Blooming Health

Job Description: Information Security Officer (ISO)

About Us

At Blooming Health, our mission is to power healthy aging-in-place for all. Our next generation engagement platform seamlessly connects older adults and caregivers with service providers in the $575B aging-in-place market. We are empowering older adults to live in their community independently and help aging-in-place service providers to serve more older adults. We are a fast growing company looking for a mission-driven team player to drive our upcoming growth plans in multiple states.

Overview

We are seeking an experienced Information Security Officer (ISO) to oversee IT, security, and compliance for our organization. The ISO will be responsible for developing and implementing a comprehensive security strategy, managing a team of IT & Cyber Security Administrators and a GCR Analyst, and collaborating with business and engineering teams to ensure all security, regulatory, and compliance requirements are met.

Key Responsibilities

  • Security Strategy & Program Management:

  • Develop, implement, and maintain an organization-wide information security strategy.
  • Lead efforts to become HITRUST R2 certified
  • Ensure continuous improvement of security policies, procedures, and standards in line with regulatory requirements and industry best practices (e.g., NIST, ISO 27001, GDPR, HIPAA).

  • Team Leadership & Management:

  • Manage and mentor a team of IT & Cyber Security and GRC Administrators
  • Oversee daily IT operations including provisioning, device management, networking and troubleshooting
  • Oversee daily security operations including vulnerability assessments, risk management, incident response, and compliance audits.

  • Collaboration & Communication:

  • Work closely with business and engineering teams to integrate security measures into IT operations and product development.
  • Coordinate with third-party service providers and cloud vendors to ensure their security practices align with our requirements.
  • Report on security posture, incident trends, and compliance status to senior management.

  • Monitoring & Incident Response:

  • Oversee the monitoring of systems, networks, and endpoints using tools like SIEM, endpoint detection, and vulnerability scanners.
  • Lead incident response efforts, ensuring timely and effective remediation of security issues.

  • Risk Management & Compliance:

  • Conduct regular risk assessments and ensure that any components lacking certain security capabilities are documented.
  • Ensure compliance with internal policies and external regulations, and liaise with legal teams to obtain necessary legal opinions when needed.

Qualifications

  • Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field (Master’s degree preferred).
  • A minimum of 7–10 years of experience in information security, with at least 3 years in a managerial or leadership role.
  • Strong understanding of security frameworks and standards such as NIST, ISO 27001, GDPR, and HIPAA.
  • Proven experience in managing and mentoring technical teams.
  • Excellent communication, collaboration, and analytical skills.
  • Relevant certifications (e.g., CISSP, CISM, CISA) are highly desirable.

Skills

  • Expert in IT systems management and tools (ITSM, IdPs, MDMs etc.)
  • Expert in cybersecurity management (SIEM, EDR/VDR, Endpoint management)
  • Strategic planning and risk management
  • Incident response and forensic analysis
  • IT infrastructure and network security expertise
  • Strong leadership and team management
  • Excellent written and verbal communication

Powered bybreezy