Information Security Officer

Summary

As an Information Security Officer (ISO) at Gainwell Technologies, you will be responsible for overseeing all security-related compliance and delivery for assigned customers. This role is critical in managing the Contractor’s Information Security Office and ensuring alignment with federal, state, and organizational cybersecurity standards.

Your role in our mission

• Client Support and Communication: Serve as a primary point of contact for client regarding all aspects for account security, privacy and compliance. Communicate effectively with internal teams to address client concerns and optimize security compliance.
• Enhancement and Innovation: Coordinate the adoption of information security maturity upgrades throughout the account based on client feedback and industry standards.
• Risk Management: Collaborate with stakeholders on safeguarding PHI and PII. Partner with the account team to assess and address security threats.
• Audit and Assessment: Lead internal and external audits, including SOC 2, HITRUST, and client-specific assessments. Ensure timely and accurate responses to audit requests.
• Operational Improvement: Maintain and improve security documentation, including policies, procedures, and standards.
• Operational Oversight: Maintain and improve security documentation, including policies, procedures, and standards.
• Security Program Management: Support the development and implementation of documentation supporting Information Security including Security Management Plans, Security and Privacy Plan (SPP), IT Risk Management Plans, Security Incident Response Plans, and PHI and PII Action Memos (PPIAM)
• Security Incident Response: Assist with investigation and resolution of security incidents.
• Training and Awareness: Assist with training including any security events such as SPP and SOC 2 and other relevant training and awareness activities.

What we're looking for

• Minimum of 8 years combined experience in information security, vulnerability management, compliance, technology audit, or a related field in healthcare.
• Familiarity with NIST and CMS Cybersecurity Frameworks.
• Knowledge of security and compliance regulations including HIPAA/HITECH, ARCA-AMPE, ISO, SSAE16 / SSAE18, Safe Harbor.
• Experience with emphasis in information security and regulatory compliance management.
• Experience with healthcare environments and compliance management.
• Knowledge and experience using and implementing vulnerability management solutions.
• Able to communicate technical concepts between technical and non-technical stakeholders.
• Awareness and understanding of current security and cyber threat landscape.
• Team player, ability to work quickly and accurately under pressure.
• Skilled in planning, problem solving, analysis, and ability to communicate.
• Excellent communication skills, written and verbal, and ability to represent security in front of account leadership.
• Ability to influence and lead security-related business decisions.
• Strong organizational skills, ability to handle multiple high-pressure situations simultaneously.
• Excellent understanding of project management principles.

What you should expect in this role

• Functionally reports to the Senior Regional Manager of Information Security as part of the Delivery organization led by the Business Information Security Officer (BISO) to coordinate effort, solutions, and promote Security Practices.
• Partners and collaborates with Information Security staff and partners to leverage existing solutions and promote common standards.

This posting is intended for pipelining. We will accept applications on an ongoing basis.