Information Security Officer (ISO)
Woundtech is seeking a hands-on Information Security Officer (ISO) to lead and execute our cybersecurity program in a fast-paced, healthcare environment. This role is a hybrid of security leadership and engineering execution, responsible for both Governance, Risk, and Compliance (GRC) and day-to-day security operations.
The ideal candidate is equally comfortable defining security policies and leading audits as they are remediating vulnerabilities, tuning security tools, and responding to incidents. This role will partner closely with IT, DevSecOps, and Engineering to drive measurable improvements in security posture.
Primary Responsibilities:
Security Operations & Engineering (Hands-On Execution)
-Monitor, investigate, and respond to security alerts and incidents across:
-SentinelOne (EDR/XDR)
-SIEM and centralized logging platforms
-AWS-native tools (GuardDuty, Inspector, CloudTrail)
-Lead vulnerability management lifecycle:
-Identify, prioritize, and drive remediation of vulnerabilities and misconfigurations
-Partner with Engineering, DevOps, and IT to resolve issues within defined SLAs
-Identify and remediate AWS cloud security risks:
-IAM, network exposure, logging, encryption, and configuration gaps
-Administer and improve security tooling across endpoint, cloud, identity, and application layers
-Support DevSecOps initiatives:
-Integrate and maintain tools such as container scanning, code analysis, and secrets detection
-Develop automation and improve detection and monitoring capabilities
Governance, Risk & Compliance (GRC)
-Develop, implement, and maintain the enterprise Information Security Program
-Lead and execute compliance initiatives:
-HIPAA
-SOC 2 Type II
-HITRUST (or equivalent frameworks)
-Conduct enterprise risk assessments and technical security assessments
-Establish and maintain security policies, standards, and procedures
-Manage third-party/vendor risk assessments and due diligence
-Maintain audit readiness, documentation, and evidence collection
Cloud, Infrastructure & Application Security
-Define and enforce security standards for AWS infrastructure and cloud services
-Partner with DevOps to embed security into CI/CD pipelines and engineering workflows
-Conduct application and infrastructure security reviews and risk assessments
-Ensure proper logging, monitoring, and alerting across all environments
Metrics, Reporting & Leadership
-Define and track key security metrics:
-Vulnerability remediation SLAs
-Incident response metrics (MTTD, MTTR)
-Coverage (EDR, logging, scanning)
-Provide regular updates to leadership on security posture, risks, and progress
-Promote a strong security awareness culture across the organization
Knowledge and Skill Requirements:
-5–8+ years of experience in cybersecurity, with both technical and GRC exposure
-Hands-on experience with:
-Cloud security (AWS preferred)
-EDR/XDR platforms (e.g., SentinelOne, CrowdStrike)
-SIEM and log management tools
-Vulnerability management processes
-Experience supporting compliance frameworks such as HIPAA, SOC 2, HITRUST
-Strong understanding of:
-Networking, Linux systems, and cloud infrastructure
-Security operations and incident response
Preferred Qualifications
· Experience in healthcare or regulated environments
· Familiarity with DevSecOps practices and CI/CD security integration
· Certifications such as CISSP, GSEC, Security+, or AWS Security Specialty
· Experience working in lean teams where individuals own both strategy and execution
About Woundtech
Woundtech is a leader in specialized wound care, providing patients with cutting-edge treatment when and where they need it most, including in the comfort of their homes. Our solutions reduce the time to treatment, accelerate healing, and significantly lower costs for both patients and providers. We strive for better patient outcomes, fewer hospitalizations, and minimized amputations.
At Woundtech, we are transforming healthcare by building platforms and algorithms that enhance clinical outcomes and streamline the patient and provider experience. You’ll be part of a team solving complex problems in clinical advancement and logistics that are shaping the future of HealthTech.
We foster a highly collaborative culture where every team member’s impact is felt daily. Learn more about us at http://www.woundtech.net.
Job Details
Salary
$170,000 – $175,000/yr
Experience
Management