Blooming Health is on a mission to transform social care for older adults and underserved populations. We partner with community organizations, government agencies, and healthcare stakeholders to build a digital tissue in the community for automating access to social care and advancing health equity. As we scale, we're looking for an ambitious and resourceful Implementation and Project Manager to drive complex implementation projects in State and Local Governments, and Healthcare segments.
Develop, implement, and maintain an organization-wide information-security roadmap that supports business goals and budgets.
Drive all activities needed to achieve and sustain HITRUST R2 certification; map controls to SOC 2, NIST 800-53, ISO 27001, GDPR, and HIPAA.
Establish a continuous-improvement cycle for security policies, procedures, and standards; track emerging threats and regulatory changes.
Device-Life-Cycle Management: own procurement, imaging, MDM enrollment, patching, asset tracking, and secure decommissioning for laptops, servers, and mobile devices.
Endpoint & SaaS Deployment: select and roll out collaboration, identity, and productivity tooling (Okta, Google Workspace, O-365, JAMF, Intune, etc.).
Network & Cloud Operations: oversee firewalls, VPNs, Wi-Fi, VPC design, and backups; ensure high availability, capacity planning, and performance monitoring.
Build-vs-Buy / MSSP Decision-Making: evaluate when to partner with a managed security service provider vs. operating controls in-house; own vendor due-diligence, contracts, and ongoing KPI reviews.
Help-Desk & ITSM Governance: set SLAs for ticket triage, change management, and problem management; publish metrics and drive service-quality improvements.
Hire, coach, and retain a blended team of IT administrators, security engineers, and GRC analysts.
Set OKRs, run weekly stand-ups, and coordinate on-call rotations for both IT and security operations.
Operate and tune SIEM/EDR, vulnerability scanners, and cloud-security posture-management tools; ensure 24×7 monitoring coverage.
Lead incident response—from triage through root-cause analysis and post-mortem—coordinating with engineering, legal, and communications teams.
Perform periodic enterprise risk assessments; maintain a living risk register with owners, treatment plans, and residual-risk metrics.
Ensure timely completion of audits (HITRUST, SOC 2, HIPAA, PCI, etc.) and track remediation through closure.
Maintain evidence repositories, policy repositories, and contract inventories to streamline internal and external audits.
Embed security and privacy requirements into product roadmaps, CI/CD pipelines, and vendor onboarding workflows.
Present quarterly security scorecards, incident trends, and IT service KPIs to the executive team and, when required, the board of directors.
Serve as primary liaison with cloud providers, MSSPs, and regulatory bodies; negotiate security addenda and SLAs.