to our target-state enterprise and security architecture , ensuring that security tooling and incident response capabilities are considered early in the design of new products, platforms, and integrations.
This position will be responsible for collaborating with the GRC, IAM, Security Architecture, Product & Engineering, and Phreesia leadership teams on emerging challenges and operational priorities.
The Director will stay current on evolving threats, technologies, and operational best practices and will ensure our security operations program anticipates rather than reacts to changes.
Candidates must be comfortable leading through both direct management and influence in a highly matrixed environment .