Information Security Officer (ISO)

B

Blooming Health

Information Security Officer (ISO)

National
Full Time
Paid
  • Responsibilities

    Job Description: Information Security Officer (ISO)

    About Us

    Blooming Health is on a mission to transform social care for older adults and underserved populations. We partner with community organizations, government agencies, and healthcare stakeholders to build a digital tissue in the community for automating access to social care and advancing health equity. As we scale, we're looking for an ambitious and resourceful Implementation and Project Manager to drive complex implementation projects in State and Local Governments, and Healthcare segments.

    Overview

    • We are seeking an experienced Information Security Officer (ISO) to oversee IT, security, and compliance for our organization. The ISO will be responsible for developing and implementing a comprehensive security strategy, managing a team of IT & Cyber Security Administrators and a GCR Analyst, and collaborating with business and engineering teams to ensure all security, regulatory, and compliance requirements are met.
      Must have experience helping a startup/smaller company achieve compliance

    Key Responsibilities

    • Security Strategy & Program Management:

    • Develop, implement, and maintain an organization-wide information security strategy.

    • Lead efforts to become HITRUST R2 certified

    • Ensure continuous improvement of security policies, procedures, and standards in line with regulatory requirements and industry best practices (e.g., NIST, ISO 27001, GDPR, HIPAA).

    • Team Leadership & Management:

    • Manage and mentor a team of IT & Cyber Security and GRC Administrators

    • Oversee daily IT operations including provisioning, device management, networking and troubleshooting

    • Oversee daily security operations including vulnerability assessments, risk management, incident response, and compliance audits.

    • Collaboration & Communication:

    • Work closely with business and engineering teams to integrate security measures into IT operations and product development.

    • Coordinate with third-party service providers and cloud vendors to ensure their security practices align with our requirements.

    • Report on security posture, incident trends, and compliance status to senior management.

    • Monitoring & Incident Response:

    • Oversee the monitoring of systems, networks, and endpoints using tools like SIEM, endpoint detection, and vulnerability scanners.

    • Lead incident response efforts, ensuring timely and effective remediation of security issues.

    • Risk Management & Compliance:

    • Conduct regular risk assessments and ensure that any components lacking certain security capabilities are documented.

    • Ensure compliance with internal policies and external regulations, and liaise with legal teams to obtain necessary legal opinions when needed.

    Qualifications

    • Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field (Master's degree preferred).
    • A minimum of 7–10 years of experience in information security, with at least 3 years in a managerial or leadership role.
    • Strong understanding of security frameworks and standards such as NIST, ISO 27001, GDPR, and HIPAA.
    • Proven experience in managing and mentoring technical teams.
    • Excellent communication, collaboration, and analytical skills.
    • Relevant certifications (e.g., CISSP, CISM, CISA) are highly desirable.

    Skills

    • Expert in IT systems management and tools (ITSM, IdPs, MDMs etc.)
    • Expert in cybersecurity management (SIEM, EDR/VDR, Endpoint management)
    • Strategic planning and risk management
    • Incident response and forensic analysis
    • IT infrastructure and network security expertise
    • Strong leadership and team management
    • Excellent written and verbal communication