Senior Information Security Officer

Summary

As a senior Information Security Officer (ISO), you will be accountable for all security-related compliance and delivery for the customers assigned. In a typical engagement, you operate as a trusted advisor in the organization, working with senior management and focusing specifically on health care industry regulated security requirements and environments in relation to client business objectives. The ISO helps understand operational issues and plans next steps from an information security viewpoint.This requires the ability to interact and influence at a managerial level within client organizations such as Information Governance and IT Security leads. You will be able to demonstrate industry expertise and understanding of the security governance and compliance. Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the National Institute of Standards and Technology (NIST) 800-53 framework is what the ISO will be reviewing, maintaining, and helping to assess on each designated account or health care product within Gainwell Technologies and its partners.

Your role in our mission

• Lead Security operational governance activities for the account(s) you are assigned to.
• Compliance and operational focused.
• Dedicated or Shared (Industry).
• Multi-3rd party services and supplier management.
• Ensuring delivery excellence in security tooling and business operations (Ensuring avoidance of non-performance / non-compliance contractual penalties).
• Conduct and provide vulnerability management that aligns to account service level agreements (SLAs).
• Relationship management with Gainwell Technologies security partners and suppliers to account and client.
• Maintain an account security plan, or runbook, for the selected account(s) and Products.
• Manage and report security incidents.
• Ensure Audit preparation, facilitation and remediation.
• Manage Security Risk and Exception to standards management.
• Ensure knowledge and implementation of security fundamentals, policies and standards (regulatory and contractual).
• Escalate and resolve Security Incidents with the Security Incident Response team.
• Coordinate delivery of Security Metrics and Reporting in support of contractual commitment.

What we're looking for

• At least 8 years’ experience working in a risk management, audit, security or technical delivery role.
• Bachelor or master degree in Computer Science, Computer Studies, Information Security (or equivalent combination of education and experience).
• Knowledge of the security and auditing regulations.
• Exposure to audit and compliance programs.
• Excellent and effective communication skills.
• Must have experience reporting to senior leaders and clients security posture and project status.
• Ability to work effectively in diverse, multi-national and virtual environments.
• Self-motivated and tenacious.
• Demonstrate sound judgment and integrity.
• Ability to influence Delivery personnel in the execution of security and compliance requirements.

What you should expect in this role

• Functionally reports to the Information Security Leader as part of the office of the Chief Business Information Security Officer (OCISO) to coordinate effort, solutions, and promote Security Practices.
• Works in conjunction with the Client Delivery Executive.
• Partners and collaborates with Information Security staff and partners to leverage existing solutions and promote common standards.

The deadline to submit applications for this posting is June 16, 2025.