Information Technology Director in Oakland, California at Roots Community Health Center

Position Summary:

The Information Technology (IT) Director provides strategic and operational leadership for a multi-site IT infrastructure, security framework, and service delivery model supporting a 250+ person healthcare organization. Reporting directly to the Chief Operating Officer (COO), this position serves as a senior internal advisor and a critical organizational bridge, integrating secure IT operations with regulatory compliance to deliver a business-enabling technology framework. The IT Director leads and develops the internal IT management team, optimizes cloud and workplace environments, and oversees relationships with external security advisors, specialized compliance experts, and technical vendors. Serving as the designated HIPAA Privacy Officer, this role works in close partnership with the Clinical Services department to align privacy protocols smoothly with clinical workflows and patient care, while routing complex risk management, insurance, and legal escalations through executive leadership.

Duties and Responsibilities:

• Lead day-to-day multi-site IT operations for a 250-person non-profit healthcare organization, including infrastructure, end-user support, business applications, vendor coordination, and service delivery.
• Manage and develop a team of 6–8 IT staff, setting priorities, monitoring performance, and building a culture of accountability and responsive support.
• Reporting Line: Report directly to the Chief Operating Officer (COO) to align technology infrastructure with organizational strategy and operational realities.
• Serve as the senior internal IT leader and trusted advisor to the CEO, COO, and CMO, translating organizational needs into practical technology plans and operational improvements.
• Legal & Executive Escalation: Partner with the COO and executive leadership to support information security, risk management, and ongoing policy development, surfacing complex regulatory issues that require escalation to specialized legal counsel or cyber liability brokers.
• Oversee the organization's Google Workspace and Microsoft 360 environments and other cloud technologies, including administration, optimization, access management, and user enablement.
• Serve as the designated HIPAA Privacy Officer, with responsibility for privacy-related policies, workforce privacy training, privacy incident coordination, and support for patient rights processes. ?
• Clinical Privacy Integration: Operationalize the HIPAA Privacy Officer function by collaborating closely with the clinical services department to ensure privacy training, policies, and patient rights processes align with clinical operations.
• Manage relationships with external security advisors, managed service providers, and compliance vendors (including the current vCISO engagement), with the long-term goal of maturing internal capabilities and optimizing external spend.
• Maintain responsibility for infrastructure that supports the organization’s internally-developed applications, including coordination with the Data & Analytics team and contracted software developers on security, access, and infrastructure decisions.
• Establish and maintain clear areas of ownership between IT and the Data & Analytics team for internally-developed application support
• Partner with the external vCISO, legal counsel, and executive leadership to support information security, HIPAA compliance, California privacy obligations, risk management, incident response coordination, and ongoing policy development.
• Manage privacy-related vendor coordination, including support for Business Associate Agreement processes and third-party accountability in collaboration with legal and compliance stakeholders.
• Develop, maintain, and improve IT and privacy policies, procedures, standards, and documentation appropriate for a regulated healthcare environment.
• Oversee the organization’s device lifecycle management program, including provisioning, patching, mobile device management, and decommissioning.
• Develop and maintain IT disaster recovery and business continuity plans, ensuring critical systems and data can be restored within defined recovery objectives.
• Lead IT budgeting, planning, procurement, and prioritization to align technology investments with organizational strategy, mission needs, and operational realities.
• Support audits, assessments, and compliance reviews by organizing documentation, coordinating stakeholders, and tracking remediation activities.

Competencies:

• Strategic Bridging & Alignment: Ability to connect high-level risk management, compliance mandates, and operational goals with daily technical execution. Skilled at translating complex technical or security vulnerabilities into clear, actionable operational plans for the COO and non-technical stakeholders.
• ?Culture of Distributed Accountability: A collaborative manager focused on building a structured, responsive internal IT environment. Capable of coaching and mentoring staff while establishing clear ownership over systems to reduce reliance on C-suite for routine decisions.
• ?Proactive Governance Focus: A mindset driven by system design, prevention, and formalization rather than reactive firefighting. Exceptional capability in establishing and executing predictable governance structures, including annual risk assessment calendars, policy review cycles, and audit readiness.
• ?Cross-Departmental Collaboration: Highly effective at working across departments, specifically partnering with Clinical Services to ensure health information privacy protocols support, rather than hinder, high-touch community care and clinical quality workflows.
• ?Adaptable Enterprise Stewardship: Thrives in a dynamic, mid-sized, highly regulated environment. Possesses the agility to scale infrastructure, manage vendor ecosystems, and optimize cloud platforms alongside rapid organizational growth.

Experience Required

• 7–12 years of progressive IT experience, including at least 3 years in a leadership or management role, with a demonstrated readiness to scale into advanced enterprise management. ?
• Education: Bachelor’s degree in Computer Science, Information Systems, or a related technical discipline, or equivalent practical experience.
• Experience leading IT operations in a healthcare, non-profit, or other regulated environment.
• Working knowledge of information security principles and the role IT plays in maintaining a defensible, well-monitored environment.
• Working knowledge of HIPAA Privacy Rule requirements and the operational role IT plays in supporting privacy, compliance, and regulated data handling.
• Experience managing and developing a small-to-mid-sized IT team while balancing strategic planning with hands-on operational oversight.
• Strong experience with cloud-based workplace technologies, preferably Google Workspace and related SaaS platforms.
• Experience working directly with executive leadership and communicating effectively with non-technical stakeholders.
• Experience coordinating with external advisors or partners such as a vCISO, legal counsel, managed service providers, auditors, or compliance consultants.
• Experience developing or maintaining business continuity and disaster recovery plans in a multi-site or regulated setting.
• Experience developing policies, managing vendors, supporting audits or assessments, and driving operational improvements in a regulated setting.
• Experience hiring, developing organizational design with defined areas of responsibility, and building out a team.

Preferred Experience

• Experience serving as, supporting, or partnering closely with a HIPAA Privacy Officer function.
• Experience in a California healthcare environment, including familiarity with applicable state privacy requirements.
• Experience leading IT operations in a multi-site environment.
• Experience in a mission-driven or community-based non-profit organization.
• Familiarity with common control frameworks or operational good practices such as NIST CSF or CIS Controls.