Director, Information Security Assurance

About the position We are seeking a highly skilled and experienced Information Security Assurance Director to join our dynamic team. The successful candidate will be responsible for leading and managing all aspects of our organization's information security assurance program. This role involves ensuring that our information security management systems (ISMS) are robust, compliant with industry standards, and effectively mitigate risks to our information assets, ensuring compliance with HITRUST, SOC-2 Type II, and other frameworks as needed.

Responsibilities

• Develop and implement a comprehensive security assurance strategy aligned with the organization's business objectives.
• Lead and mentor a team of security assurance professionals, fostering a culture of continuous improvement and professional development.
• Serve as a key advisor to senior leadership on security assurance matters.
• Identify, assess, and prioritize security risks across the organization.
• Develop and implement strategies for information security risk management, ensuring alignment with threat-driven, risk-based technical, compliance and business requirements, while providing risk-informed guidance.
• Develop and implement risk mitigation strategies and controls.
• Conduct regular risk assessments and security audits to ensure compliance with internal policies and external regulations.
• Responsible for meeting SLA's for client attestations and security questionnaires.
• Maintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.
• Ensure compliance with relevant regulatory requirements, industry standards, and best practices (e.g., HIPAA, NIST, ISO 27001, GDPR, etc.).
• Develop, implement, and maintain enterprise security policies, procedures, and standards.
• Coordinate and lead internal and external audits (HISTRUST, SOC 2 - Type II, PCI), and manage remediation efforts for any identified gaps.
• Familiar with using and implementing GRC tools for audits and evidence management.
• Oversee the development and execution of security assurance programs, including vulnerability management, penetration testing, and security assessments.
• Develop and maintain metrics and report mechanisms to track the effectiveness of security assurance activities.
• Collaborate with other departments to ensure security controls are integrated into business processes and systems.
• Lead the incident response team in the investigation and resolution of security incidents.
• Develop and maintain incident response plans and procedures.
• Conduct post-incident analysis and implement lessons learned to improve security posture.
• Build and maintain relationships with key stakeholders, including IT, legal, privacy, compliance, and business units.
• Communicate security risks and assurance activities to stakeholders in a clear and effective manner.
• Represent the organization in industry forums and working groups related to security assurance.

Requirements

• Bachelor's degree in Information Security, Computer Science, or a related field; Master's degree preferred.
• Minimum of 10 years of experience in information security, with at least 5 years in a leadership role.
• Professional certifications such as CISSP, CISM, CISA, CRISC, or equivalent.
• In-depth knowledge of information security management frameworks and standards (e.g., HITRUST, HIPAA, ISO/IEC 27001, NIST CSF).
• Familiarity with the convergence of various cyber control frameworks and the generation of control requirements in the context of risk management.
• Proven experience in risk management, compliance, and governance.
• Strong leadership, communication, and interpersonal skills.
• Ability to manage multiple priorities and work effectively in a fast-paced environment.
• Excellent analytical and problem-solving abilities.

Apply tot his job Apply To this Job