- Company Name
- ECP
- Job Title
- Director of Information Security
- Job Description
-
**Job Title:** Director of Information Security
**Role Summary:**
Lead the design and execution of the organization’s cybersecurity strategy, ensuring the confidentiality, integrity, and availability of all systems and customer data. Oversee SOC 2 Type II compliance, HIPAA adherence, and a comprehensive incident response program within a SaaS and healthcare technology environment. Collaborate with Engineering, DevOps, Infrastructure, Compliance, and IT to embed security into all product and platform lifecycles.
**Expactations:**
- Deliver and maintain SOC 2 Type II and HIPAA compliant evidence for annual audits.
- Protect all cloud (AWS/Azure), on‑premise, and CI/CD environments against emerging threats.
- Ensure continuous improvement of security posture through proactive vulnerability management, penetration testing, and automated controls.
- Foster a security‑aware culture through training, governance, and clear communication across technical and non‑technical stakeholders.
**Key Responsibilities:**
- Develop and execute the company’s information security strategy aligned with business objectives.
- Evolve and document SOC 2 Type II controls, coordinate audit evidence collection, and manage external audit engagements.
- Maintain HIPAA and other healthcare data protection compliance.
- Create, implement, and maintain security policies, procedures, and best‑practice standards.
- Lead incident response: detection, investigation, communication, and remediation.
- Manage vulnerability scanning, penetration testing, and remediation workflows.
- Secure cloud infrastructures, CI/CD pipelines, and server environments in partnership with DevOps and Infrastructure teams.
- Integrate secure SDLC practices into engineering processes.
- Oversee third‑party risk and vendor security assessments.
- Harden employee laptops, mobile devices, and endpoint environments; manage MDM platform.
- Coordinate internal penetration tests and recommend infrastructure hardening controls.
- Deliver security and HIPAA awareness training to employees.
**Required Skills:**
- 5+ years in information or infrastructure security roles; SaaS and healthcare tech experience required.
- Proven leadership of SOC 2 Type II audits and HIPAA compliance initiatives.
- Deep knowledge of AWS/Azure security, IAM, data protection, and secure cloud architecture.
- Hands‑on expertise in endpoint protection, laptop hardening, and MDM solutions.
- Strong analytical, troubleshooting, and problem‑solving abilities.
- Excellent cross‑functional communication and stakeholder management skills.
- Ability to thrive in a fast‑paced, collaborative environment.
**Required Education & Certifications:**
- Bachelor’s degree in Computer Science, Information Security, or related field (equivalent experience accepted).
- Preferred certifications: CISSP, CISM, CISA, Security+, HCISPP, or NIST CSF, CIS Controls, ISO 27001 knowledge.
- Experience scripting/automating security tasks (Python, PowerShell, Bash) is an advantage.