Information Security Officer

HITRUST Service Corp.

$120K — $150K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Minimum of six years in information technology or information security
  • Bachelor's degree in IT, Computer Science, Cybersecurity, or related
  • CISSP certification required; additional certifications preferred
  • Experience with forensic investigation and incident response
  • History of participation in security control assessments (e.g., HITRUST, SOC, ISO, HIPAA)
  • Strong understanding of cloud security models and Zero Trust concepts
  • Proficiency in infrastructure and application security testing

Responsibilities

  • Lead the enterprise information security program, including policies and standards
  • Define and implement Zero Trust security principles
  • Align security strategies with business objectives and risk tolerance
  • Translate technical risks into business implications for executive leadership
  • Oversee security controls across cloud infrastructure and applications
  • Manage security operations, including threat detection and monitoring
  • Establish disaster recovery and business continuity procedures

Benefits

  • Health, dental, and vision insurance
  • Retirement plan with company match
  • Generous paid time off and holiday schedule
  • Professional development opportunities
  • Flexible work arrangements
Full Job Description
HITRUST is seeking an experienced Information Security Officer (ISO) to lead and continuously evolve our enterprise information security program in a cloud-first, Zero Trust environment. This role is accountable for protecting HITRUST's information assets, supporting our assurance obligations, and enabling secure business growth.

The Information Security Officer partners closely with Engineering leadership and business stakeholders to ensure security controls are risk-based, scalable, and aligned with modern cloud and SaaS architectures, while meeting regulatory and customer assurance expectations.

Duties & Responsibilities:

Security Strategy, Governance & Zero Trust Enablement
  • Own and lead the enterprise information security program, including strategy, policies, standards, and operating procedures
  • Define and operationalize Zero Trust security principles, including identity-centric access controls, least privilege, continuous verification, and explicit trust boundaries
  • Align security strategy with business objectives, risk tolerance, and HITRUST assurance requirements
  • Translate technical risks into clear business impact for executive leadership
  • Monitor emerging cyber threats, cloud security risks, and regulatory changes, implementing proactive mitigations

Cloud-First & Modern Infrastructure Security
  • Oversee security controls across cloud infrastructure, SaaS platforms, applications, and data environments
  • Ensure secure design and operation of identity, access management, logging, monitoring, and encryption services
  • Partner with Engineering to embed security into cloud architectures and software development lifecycles (secure-by-design)
  • Oversee vulnerability management, security testing, and validation across infrastructure and applications

Security Operations & Incident Response
  • Oversee security operations, including threat detection, security analytics, and continuous monitoring capabilities
  • Lead incident response for security events, ensuring timely containment, eradication, and recovery
  • Conduct post-incident root cause analysis and executive-level reporting
  • Escalate and report significant security events to leadership and required stakeholders

Resilience, Business Continuity & Recovery
  • Establish and maintain disaster recovery and business continuity procedures aligned to cloud-first architectures
  • Conduct breach simulations, incident response exercises, and disaster recovery testing
  • Ensure organizational readiness for security incidents and operational disruptions

Compliance, Assurance & Customer Trust
  • Manage and continuously enhance a compliance-driven policy and control framework
  • Lead or support security assurance activities, including HITRUST CSF, SOC, ISO, HIPAA, and customer-driven assessments
  • Support completion of customer security questionnaires and due diligence requests
  • Ensure security requirements are integrated into projects and initiatives, and that security milestones are met

Security Awareness & Culture
  • Champion organization-wide security awareness and training initiatives
  • Promote a culture of shared responsibility for protecting HITRUST information assets
  • Support ongoing education and development related to cybersecurity and privacy best practices

Required Qualifications:
  • Minimum of six (6) years of experience in information technology or information security
  • Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related discipline
  • CISSP certification required; additional certifications (e.g., CEH, CCSP, CISM) are a plus
  • Experience with forensic investigation and incident response
  • Demonstrated experience leading or participating in security control assessments (e.g., HITRUST CSF, SOC, ISO, HIPAA)
  • Strong understanding of cloud security models, identity-centric security, and Zero Trust concepts
  • Experience with infrastructure and application security testing
  • Strong analytical and organizational skills with the ability to manage multiple initiatives in a dynamic environment
  • Excellent verbal, written, and interpersonal communication skills, including the ability to communicate security risk effectively to executives, engineering teams, and business stakeholders

Similar Jobs

More Jobs at HITRUST Service Corp.

More Information Technology Jobs

Find similar Information Security Officer jobs: