Director of Information Security

November 10

🧀 Wisconsin – Remote

Although this job is listed in Wisconsin, this company may be open to hiring remote in other states.

⏰ Full Time

🔴 Lead

👮‍♂️ Cybersecurity / Security Engineer

Apply Now

Receive Emails with Similar Jobs

ECP

WebsiteLinkedInAll Job Openings

Healthcare Insurance • SaaS • B2B

ECP is a company that provides comprehensive software solutions for assisted living and long-term care communities. Their offerings include community management systems, electronic medication administration records (eMAR), electronic health records (EHR), care plans, customer relationship management (CRM), and billing software. ECP's services are designed to improve the workflows for assisted living, independent living, memory care, intellectual and developmental disability support, pharmacies, and group homes, ensuring better care and operational efficiency. The company is recognized for integrating seamlessly with pharmacy partners and offering a user-friendly platform that supports care providers, owners, and operators, caregivers, nurses, and other personnel in these communities. ECP is trusted by thousands of senior living communities across the United States and beyond.

51 - 200 employees

⚕️ Healthcare Insurance

☁️ SaaS

🤝 B2B

📋 Description

• ECP is seeking a Director of Information Security to lead and execute our cybersecurity and compliance strategy. This is a hands-on role responsible for ensuring the confidentiality, integrity, and availability of our systems and customer data within the context of healthcare regulations (HIPAA) and SOC 2 Type II compliance. • The ideal candidate brings a blend of technical expertise, regulatory understanding, and practical execution, partnering closely with our Infrastructure and IT teams to strengthen our security posture across the company. You’ll manage annual audits, harden systems, guide best practices, and foster a culture of security awareness. • This position reports to the VP of Engineering and collaborates cross-functionally with DevOps, Infrastructure, Compliance, and IT. • Cybersecurity: • - Develop and execute ECP’s information security strategy, aligned with business goals and risk tolerance. • - Maintain and evolve SOC 2 Type II compliance, including evidence gathering, documentation, and audit coordination. • - Ensure compliance with HIPAA and other healthcare data protection standards. • - Establish, implement, and maintain security policies, procedures, and standards consistent with regulatory and customer expectations. • - Manage third-party risk and vendor security assessments. • - Lead the incident response program, including detection, investigation, communication, and remediation. • - Oversee vulnerability management, penetration testing, and security monitoring. • - Partner with Infrastructure and DevOps teams to secure servers, cloud environments (AWS/Azure), and CI/CD pipelines. • - Integrate secure development lifecycle (SDLC) practices into engineering workflows. • - Stay current on emerging security threats, technologies, and frameworks, and advise leadership accordingly. • IT & Platform Security: • - Collaborate with internal IT to harden employee laptops and mobile devices, ensuring encryption, endpoint protection, and compliance with policy. • - Manage and optimize the company’s mobile device management (MDM) platform. • - Support and guide internal IT in maintaining secure onboarding/offboarding and access management processes. • - Coordinate internal penetration testing efforts and develop recommendations for infrastructure hardening. • - Assist with network and system security, including identity management and monitoring. • - Develop and lead employee security and HIPAA awareness training programs. • - Maintain visibility into and tracking of vulnerabilities and remediation efforts.

🎯 Requirements

• - Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience). • - 5+ years of experience in information security, infrastructure security, or a related role. • - Prior experience in a SaaS or healthcare technology environment required. • - Demonstrated experience leading SOC 2 Type II audits and ensuring HIPAA compliance. • - Strong understanding of AWS cloud security, identity and access management, and data protection best practices. • - Hands-on experience with endpoint management, laptop hardening, and mobile device management (MDM) tools. • - Strong troubleshooting, analytical, and problem-solving skills. • - Excellent communication skills with the ability to work effectively across technical and non-technical teams. • - Ability to thrive in a collaborative, fast-paced environment. • - Preferred: • - Certifications such as CISSP, CISM, CISA, Security+, or HCISPP (Healthcare Information Security & Privacy Practitioner). • - Familiarity with frameworks such as NIST CSF, CIS Controls, or ISO 27001. • - Experience scripting or automating security tasks (Python, PowerShell, Bash).