Associate Director, Information Security & Compliance jobs in United States
cer-icon
Apply on Employer Site
company-logo

MCG Health ยท 3 weeks ago

Associate Director, Information Security & Compliance

positionSeattle, WA
timeFull-time
remoteHybrid
senioritySenior Level, Lead/Staff, Director/Executive
money$162K/yr - $227K/yr
date6+ years exp

MCG Health is a leading healthcare organization dedicated to delivering patient-focused care. The Associate Director, Information Security & Compliance will lead security engineering efforts to ensure the integrity of SaaS products while integrating security into CI/CD processes and maintaining compliance with HIPAA/HITRUST standards.

Health CareMedicalWellness
check
Growth Opportunities
check
H1B Sponsor Likelynote

Responsibilities

Build secure-by-default platforms
Define and own "paved roads" (golden paths) for service creation, deployment, and runtime with embedded controls
Express controls as code: IaC (Terraform), Policy-as-Code (Rego, Azure Policy as Code), Compliance-as-Code (automated evidence collection)
Embed security in the software lifecycle
Partner with engineering to shift left via CI/CD: SAST, SCA, container scanning, IaC scanning, DAST, SBOM, break-glass processes with audit trails
Integrate lightweight threat modeling into backlog/PRs; maintain secure coding standards and reference implementations
Automate compliance & audit readiness
Maintain HIPAA & HITRUST through continuous controls monitoring and automated evidence pipelines; reduce manual audit work with repeatable proofs
Create and maintain relevant documentation to support FedRAMP certification efforts
Harden cloud & runtime
Own CSPM/CNAPP baselines, least-privilege access IAM, network isolation, KMS/secret stores, container hardening, supply-chain security
Operational resilience
Define vulnerability SLAs risk-based by asset criticality; drive time to patch with automation and safe rollout patterns
Lead incident response readiness: playbooks, tabletop exercises, automated detections, and post-incident learning loops
Govern data use and model safety for AI features (prompt/response logging controls, PII/PHI handling, third-party risk reviews) without slowing delivery
Coach engineers; measure and report outcomes (DORA + security KPIs). Foster a blameless, data-driven culture where secure choices are the easiest choices

Qualification

Information SecurityCompliance ManagementRisk ManagementCI/CD IntegrationCISSP CertificationCISM CertificationSASTSCADASTInfrastructure as CodePolicy as CodeHIPAA ComplianceHITRUST ComplianceFedRAMP ComplianceStakeholder ManagementTeam LeadershipCollaborationCommunication

Required

Bachelor's degree in Information Security, Computer Science, or related field required
6+ years of experience in product/application security, compliance, or risk management for SaaS
2+ years of team or functional leadership experience required
Demonstrated success enabling frequent deployments in regulated environments (HIPAA/HITRUST/FedRAMP) and proven experience HIPAA and HITRUST controls required
Practical experience integrating security into CI/CD and operating SAST/SCA/DAST, and container/IaC scanners
Excellent judgment, communication, and stakeholder management
Proven collaborator with Product/Engineering/IT with a track record of delivering automation
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent certification required

Preferred

Demonstrated ability to earn and maintain customer trust
Experience with Policy as Code (OPA/Conftest/Sentinel) and compliance/automation pipelines
Familiarity with SBOM/signing
FedRAMP (Medium) compliance experience

Benefits

Hybrid work
Medical, dental, vision, life, and disability insurance
401K retirement plan; flexible spending and health savings account
15 days of paid time off + additional front-loaded personal days
14 company-recognized holidays + paid volunteer days
Up to 8 weeks of paid parental leave + 10 weeks of paid bonding leave
LGBTQ+ Health Services
Pet insurance

Company

MCG Health

twittertwittertwitter
company-logo
MCG Health, part of the Hearst Health network, provides unbiased clinical guidance that gives healthcare organizations confidence in their patient-centered care decisions.
dateFounded in 1988
location
Seattle, Washington, USA
people-size201-500 employees
web-link
https://www.mcg.com

H1B Sponsorship

MCG Health has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (8)
2024 (12)
2023 (2)
2022 (16)
2021 (5)
2020 (6)

Funding

Current Stage
Growth Stage
Total Funding
unknown
2012-11-01Acquired

Leadership Team

leader-logo
Jim Stackman
Director of Contracts
linkedin
leader-logo
Lynn Nemiccolo
Chief Customer Officer
linkedin

Recent News

PR Newswire
MCG and Allegheny Health Network to Present at 2025 ACMA Leadership Conference on the Benefits of AI in Utilization Management
2025-10-28
PR Newswire
MCG Experts to Define Trustworthy AI for Clinical Decision-Making at HLTH 2025
2025-10-07
EIN Presswire
MCG Partners with Avo to Launch its First-Ever AI Discharge Assistant to Reduce Hospital Length of Stay
2025-09-12
Company data provided by crunchbase