Information Security Officer

About The Position

Requirements

• Minimum of six (6) years of experience in information technology or information security
• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related discipline
• CISSP certification required
• Experience with forensic investigation and incident response
• Demonstrated experience leading or participating in security control assessments (e.g., HITRUST CSF, SOC, ISO, HIPAA)
• Strong understanding of cloud security models, identity-centric security, and Zero Trust concepts
• Experience with infrastructure and application security testing
• Strong analytical and organizational skills with the ability to manage multiple initiatives in a dynamic environment
• Excellent verbal, written, and interpersonal communication skills, including the ability to communicate security risk effectively to executives, engineering teams, and business stakeholders

Nice To Haves

• Additional certifications (e.g., CEH, CCSP, CISM) are a plus

Responsibilities

• Own and lead the enterprise information security program, including strategy, policies, standards, and operating procedures
• Define and operationalize Zero Trust security principles, including identity-centric access controls, least privilege, continuous verification, and explicit trust boundaries
• Align security strategy with business objectives, risk tolerance, and HITRUST assurance requirements
• Translate technical risks into clear business impact for executive leadership
• Monitor emerging cyber threats, cloud security risks, and regulatory changes, implementing proactive mitigations
• Oversee security controls across cloud infrastructure, SaaS platforms, applications, and data environments
• Ensure secure design and operation of identity, access management, logging, monitoring, and encryption services
• Partner with Engineering to embed security into cloud architectures and software development lifecycles (secure-by-design)
• Oversee vulnerability management, security testing, and validation across infrastructure and applications
• Oversee security operations, including threat detection, security analytics, and continuous monitoring capabilities
• Lead incident response for security events, ensuring timely containment, eradication, and recovery
• Conduct post-incident root cause analysis and executive-level reporting
• Escalate and report significant security events to leadership and required stakeholders
• Establish and maintain disaster recovery and business continuity procedures aligned to cloud-first architectures
• Conduct breach simulations, incident response exercises, and disaster recovery testing
• Ensure organizational readiness for security incidents and operational disruptions
• Manage and continuously enhance a compliance-driven policy and control framework
• Lead or support security assurance activities, including HITRUST CSF, SOC, ISO, HIPAA, and customer-driven assessments
• Support completion of customer security questionnaires and due diligence requests
• Ensure security requirements are integrated into projects and initiatives, and that security milestones are met
• Champion organization-wide security awareness and training initiatives
• Promote a culture of shared responsibility for protecting HITRUST information assets
• Support ongoing education and development related to cybersecurity and privacy best practices

Benefits

• HITRUST is an equal opportunity employer that is committed to diversity and inclusion in the workplace.