Information Security Officer

Great companies need great teams to propel their operations. Join the group that solves business challenges and enhances the way we work and grow. Working at Gainwell carries its rewards. You’ll have an incredible opportunity to grow your career in a company that values your contributions and puts a premium on work flexibility, learning, and career development. 

Summary

Gainwell Technologies is seeking a well-rounded Information Security Officer (ISO). Under the supervision of the Account Security Officer, this position will perform required functions to support daily security and privacy operations for our Account and Client requirements. The ISO will be responsible for establishing and maintaining working relationships with internal teams, external stakeholders, and account partners. This position is responsible for coordinating with Infrastructure, Application and Development teams to prepare for and execution of Security Assessments and Audits. This position requires the ability to work with tight deadlines, often with short notice, multi-task, analyze and troubleshoot issues, be responsible for the overall security hygiene of the account, as well as be the recognized security resource for Gainwell Infrastructure, application, and technical resources supporting the account.

Your role in our mission

• Client Support and Communication: Serve as a primary point of contact for client regarding all aspects for account security, privacy, and compliance. Communicate effectively with internal teams to address client concerns and optimize security compliance.
• Enhancement and Innovation: Coordinate the adoption of information security best practices throughout the account based on client feedback and industry standards.
• Data Security and Compliance: Facilitate with stakeholders on safeguarding PHI/PII data. Implement and enforce compliance measures to mitigate risks associated with sensitive information.
• Risk Management: Review, capture and document IT and Security Risk. Document any exceptions, formally. Manages risks to closure and/or documented exceptions and follows through on managing exceptions to remediation deadlines.
• Vulnerability Management: Review and oversee vulnerability remediation by partnering with the technical teams across platforms, applications, and operating systems.
• Operational Governance: Support and manage ongoing security activities (access management, account reviews, vulnerabilities assessments, patch management, audits, etc.). Participate and represent security on projects and team calls to ensure security requirements are achieved in compliance with standards and policy.
• Documentation Management: Oversee the creation, development, and maintenance of all documentation supporting Information Security including:
  • Security Management Plans
  • System Security and Privacy Plan (SSPP)
  • IT Risk Management Plan
  • Security Incident Response Plan
  • Plan of Action & Milestones (POA&M)
• Support and conduct security and risk assessments annually.
• 24/7 availability for any emergencies including any security events reported by the SIEM and/or SOC and 24/7 availability to address security incidents in general.
• All other security functions and duties as required.

What we're looking for

• Minimum of 8 years combined experience in information security, vulnerability management, compliance, technology audit, or a related field in healthcare.
• Familiarity with NIST and CMS Cybersecurity Frameworks.
• Knowledge of regulatory compliance requirements including HIPAA/HITECH, ARC-AMPE, ISO, SSAE16 / SSAE18, Safe Harbor.
• Experience with emphasis in information security and regulatory compliance management.
• Experience with healthcare environments and compliance planning and implementation.
• Knowledge and experience using and maintaining vulnerability management solutions.
• Able to communicate technical concepts between technical and non-technical stakeholders.
• Awareness and understanding of current security and cyber threat landscape.
• Team player, ability to work with people in a productive manner.
• Skilled in planning, problem solving, analysis, collaboration, and communication.
• Excellent communication skills, written and verbal, and ability to represent security in front of account leadership.
• Ability to influence and/or lead security-related business development activities.
• Strong Organizational Skills, ability to handle multiple high-pressure situations simultaneously.
• Excellent understanding of project management principles.

What you should expect in this role

• Functionally reports to the Regional Information Security Manager as part of the Office of the Chief Information Security Officer (OCISO) to coordinate effort, solutions, and promote security practices.
• Works in conjunction with the Client Delivery Leader (CDL).
• Partners and collaborates with the information security staff to leverage existing solutions and promote common standards.

The deadline to submit applications for this posting is May 16, 2025.

The pay range for this position is $90,900.00 - $129,900.00 per year, however, the base pay offered may vary depending on geographic region, internal equity, job-related knowledge, skills, and experience among other factors. Put your passion to work at Gainwell. You’ll have the opportunity to grow your career in a company that values work flexibility, learning, and career development. All salaried, full-time candidates are eligible for our generous, flexible vacation policy, a 401(k) employer match, comprehensive health benefits, and educational assistance. We also have a variety of leadership and technical development academies to help build your skills and capabilities.

We believe nothing is impossible when you bring together people who care deeply about making healthcare work better for everyone. Build your career with Gainwell, an industry leader. You’ll be joining a company where collaboration, innovation, and inclusion fuel our growth. Learn more about Gainwell at our company website and visit our Careers site for all available job role openings.

Gainwell Technologies is committed to a diverse, equitable, and inclusive workplace. We are proud to be an Equal Opportunity Employer, where all qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We celebrate diversity and are dedicated to creating an inclusive environment for all employees.