Information Security Expert

Location: Remote

Department: Information Security & Compliance

Employment Type: Full-Time

Shift Timing: 2:00 PM to 11:30 PM OR 4:00 PM – 1:30 AM IST (to align with U.S. client)

Reports To: Manager – Compliance

About Us

We are a HITRUST-certified Business Associate (BA) operating in the healthcare domain and serving global clients with the highest standards of data protection and regulatory compliance. Our mission is to safeguard sensitive information by aligning with HIPAA, HITRUST, ISO 27001, and other industry standards while driving risk-aware business processes.

Role Summary

Information Security Expert

The role also requires proactive collaboration across departments to support business impact analysis, lead control implementation reviews, and ensure continuous alignment with evolving cybersecurity standards.

Key Responsibilities

• Lead and support activities related to

  Audit, Compliance, Risk Management, and Governance(GRC)

  .
• Draft and update

  information security and compliance policies

  , standard operating procedures (SOPs), and internal control documentation.
• Conduct

  induction training

  for new joiners and lead ongoing

  awareness training programs

  for employees.
• Design and distribute

  security awareness flyers

  and educational content to promote best practices.
• Work closely with department heads to

  assess compliance expectations

  and gather security and privacy-related inputs.

• Identify compliance gaps

  , track remediation efforts, and ensure implementation of corrective actions across business units.
• Respond to

  RFPs, RFIs, client questionnaires

  , and other security and compliance assessments.
• Coordinate and support

  client audits, attestations, and external assessments

  , ensuring timely and accurate responses.
• Review

  vendor contracts, NDAs, and client agreements

  from an

  information security and compliance perspective

  , in collaboration with legal and procurement teams.
• Maintain a

  catalog of all internal security controls

  with mapping to frameworks like HIPAA, HITRUST, ISO 27001, and NIST.
• Perform

  Business Impact Analysis (BIA)

  ,

  risk assessments

  , and

  gap analysis

  across systems, infrastructure, and business processes.
• Conduct

  targeted internal control reviews and fieldwork

  to test implementation of technical and administrative safeguards.
• Lead or assist in

  incident management

  , including investigation, documentation, and coordination of corrective actions.
• Maintain security

  documentation, diagrams, and control records

  in a professional, audit-ready format.
• Partner with the Compliance Head in building and maintaining a

  Global Compliance Program

  , ensuring risks are addressed and best practices are implemented.
• Drive

  security governance alignment

  , facilitate internal compliance initiatives, and support maturity improvement efforts.
• Build and foster

  cross-functional relationships

  to drive collaboration and enhance the security posture organization-wide.

Required Qualifications

• Bachelor’s degree in information security, Computer Science, IT, or a related field.
• 5+ years of experience in information security, IT governance, or compliance domains.
• Strong expertise in implementing and managing controls aligned to frameworks like

  HIPAA, HITRUST, ISO 27001

  , or

  NIST CSF

  .
• Excellent verbal and written communication skills, with a strong ability to create structured reports and risk summaries.
• Experience with

  BIA, Risk Treatment Planning, Policy Governance, and Audit Coordination

  .
• Strong analytical, documentation, and project management abilities.

Preferred Qualifications

• Certifications such as

  CISM, CISA, ISO 27001 Lead Auditor/Implementer, CISSP

  .
• Experience working in a healthcare domain or with Business Associate clients.
• Hands-on exposure to

  security tools

  (GRC platforms).
• Prior experience supporting

  external assessments or certifications

  (e.g., HITRUST audits, ISO audits).

Why Join Us?

• Be part of a high-impact team protecting sensitive health and business data.
• Opportunity to shape compliance and security governance across global operations.
• Exposure to leading security and compliance frameworks (HITRUST, HIPAA, ISO 27001).
• Collaborative environment with strong leadership support and growth pathways.
• Continuous learning and mentoring from domain experts.