This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

This role involves serving as Bloom's Information Security Officer, focusing on building security into the foundation of the organization.

• Own the security program end-to-end: designing and implementing controls, architecting systems to prevent breaches, and driving a culture of proactive risk management.
• Use data and metrics to measure effectiveness, identify gaps, and demonstrate continuous improvement.
• Build and lead a proactive security program with a prevention-first mindset.
• Evaluate, refine, and enforce security policies, standards, and procedures.
• Conduct regular risk assessments and threat modeling.
• Lead tabletop exercises, penetration testing, and red team activities.
• Build, operate, and monitor the security program, ensuring effective education of stakeholders.
• Serve as the primary owner for HIPAA, HITRUST, and SOC 2 Type II compliance oversight.
• Maintain knowledge of NIST standards and emerging healthcare security regulations.
• Translate regulatory requirements into engineering specifications and operational procedures.
• Partner with Engineering, IT, and DevOps to embed security controls into infrastructure.
• Define and track key security metrics and KPIs.
• Develop and deliver security awareness training.

Qualifications

• Bachelor’s degree in information systems, Computer Science, Engineering, or a related technical field, or a minimum of four (4) years of experience in lieu of degree.
• 7+ years of progressive experience in information security, with at least 3 years in a security program leadership role.
• Previous experience guiding an organization through successful assessments in SOC 2 and/or HITRUST R2.

Requirements

• Deep expertise in healthcare security and privacy regulations, particularly HIPAA Security Rule requirements.
• Hands-on experience achieving and maintaining HITRUST CSF certification and SOC 2 Type II attestation.
• Strong working knowledge of NIST frameworks and FedRAMP.
• Proven track record implementing technical security controls and managing a comprehensive security program.
• Experience with cloud security (AWS, Azure, or GCP) and modern DevSecOps practices.
• Demonstrated ability to use metrics and data analysis to drive security program improvements.
• Excellent communication skills—able to translate technical risk into business terms for executives and board members.
• Relevant certifications: CISSP, CISM, HCISPP, HITRUST CCSFP, or equivalent.
• Experience in a high-growth healthcare technology or digital health environment.
• First-hand experience building security programs or security-first architectures.
• Experience with GRC platforms and security automation tools.

Benefits

• Competitive compensation.
• Comprehensive health coverage.
• Long-term growth opportunities.
• Remote work environment.
• BeBloom™, a proprietary employee training and engagement program.

Core Values

• Put People First: Uphold and promote a people-first culture within the organization.
• Be Stronger Together: Embrace a team player mentality.
• Do What’s Right: Adhere to high ethical standards.
• Embrace a Growth Mindset: Embrace a culture of continuous learning.
• Drive Solutions: Demonstrate ingenuity and skill by sharing ideas and solutions.