Information Security Specialist

The Information Security Specialist is a strategic role within DeepHealth’s Quality, Regulatory, and Compliance department, responsible for assisting in the development, implementation, and maintenance of comprehensive information security compliance strategies.  This position is critical in protecting organizational data, ensuring regulatory adherence, and mitigating potential security risks in the complex digital health landscape. 

As the Information Security Specialist, this position will work with the Information Security Officer, IT Operations, Sec Operations and the broader Compliance team to: 

Information Security Compliance Strategy: 

• →

  Develop and implement holistic security compliance programs 

• →

  Create comprehensive risk management frameworks 

• →

  Design and maintain security policies, procedures, and guidelines 

• →

  Continuously assess and update security strategies 

• →

  Ensure alignment with organizational objectives and regulatory requirements 

Regulatory Compliance: 

• →

  Ensure compliance with complex regulatory standards including, but not limited to: 

• →

  HIPAA 

• →

  GDPR 

• →

  CCPA 

• →

  ISO 27001 

• →

  HITRUST 

• →

  Conduct thorough risk assessments and vulnerability evaluations 

• →

  Prepare detailed compliance reports and documentation 

• →

  Support external and internal audit processes 

• →

  Track and implement regulatory changes 

Technical Security: 

• →

  Perform comprehensive security vulnerability assessment 

• →

  Develop and implement security control frameworks 

• →

  Monitor and analyze security incidents and breaches 

• →

  Design and conduct security awareness training programs 

• →

  Manage access control and identity management systems 

• →

  Evaluate and recommend security technologies and solutions 

Incident Response and Management: 

• →

  Develop and maintain incident response plans 

• →

  Coordinate rapid and effective responses to security incidents 

• →

  Conduct pos-incident analysis and implement preventive measures 

• →

  Maintain detailed incident documentation and reporting 

Interdepartmental Collaboration: 

• →

  Work closely with IT, Legal, Compliance, and Clinical teams 

• →

  Provide security guidance and recommendations 

• →

  Facilitate cross-functional security awareness and training 

• →

  Support technology implementation and security best practices 

Please Note: This is not an exhaustive list of all duties, responsibilities and requirements of the position described above.  Other functions may be assigned, and management retains the right to add or change duties at any time. 

Qualifications include: 

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science or related field (or equivalent experience).  Master’s degree or advanced security certifications preferred, such as: 

• CISSP (Certified Information Systems Security Professional) 

• CISM (Certified Information Security Manager) 

• CRISC (Certified in Risk and Information Systems Control) 

• 3-5 years of progressive experience in security compliance with healthcare, medical technology, or highly regulated industries.   

• Proven track record of developing and implementing security strategies. 

• Experience with regulatory compliance in complex environments, including: 

• An advanced understanding of security frameworks and compliance standards 

• Proficiency in security tools and technologies 

• Experience with risk assessment and management tools 

• Excellent written and oral communication and interpersonal skills with the ability to explain complex security concepts to diverse audiences. 

• High level of integrity and confidentiality.

This position is preferably based in the Netherlands or the UK, but working from most EU countries is a possibility.

This position will have the ability to work remotely. 

€65,000 - €75,000 EUR Annually

£55,000 - £65,000 GBP Annually