Information Security Specialist

The Information Security Specialist is a strategic role within DeepHealth’s Quality, Regulatory, and Compliance department, responsible for assisting in the development, implementation, and maintenance of comprehensive information security compliance strategies. This position is critical in protecting organizational data, ensuring regulatory adherence, and mitigating potential security risks in the complex digital health landscape. Duties and Responsibilities Information Security Compliance Strategy Develop and implement holistic security compliance programs Create comprehensive risk management frameworks Design and maintain security policies, procedures, and guidelines Continuously assess and update security strategies Ensure alignment with organizational objectives and regulatory requirements Regulatory Compliance Ensure compliance with complex regulatory standards including, but not limited to: HIPAA GDPR CCPA ISO 27001 HITRUST Conduct thorough risk assessments and vulnerability evaluations Prepare detailed compliance reports and documentation Support external and internal audit processes Track and implement regulatory changes Technical Security Perform comprehensive security vulnerability assessment Develop and implement security control frameworks Monitor and analyze security incidents and breaches Design and conduct security awareness training programs Manage access control and identity management systems Evaluate and recommend security technologies and solutions Incident Response and Management Develop and maintain incident response plans Coordinate rapid and effective responses to security incidents Conduct post-incident analysis and implement preventive measures Maintain detailed incident documentation and reporting Interdepartmental Collaboration Work closely with IT, Legal, Compliance, and Clinical teams Provide security guidance and recommendations Facilitate cross-functional security awareness and training Support technology implementation and security best practices Please Note: This is not an exhaustive list of all duties, responsibilities and requirements of the position described above. Other functions may be assigned, and management retains the right to add or change duties at any time. Qualifications Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or related field (or equivalent experience). Master’s degree or advanced security certifications preferred, such as: CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CRISC (Certified in Risk and Information Systems Control) 3-5 years of progressive experience in security compliance with healthcare, medical technology, or highly regulated industries. Proven track record of developing and implementing security strategies. Experience with regulatory compliance in complex environments, including: An advanced understanding of security frameworks and compliance standards Proficiency in security tools and technologies Experience with risk assessment and management tools Excellent written and oral communication and interpersonal skills with the ability to explain complex security concepts to diverse audiences. High level of integrity and confidentiality. Working conditions This position may be based in the European Union in a typical office setting. This position will have the ability to work remotely. Physical requirements This position often requires sitting, standing, walking, bending, twisting, reaching with hands and arms, using hands and fingers, handling, or feeling, speaking, listening, and high-level cognitive thinking. Also, must be able to lift up to 10 pounds occasionally. The position requires the ability to travel (~10% of time), drive a vehicle, and utilize other forms of transportation. #J-18808-Ljbffr