This is a fully remote position, open to applicants in United States.

• Take charge of the strategy, design, execution, and ongoing enhancement of Triplemoon's information security and compliance program.

• Ensure continuous adherence to HIPAA and the best practices in healthcare security.

• Spearhead preparation efforts for future SOC 2 certification and other necessary security frameworks.

• Create, maintain, and document security policies, procedures, and controls.

• Organize security incident response, investigations, remediation, and post-incident evaluations.

• Assist with customer security questionnaires, audits, and compliance inquiries.

• Collaborate with leadership to identify, evaluate, and mitigate information security risks.

• Manage and supervise an IT MSP or MSSP responsible for implementing security controls and compliance within SaaS vendors and IT systems.

• Offer tiered support for end-user issues related to hardware, software, and SaaS applications.

• Handle device and asset management.

• Oversee identity and access management, including systems for onboarding and offboarding.

• Keep system documentation, operating procedures, and technology standards updated.

• Suggest and implement enhancements to improve security, scalability, and user experience.

• Conduct security evaluations of third-party vendors and software platforms.

• Maintain essential security documentation, such as BAAs, DPAs, SOC reports, and related compliance artifacts.

• Monitor vendor compliance and assist with periodic risk assessments.

• Over 7 years of experience in information security, IT administration, compliance, or similar roles.

• Experience acting as a vCISO, security leader, or senior security consultant.

• Comprehensive knowledge of HIPAA Security Rule requirements and healthcare security best practices.

• Proven experience preparing organizations for SOC 2 audits and other compliance frameworks.

• Experience supporting early-stage startups or rapidly growing healthcare organizations.

• Practical experience managing Google Workspace, identity management platforms, endpoint management tools, and SaaS environments.

• Familiarity with security for remote workforces and cloud-first technology settings.

• Exceptional documentation, communication, and stakeholder management abilities.

• Capability to operate independently while serving as a strategic advisor to company leadership.

• Competitive compensation based on experience and scope.

Virtual Chief Information Security Officer – vCISO

People also viewed