Job Description

HITRUST is seeking an experienced Information Security Officer (ISO) to lead and continuously evolve our enterprise information security program in a cloud-first, Zero Trust environment This role is accountable for protecting HITRUST’s information assets, supporting our assurance obligations, and enabling secure business growth.

The Information Security Officer partners closely with Engineering leadership and business stakeholders to ensure security controls are risk-based, scalable, and aligned with modern cloud and SaaS architectures, while meeting regulatory and customer assurance expectations.

Duties & Responsibilities:

Security Strategy, Governance & Zero Trust Enablement

• Own and lead the enterprise information security program, including strategy, policies, standards, and operating procedures
• Define and operationalize Zero Trust security principles, including identity-centric access controls, least privilege, continuous verification, and explicit trust boundaries
• Align security strategy with business objectives, risk tolerance, and HITRUST assurance requirements
• Translate technical risks into clear business impact for executive leadership
• Monitor emerging cyber threats, cloud security risks, and regulatory changes, implementing proactive mitigations

Cloud-First & Modern Infrastructure Security

• Oversee security controls across cloud infrastructure, SaaS platforms, applications, and data environments
• Ensure secure design and operation of identity, access management, logging, monitoring, and encryption services
• Partner with Engineering to embed security into cloud architectures and software development lifecycles (secure-by-design)
• Oversee vulnerability management, security testing, and validation across infrastructure and applications

Security Operations & Incident Response

• Oversee security operations, including threat detection, security analytics, and continuous monitoring capabilities
• Lead incident response for security events, ensuring timely containment, eradication, and recovery
• Conduct post-incident root cause analysis and executive-level reporting
• Escalate and report significant security events to leadership and required stakeholders

Resilience, Business Continuity & Recovery

• Establish and maintain disaster recovery and business continuity procedures aligned to cloud-first architectures
• Conduct breach simulations, incident response exercises, and disaster recovery testing
• Ensure organizational readiness for security incidents and operational disruptions

Compliance, Assurance & Customer Trust

• Manage and continuously enhance a compliance-driven policy and control framework
• Lead or support security assurance activities, including HITRUST CSF, SOC, ISO, HIPAA, and customer-driven assessments
• Support completion of customer security questionnaires and due diligence requests
• Ensure security requirements are integrated into projects and initiatives, and that security milestones are met

Security Awareness & Culture

• Champion organization-wide security awareness and training initiatives
• Promote a culture of shared responsibility for protecting HITRUST information assets
• Support ongoing education and development related to cybersecurity and privacy best practices

Required Qualifications:

• Minimum of six (6) years of experience in information technology or information security
• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related discipline
• CISSP certification required; additional certifications (e.g., CEH, CCSP, CISM) are a plus
• Experience with forensic investigation and incident response
• Demonstrated experience leading or participating in security control assessments (e.g., HITRUST CSF, SOC, ISO, HIPAA)
• Strong understanding of cloud security models, identity-centric security, and Zero Trust concepts
• Experience with infrastructure and application security testing
• Strong analytical and organizational skills with the ability to manage multiple initiatives in a dynamic environment
• Excellent verbal, written, and interpersonal communication skills, including the ability to communicate security risk effectively to executives, engineering teams, and business stakeholders

About Us:

HITRUST, the leader in cybersecurity assurance used in risk management and compliance, offers certification programs for the application and validation of security, privacy, and AI controls. Informed by over 50 standards and frameworks, the company's threat-adaptive approach delivers the most relevant and reliable solutions, including multiple selectable and traversable assessments and certifications, an ecosystem of over 100 independent assessment firms, centralized quality reviews, reporting and certification, and a powerful SaaS platform enabling its program and process.

For over 17 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risk management and compliance.

HITRUST is an equal opportunity employer that is committed to diversity and inclusion in the workplace.

We prohibit discrimination and harassment of any kind based on race, color, region, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.