Associate Director, Information Security & Compliance jobs in United States
cer-icon
Apply on Employer Site
company-logo

MCG Health · 2 months ago

Associate Director, Information Security & Compliance

positionSeattle
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff, Director/Executive
money$162K/yr - $227K/yr
date6+ years exp

MCG is a leading healthcare organization dedicated to patient-focused care. The Associate Director, Information Security & Compliance will lead security engineering efforts to ensure the integrity of deployed products while enhancing developer velocity and compliance with HIPAA/HITRUST standards.

Health CareMedicalWellness
check
Growth Opportunities
check
H1B Sponsor Likelynote

Responsibilities

Build secure-by-default platforms
Define and own “paved roads” (golden paths) for service creation, deployment, and runtime with embedded controls
Express controls as code: IaC (Terraform), Policy-as-Code (Rego, Azure Policy as Code), Compliance-as-Code (automated evidence collection)
Embed security in the software lifecycle
Partner with engineering to shift left via CI/CD: SAST, SCA, container scanning, IaC scanning, DAST, SBOM, break-glass processes with audit trails
Integrate lightweight threat modeling into backlog/PRs; maintain secure coding standards and reference implementations
Automate compliance & audit readiness
Maintain HIPAA & HITRUST through continuous controls monitoring and automated evidence pipelines; reduce manual audit work with repeatable proofs
Create and maintain relevant documentation to support FedRAMP certification efforts
Harden cloud & runtime
Own CSPM/CNAPP baselines, least-privilege access IAM, network isolation, KMS/secret stores, container hardening, supply-chain security
Define vulnerability SLAs risk-based by asset criticality; drive time to patch with automation and safe rollout patterns
Lead incident response readiness: playbooks, tabletop exercises, automated detections, and post-incident learning loops
Govern data use and model safety for AI features (prompt/response logging controls, PII/PHI handling, third-party risk reviews) without slowing delivery
Coach engineers; measure and report outcomes (DORA + security KPIs). Foster a blameless, data-driven culture where secure choices are the easiest choices

Qualification

Information SecurityCompliance ManagementSaaS SecurityCI/CD IntegrationCISSP CertificationCISM CertificationHIPAA ComplianceHITRUST CompliancePolicy as CodeStakeholder ManagementTeam LeadershipCommunication SkillsCollaboration

Required

Bachelor's degree in Information Security, Computer Science, or related field required
6+ years of experience in product/application security, compliance, or risk management for SaaS
2+ years of team or functional leadership experience required
Demonstrated success enabling frequent deployments in regulated environments (HIPAA/HITRUST/FedRAMP) and proven experience HIPAA and HITRUST controls required
Practical experience integrating security into CI/CD and operating SAST/SCA/DAST, and container/IaC scanners
Excellent judgment, communication, and stakeholder management
Proven collaborator with Product/Engineering/IT with a track record of delivering automation
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent certification required

Preferred

Demonstrated ability to earn and maintain customer trust preferred
Experience with Policy as Code (OPA/Conftest/Sentinel) and compliance/automation pipelines preferred
Familiarity with SBOM/signing
FedRAMP (Medium) compliance experience preferred

Benefits

💻 Hybrid work
🩺 Medical, dental, vision, life, and disability insurance
📈 401K retirement plan; flexible spending and health savings account
🏝️ 15 days of paid time off + additional front-loaded personal days
🏖️ 14 company-recognized holidays + paid volunteer days
👶 Up to 8 weeks of paid parental leave + 10 weeks of paid bonding leave
🌈 LGBTQ+ Health Services
🐶 Pet insurance

Company

MCG Health

twittertwittertwitter
company-logo
MCG Health, part of the Hearst Health network, provides unbiased clinical guidance that gives healthcare organizations confidence in their patient-centered care decisions.
dateFounded in 1988
location
Seattle, Washington, USA
people-size201-500 employees
web-link
https://www.mcg.com

H1B Sponsorship

MCG Health has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (8)
2024 (12)
2023 (2)
2022 (16)
2021 (5)
2020 (6)

Funding

Current Stage
Growth Stage
Total Funding
unknown
2012-11-01Acquired

Leadership Team

leader-logo
Jim Stackman
Director of Contracts
linkedin
leader-logo
Lynn Nemiccolo
Chief Customer Officer
linkedin

Recent News

PR Newswire
MCG and Allegheny Health Network to Present at 2025 ACMA Leadership Conference on the Benefits of AI in Utilization Management
2025-10-28
PR Newswire
MCG Experts to Define Trustworthy AI for Clinical Decision-Making at HLTH 2025
2025-10-07
EIN Presswire
MCG Partners with Avo to Launch its First-Ever AI Discharge Assistant to Reduce Hospital Length of Stay
2025-09-12
Company data provided by crunchbase