Job Description

Job Description: Information Security Officer (ISO)

About Us

Blooming Health ( is on a mission to transform social care for older adults and underserved populations. We partner with community organizations, government agencies, and healthcare stakeholders to build a digital tissue in the community for automating access to social care and advancing health equity. As we scale, we're looking for an ambitious and resourceful Implementation and Project Manager to drive complex implementation projects in State and Local Governments, and Healthcare segments.

Overview

• We are seeking an experienced Information Security Officer (ISO) to oversee IT, security, and compliance for our organization. The ISO will be responsible for developing and implementing a comprehensive security strategy, managing a team of IT & Cyber Security & GRC personnel, and collaborating with business and engineering teams to ensure all security, regulatory, and compliance requirements are met.
  Must have experience helping a startup/smaller company achieve compliance

Key Responsibilities

1. Security Strategy & Program Management

• Develop, implement, and maintain an organization-wide information-security roadmap that supports business goals and budgets.

• Drive all activities needed to achieve and sustain HITRUST R2 certification; map controls to SOC 2, NIST 800-53, ISO 27001, GDPR, and HIPAA.

• Establish a continuous-improvement cycle for security policies, procedures, and standards; track emerging threats and regulatory changes.

2. IT Administration & Infrastructure Ownership

• Device-Life-Cycle Management: own procurement, imaging, MDM enrollment, patching, asset tracking, and secure decommissioning for laptops, servers, and mobile devices.

• Endpoint & SaaS Deployment: select and roll out collaboration, identity, and productivity tooling (Okta, Google Workspace, O-365, JAMF, Intune, etc.).

• Network & Cloud Operations: oversee firewalls, VPNs, Wi-Fi, VPC design, and backups; ensure high availability, capacity planning, and performance monitoring.

• Build-vs-Buy / MSSP Decision-Making: evaluate when to partner with a managed security service provider vs. operating controls in-house; own vendor due-diligence, contracts, and ongoing KPI reviews.

• Help-Desk & ITSM Governance: set SLAs for ticket triage, change management, and problem management; publish metrics and drive service-quality improvements.

3. Team Leadership & Management

• Hire, coach, and retain a blended team of IT administrators, security engineers, and GRC analysts.

• Set OKRs, run weekly stand-ups, and coordinate on-call rotations for both IT and security operations.

4. Monitoring, Detection & Incident Response

• Operate and tune SIEM/EDR, vulnerability scanners, and cloud-security posture-management tools; ensure 24×7 monitoring coverage.

• Lead incident response—from triage through root-cause analysis and post-mortem—coordinating with engineering, legal, and communications teams.

5. Risk Management & Compliance

• Perform periodic enterprise risk assessments; maintain a living risk register with owners, treatment plans, and residual-risk metrics.

• Ensure timely completion of audits (HITRUST, SOC 2, HIPAA, PCI, etc.) and track remediation through closure.

• Maintain evidence repositories, policy repositories, and contract inventories to streamline internal and external audits.

6. Collaboration & Executive Reporting

• Embed security and privacy requirements into product roadmaps, CI/CD pipelines, and vendor onboarding workflows.

• Present quarterly security scorecards, incident trends, and IT service KPIs to the executive team and, when required, the board of directors.

• Serve as primary liaison with cloud providers, MSSPs, and regulatory bodies; negotiate security addenda and SLAs.

Qualifications

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field (Master's degree preferred).
• A minimum of 7–10 years of experience in information security, with at least 3 years in a managerial or leadership role.
• Strong understanding of security frameworks and standards such as NIST, ISO 27001, GDPR, and HIPAA.
• Proven experience in managing and mentoring technical teams.
• Excellent communication, collaboration, and analytical skills.
• Relevant certifications (e.g., CISSP, CISM, CISA) are highly desirable.

Skills

• Expert in IT systems management and tools (ITSM, IdPs, MDMs etc.)
• Expert in cybersecurity management (SIEM, EDR/VDR, Endpoint management)
• Strategic planning and risk management
• Incident response and forensic analysis
• IT infrastructure and network security expertise
• Strong leadership and team management
• Excellent written and verbal communication

Job Tags

Similar Jobs