Information Security Officer- Remote (USA)
Bloom, the insurance industry’s trusted growth partner, is looking for an Information Security leader to serve as Bloom’s Information Security Officer—someone who builds security into the foundation of everything we do, not someone who sits back and watches alerts roll in. This is a hands-on leadership role for a security professional who believes the best incident is the one that never happens.
The successful candidate will own our security program end-to-end: designing and implementing controls, architecting systems that prevent breaches before they occur, and driving a culture of proactive risk management across the organization. You’ll use data and metrics to measure what matters, identify gaps before they become problems, and demonstrate continuous improvement to our leadership and compliance partners.
If you’re energized by building resilient systems, thrive on translating complex regulatory requirements into practical controls, and want to shape the security posture of a growing healthcare organization—we want to talk to you.
Position Responsibilities:
Build and Lead a Proactive Security Program
- Design, implement, and continuously improve Bloom’s information security program with a prevention-first mindset leveraging the strong foundation already constructed as the basis for continued success
- Evaluate, refine, and enforce security policies, standards, and procedures that are practical, actionable, and aligned with business operations
- Conduct regular risk assessments and threat modeling to identify vulnerabilities before exploitation, helping the organization deliver to our customers with maximum results
- Lead tabletop exercises, penetration testing, and red team activities to stress-test our defenses
- Build, operate, and monitor the security program to ensure our information security processes are in place and effectively educate all stakeholders on the practices, procedures, and policies, while ensuring the security processes meet or exceed our organizational requirements
Own Compliance Across Multiple Frameworks
- Serve as the primary owner for HIPAA, HITRUST, and SOC 2 Type II compliance oversight, filings, and assessor coordination
- Maintain deep working knowledge of NIST standards (800-53, CSF), FedRAMP requirements, and emerging healthcare security regulations to anticipate changes needed to achieve excellence
- Translate regulatory requirements into engineering specifications and operational procedures
- Manage audit relationships, risk management, evidence collection, and remediation tracking
- Keep us audit-ready year-round—not scrambling before assessments
Implement Security Controls
- Partner with Engineering, IT, and DevOps to embed security controls into infrastructure, applications, and workflows
- Architect and deploy technical safeguards: access controls, encryption, network segmentation, endpoint protection, and monitoring systems
- Automate security processes wherever possible—manual controls don’t scale
- Evaluate and implement security tools and technologies that fit our environment and risk profile
Drive Decisions with Data
- Define and track key security metrics and KPIs that measure program effectiveness, not just activity
- Build dashboards and reporting mechanisms that give leadership visibility into our security posture
- Use data to prioritize investments, justify resources, and demonstrate ROI on security initiatives
- Benchmark against industry standards and drive continuous improvement through measurable goals
Foster a Security-First Culture
- Develop and deliver security awareness training that changes behavior, not just checks a box
- Serve as an advisor and resource for teams across Bloom on secure design and operations
- Lead incident response when needed—but measure success by how rarely we need to
Qualifications:
- Bachelor’s degree in information systems, Computer Science, Engineering, or a related technical field, or a minimum of four (4) years of experience in lieu of degree.
- 7+ years of progressive experience in information security, with at least 3 years in a security program leadership role
- Previous experience guiding an organization through successful assessments in SOC 2 and/or HITRUST R2 is required
Required Skills and Abilities:
- Deep expertise in healthcare security and privacy regulations, particularly HIPAA Security Rule requirements
- Hands-on experience achieving and maintaining HITRUST CSF certification and SOC 2 Type II attestation
- Strong working knowledge of NIST frameworks (800-53, 800-171, Cybersecurity Framework) and FedRAMP
- Proven track record implementing technical security controls and managing a comprehensive security program—not just documenting them
- Experience with cloud security (AWS, Azure, or GCP) and modern DevSecOps practices
- Demonstrated ability to use metrics and data analysis to drive security program improvements
- Excellent communication skills—able to translate technical risk into business terms for executives and board members
- Relevant certifications: CISSP, CISM, HCISPP, HITRUST CCSFP, or equivalent
- Experience in a high-growth healthcare technology or digital health environment
- First-hand experience building security programs or security-first architectures
- Experience with GRC platforms and security automation tools
- Other duties as assigned
What We Offer:
Bloom operates with a people-first culture, which means listening to our employees to provide the benefits that mean the most to them. Our competitive compensation, comprehensive health coverage, long-term growth opportunities, and remote work environment are among the reasons that many of our employees have been with us since the beginning of our business. BeBloom™, our proprietary employee training and engagement program, helps you learn our business model and immerse yourself in everything our culture offers from day 1. From virtual live events to mentorship and leadership programs and employee-led councils, there are countless opportunities to get involved, build connections, and share your voice – because at Bloom, the real you belongs here.
Core Values:
- Put People First: Uphold and promote a people-first culture within the organization, emphasizing empathy, kindness, and a commitment to making a positive difference.
- Be Stronger Together: Embrace a team player mentality, leveraging the strengths of yourself and others to collaborate as one team.
- Do What’s Right: Adhere to high ethical standards, acting with integrity to do what’s right for partners, customers, and colleagues.
- Embrace a Growth Mindset: Embrace a culture of continuous learning, education, and professional development.
- Drive Solutions: Demonstrate ingenuity and skill by sharing ideas and solutions that drive our mission forward.
About Bloom:
Bloom is a third-party insurance services provider that partners with Medicare health plans to enable high-quality Medicare enrollment and drive earlier health plan activation. Founded in 2007, Bloom has partnered with national and regional payers to implement solutions for every step of the member journey, from telesales and quote & enroll to health activation outreach. Supported by its Ascend technology platform, Bloom produces closer connections and better outcomes for Medicare beneficiaries and health plan stakeholders to deliver High Value Enrollment.
