Information Security Officer

Be part of a team that unleashes the power of leading-edge technologies to help improve the health and well-being of those most vulnerable in our country and communities. Working at Gainwell carries its rewards. You'll have an incredible opportunity to grow your career in a company that values work flexibility, learning, and career development. You'll add to your technical credentials and certifications while enjoying a generous, flexible vacation policy and educational assistance.

We also have comprehensive leadership and technical development academies to help build your skills and capabilities.

Summary

As an Information Security Officer (ISO) at Gainwell Technologies, you will be responsible for overseeing all security-related compliance and delivery for assigned customers. This role is critical in managing the Contractor's Information Security Office and ensuring alignment with federal, state, and organizational cybersecurity standards.

Your role in our mission

• Client Support and Communication:
  Serve as a primary point of contact for client regarding all aspects for account security, privacy and compliance. Communicate effectively with internal teams to address client concerns and optimize security compliance.
• Enhancement and Innovation:
  Coordinate the adoption of information security maturity upgrades throughout the account based on client feedback and industry standards.
• Risk Management:
  
  Collaborate with stakeholders on safeguarding PHI and PII. Partner with the account team to assess and address security threats.
• Audit and Assessment:
  Lead internal and external audits, including SOC 2, HITRUST, and client-specific assessments. Ensure timely and accurate responses to audit requests.
• Operational Improvement:
  Maintain and improve security documentation, including policies, procedures, and standards.
• Operational Oversight:
  Maintain and improve security documentation, including policies, procedures, and standards.
• Security Program Management:
  Support the development and implementation of documentation supporting Information Security including Security Management Plans, Security and Privacy Plan (SPP), IT Risk Management Plans, Security Incident Response Plans, and PHI and PII Action Memos (PPIAM)
• Security Incident Response:
  Assist with investigation and resolution of security incidents.
• Training and Awareness:
  Assist with training including any security events such as SPP and SOC 2 and other relevant training and awareness activities.

What we're looking for

• Minimum of 8 years combined experience in information security, vulnerability management, compliance, technology audit, or a related field in healthcare.
• Familiarity with NIST and CMS Cybersecurity Frameworks.
• Knowledge of security and compliance regulations including HIPAA/HITECH, ARCA-AMPE, ISO, SSAE
  16 / SSAE
  18, Safe Harbor.
• Experience with emphasis in information security and regulatory compliance management.
• Experience with healthcare environments and compliance management.
• Knowledge and experience using and implementing vulnerability management solutions.
• Able to communicate technical concepts between technical and non-technical stakeholders.
• Awareness and understanding of current security and cyber threat landscape.
• Team player, ability to work quickly and accurately under pressure.
• Skilled in planning, problem solving, analysis, and ability to communicate.
• Excellent communication skills, written and verbal, and ability to represent security in front of account leadership.
• Ability to influence and lead security-related business decisions.
• Strong organizational skills, ability to handle multiple high-pressure situations simultaneously.
• Excellent understanding of project management principles.

What you should expect in this role

• Functionally reports to the Senior Regional Manager of Information Security as part of the Delivery organization led by the Business Information Security Officer (BISO) to coordinate effort, solutions, and promote Security Practices.
• Partners and collaborates with Information Security staff and partners to leverage existing solutions and promote common standards.

This posting is intended for pipelining. We will accept applications on an ongoing basis.

The pay range for this position is $90,900 - $129,900 per year, however, the base pay offered may vary depending on geographic region, internal equity, job-related knowledge, skills, and experience among other factors. Put your passion to work 'll have the opportunity to grow your career in a company that values work flexibility, learning, and career development. All salaried, full-time candidates are eligible for our generous, flexible vacation policy, a 401(k) employer match, comprehensive health benefits , and educational assistance.

We also have a variety of leadership and technical development academies to help build your skills and capabilities.

We believe nothing is impossible when you bring together people who care deeply about making healthcare work better for everyone. Build your career with…