ECP · 1 month ago
Director of Information Security
United States
Full-time
Remote
Lead/Staff, Director/Executive
5+ years expECP is a market-leading SaaS software solution that enables senior living communities to better care for their residents. The Director of Information Security will lead and execute the cybersecurity and compliance strategy, ensuring the confidentiality, integrity, and availability of systems and customer data while managing compliance with healthcare regulations and security standards.
Electronic Health Record (EHR)Health CareMedicalRisk ManagementSoftware
Responsibilities
Develop and execute ECP's information security strategy, aligned with business goals and risk tolerance
Maintain and evolve SOC 2 Type II compliance, including evidence gathering, documentation, and audit coordination
Ensure compliance with HIPAA and other healthcare data protection standards
Establish, implement, and maintain security policies, procedures, and standards consistent with regulatory and customer expectations
Manage third-party risk and vendor security assessments
Lead the incident response program, including detection, investigation, communication, and remediation
Oversee vulnerability management, penetration testing, and security monitoring
Partner with Infrastructure and DevOps teams to secure servers, cloud environments (AWS/Azure), and CI/CD pipelines
Integrate secure development lifecycle (SDLC) practices into engineering workflows
Stay current on emerging security threats, technologies, and frameworks, and advise leadership accordingly
Collaborate with internal IT to harden employee laptops and mobile devices, ensuring encryption, endpoint protection, and compliance with policy
Manage and optimize the company's mobile device management (MDM) platform
Support and guide internal IT in maintaining secure onboarding/offboarding and access management processes
Coordinate internal penetration testing efforts and develop recommendations for infrastructure hardening
Assist with network and system security, including identity management and monitoring
Develop and lead employee security and HIPAA awareness training programs
Maintain visibility into and tracking of vulnerabilities and remediation efforts
Qualification
Required
Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience)
5+ years of experience in information security, infrastructure security, or a related role
Prior experience in a SaaS or healthcare technology environment required
Demonstrated experience leading SOC 2 Type II audits and ensuring HIPAA compliance
Strong understanding of AWS cloud security, identity and access management, and data protection best practices
Hands-on experience with endpoint management, laptop hardening, and mobile device management (MDM) tools
Strong troubleshooting, analytical, and problem-solving skills
Excellent communication skills with the ability to work effectively across technical and non-technical teams
Ability to thrive in a collaborative, fast-paced environment
Preferred
Certifications such as CISSP, CISM, CISA, Security+, or HCISPP (Healthcare Information Security & Privacy Practitioner)
Familiarity with frameworks such as NIST CSF, CIS Controls, or ISO 27001
Experience scripting or automating security tasks (Python, PowerShell, Bash)
Company
ECP
ECP is an EHR, eMAR, CRM, and Billing software for Assisted Living, Group Home, and IDD.
51-200 employees
H1B Sponsorship
ECP has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2020 (1)
Funding
Current Stage
Growth StageTotal Funding
unknown2025-12-08Acquired
Leadership Team
Adam Aisen
Chief Executive Officer
Recent News
Company data provided by crunchbase