The Company
Stellus Rx is a technology-enabled pharmacy care management company, focused on improving quality and reducing total cost of care through clinical pharmacist-led medication adherence and pharmaceutical intervention solutions.
Through a combination of integrated pharmacy services, clinical expertise, and advanced data analytics, Stellus Rx enables more coordinated, transparent, and outcomes-driven care.
Its platform-centric approach connects prescribing, benefits investigation, dispensing, and ongoing patient support into a unified model, reducing friction for both clinicians and patients.
By aligning stakeholders across the care continuum, Stellus Rx helps optimize financial performance, enhance patient outcomes, and ensure more efficient delivery of specialty medications in an increasingly complex healthcare landscape.
Stellus Rx is backed by WindRose Health Investors, a leading healthcare-focused private equity firm with approximately $7 billion in assets under management. This partnership positions Stellus Rx as a high-growth platform at the intersection of healthcare services, data, and outcomes-driven care, with a clear mandate to build a scaled, national leader in medication management. Learn more about the investment here.
For more information on Stellus Rx visit: ↗
The Opportunity
We are seeking a seasoned, business-minded Vice President of Information Security to own the enterprise security agenda as a core driver of company value.
This executive will define and execute the security vision and strategy in direct alignment with corporate objectives, ensuring that information assets and technology investments appropriately balance risk, cost, and growth. The Vice President will take a forward leaning position of enabling AI-driven security solutions are identified, assessed for effectiveness and efficiency, and deployed to reduce risk, save precious cyber security budget, and position Stellus as a market leader in trusted business operations and resiliency.
The VP InfoSec will be accountable for quantifying cyber and compliance risks, advising the CEO and Board on cyber risk appetite, and directing initiatives that protect our sensitive data while enabling innovation in AI-driven healthcare solutions. This leader will bring strong executive presence, communicate complex security issues in clear business terms, and influence cross-functional stakeholders to embed security into product, operations, and go-to-market outcomes.
Reporting To: Tom keen,
chief technology officer
Location:
Stellus RX company headquarters are in Plano, Texas, and that is the ideal location for the Vice President, Information Security.
For the right candidate, the role can be remote with travel to Texas and elsewhere as required.
accountabilities:
Executive communication and presence: Be the business leader translating complex security issues into clear business risk and ROI for boards, execs, and non-technical teams.
Security Strategy & Vision: Own and continuously mature the enterprise information security strategy. Accountable for ensuring the security program is aligned with organizational business priorities, adequately resourced, and measurably effective. Deliver regular reporting to the board and executive leadership on security posture, risk exposure, and program maturity.
Risk Management: Maintain a comprehensive, current view of the organization's cyber risk profile. Working with business leaders, accountable for identifying, quantifying, and prioritizing risks — and ensuring appropriate mitigation strategies are in place. Own the enterprise cyber risk register and provide transparent reporting on residual risk.
Regulatory Compliance & Audit: Ensure the organization meets all applicable regulatory and contractual security obligations, including HIPAA, HITRUST, SOC 2 and any state-level requirements. Accountable for audit readiness, timely remediation of findings, and maintaining certifications and attestations. (NOTE: is there a global component here or all US focused?)
Incident Response & Crisis Management: Own the organization's ability to detect, respond to, and recover from security events and incidents. Accountable for the incident response plan, tabletop exercises, and post-incident reviews. Serve as the senior decision-maker and communications lead during significant security events.
Policy & Governance: Accountable for the full lifecycle of security policies, standards, procedures, and controls — from creation through enforcement and regular review. Ensure policies are practical, measurable, enforceable, understood across the organization, and consistently applied.
AI & Emerging Technology Security: Own the security framework governing the use of AI, machine learning, and other emerging technologies. Accountable for ensuring that security and privacy are embedded into the design, deployment, and ongoing monitoring of AI-powered solutions. With the development teams, establish guardrails that enable innovation without introducing unacceptable risk.
Third-Party & Vendor Risk: Accountable for the vendor and third-party risk management program, including security assessments during procurement, contract security and privacy requirements, and ongoing monitoring of critical partners. Ensure that the organization's security posture is not compromised through its supply chain.
Security Operations: Own the performance of security operations functions including threat detection, vulnerability management, endpoint security, identity and access management, and data protection. Accountable for operational metrics, SLAs, and continuous improvement of detection and response capabilities.
Workforce & Culture: Accountable for building and retaining a capable security team, as well as driving security awareness and a culture of shared responsibility across the broader workforce. Own the security training and awareness program, including role-based training for clinicians, administrators, and technical staff.
ACCOUNTABILITIES CONTINUED:
Technology & Architecture: Partner with IT and architecture leadership to ensure security is embedded into technology decisions, system design, and infrastructure. Accountable for the security portion of the architecture roadmap and ensuring the organization's tech stack reflects current best practices and threat intelligence.
Customer Security Requests / Audits: Work with Sales and Account Management teams to respond to security requests, assessments and audit building trust with Stellus’ customers, vendors, and partners.
Budget & Resource Management: Own the information security budget and be accountable for making sound, risk-informed investment decisions. Using defendable metrics prove the value of the Security investments as they relate to program success in reduced incident/events, responsive operation of the operations to the business, and measurable improvements in corporate risk culture.
ROLE & RESPONSIBILITIES:
Strategic Leadership: Define and evangelize a business-centric security vision. Execute on the vision by developing a comprehensive information security strategy aligned with organizational business goals and the evolving healthcare threat landscape. Serve as a trusted advisor to the executive team and board on cybersecurity cyber risks, trends, and investments. Champion a security-first culture to enable successful business and clinical operations.
Operational Oversight: Direct day-to-day security operations, including threat monitoring, incident response, vulnerability management, and disaster recovery. Oversee the security operations center (SOC) and manage relationships with third-party security vendors and managed service providers. Ensure operational resilience and business continuity across all systems and clinical environments.
AI & Emerging Technology Security: Establish the security framework, policies, and technical controls for the adoption and use of AI and machine learning solutions across the organization. Partner with data science, IT, and clinical innovation teams to embed security into AI development lifecycles. Keep abreast of emerging threats targeting AI systems, including indications of compromise (ioc’s), adversarial attack vectors, model poisoning, and data integrity and privacy risks.
Policy, Compliance & Governance: Develop, coordinate, implement, and maintain enterprise-wide security policies, procedures, standards, and controls. Ensure compliance with applicable Federal and State regulations and frameworks including HIPAA, NIST, SOC 2, and HITRUST. Lead risk assessments, audits, and third-party vendor security evaluations.
Team & Stakeholder Leadership: Build, mentor, and retain a high-performing security team. Collaborate cross-functionally with IT, legal, compliance, clinical leadership, and operations. Communicate security risk and program performance clearly to both technical and non-technical stakeholders.
The Candidate
Skills & Leadership:
Proven ability to lead and influence at the executive level
Strong business acumen with ability to align security strategy to organizational objectives
Exceptional communication skills, with ability to translate technical risk into business impact
Education & Certifications:
Bachelor’s degree in Computer Science, Information Security, or related field required; Master’s preferred
Certifications such as CISSP, CISM, or CISA preferred
Experience:
12+ years of progressive experience in information security, with at least 5 years in senior leadership roles
Experience in healthcare, specialty pharmacy, payer, or regulated healthcare environments strongly preferred
Demonstrated experience building and scaling enterprise security programs in growth or PE-backed environments
Experience with security frameworks including HIPAA, HITRUST, NIST, and SOC 2
Experience implementing security governance for AI or machine learning environments strongly preferred
Experience leading incident response, risk management, and enterprise security operations
