hero

Portfolio Careers

Build your career at the best companies in healthcare and fintech
Search 
jobs
Explore 
companies
Join talent network
Talent
My job alerts

Information Security Officer

Bloom

Bloom

IT
Remote
Posted on Feb 21, 2026
Apply now

Information Security Officer- Remote (USA)

While this role is remote, it is location specific. Applicants must be based in Bloomington, IN.

 

Bloom, the insurance industry’s trusted growth partner, is looking for an Information Security leader to serve as Bloom's Information Security Officer—someone who builds security into the foundation of everything we do, not someone who sits back and watches alerts roll in. This is a hands-on leadership role for a security professional who believes the best incident is the one that never happens.

The successful candidate will own our security program end-to-end: designing and implementing controls, architecting systems that prevent breaches before they occur, and driving a culture of proactive risk management across the organization. You'll use data and metrics to measure what matters, identify gaps before they become problems, and demonstrate continuous improvement to our leadership and compliance partners.

If you're energized by building resilient systems, thrive on translating complex regulatory requirements into practical controls, and want to shape the security posture of a growing healthcare organization—we want to talk to you.

 

Position Responsibilities: 

Build and Lead a Proactive Security Program

  • Design, implement, and continuously improve Bloom's information security program with a prevention-first mindset leveraging the strong foundation already constructed as the basis for continued success
  • Evaluate, refine, and enforce security policies, standards, and procedures that are practical, actionable, and aligned with business operations
  • Conduct regular risk assessments and threat modeling to identify vulnerabilities before exploitation, helping the organization deliver to our customers with maximum results
  • Lead tabletop exercises, penetration testing, and red team activities to stress-test our defenses
  • Build, operate, and monitor the security program to ensure our information security processes are in place and effectively educate all stakeholders on the practices, procedures, and policies, while ensuring the security processes meet or exceed our organizational requirements

Own Compliance Across Multiple Frameworks

  • Serve as the primary owner for HIPAA, HITRUST, and SOC 2 Type II compliance oversight, filings, and assessor coordination
  • Maintain deep working knowledge of NIST standards (800-53, CSF), FedRAMP requirements, and emerging healthcare security regulations to anticipate changes needed to achieve excellence
  • Translate regulatory requirements into engineering specifications and operational procedures
  • Manage audit relationships, risk management, evidence collection, and remediation tracking
  • Keep us audit-ready year-round—not scrambling before assessments

Implement Security Controls

  • Partner with Engineering, IT, and DevOps to embed security controls into infrastructure, applications, and workflows
  • Architect and deploy technical safeguards: access controls, encryption, network segmentation, endpoint protection, and monitoring systems
  • Automate security processes wherever possible—manual controls don't scale
  • Evaluate and implement security tools and technologies that fit our environment and risk profile

Drive Decisions with Data

  • Define and track key security metrics and KPIs that measure program effectiveness, not just activity
  • Build dashboards and reporting mechanisms that give leadership visibility into our security posture
  • Use data to prioritize investments, justify resources, and demonstrate ROI on security initiatives
  • Benchmark against industry standards and drive continuous improvement through measurable goals

Foster a Security-First Culture

  • Develop and deliver security awareness training that changes behavior, not just checks a box
  • Serve as an advisor and resource for teams across Bloom on secure design and operations
  • Lead incident response when needed—but measure success by how rarely we need to

 

Qualifications:

  • Bachelor’s degree in information systems, Computer Science, Engineering, or a related technical field, or a minimum of four (4) years of experience in lieu of degree.
  • 7+ years of progressive experience in information security, with at least 3 years in a security program leadership role
  • Previous experience guiding an organization through successful assessments in SOC 2 and/or HITRUST R2 is required

 

Required Skills and Abilities:

  • Deep expertise in healthcare security and privacy regulations, particularly HIPAA Security Rule requirements
  • Hands-on experience achieving and maintaining HITRUST CSF certification and SOC 2 Type II attestation
  • Strong working knowledge of NIST frameworks (800-53, 800-171, Cybersecurity Framework) and FedRAMP
  • Proven track record implementing technical security controls and managing a comprehensive security program—not just documenting them
  • Experience with cloud security (AWS, Azure, or GCP) and modern DevSecOps practices
  • Demonstrated ability to use metrics and data analysis to drive security program improvements
  • Excellent communication skills—able to translate technical risk into business terms for executives and board members
  • Relevant certifications: CISSP, CISM, HCISPP, HITRUST CCSFP, or equivalent
  • Experience in a high-growth healthcare technology or digital health environment
  • First-hand experience building security programs or security-first architectures
  • Experience with GRC platforms and security automation tools
  • Other duties as assigned

 

What We Offer:

Bloom operates with a people-first culture, which means listening to our employees to provide the benefits that mean the most to them. Our competitive compensation, comprehensive health coverage, long-term growth opportunities, and remote work environment are among the reasons that many of our employees have been with us since the beginning of our business. BeBloom™, our proprietary employee training and engagement program, helps you learn our business model and immerse yourself in everything our culture offers from day 1. From virtual live events to mentorship and leadership programs and employee-led councils, there are countless opportunities to get involved, build connections, and share your voice – because at Bloom, the real you belongs here.

 

Core Values:

  1. Put People First: Uphold and promote a people-first culture within the organization, emphasizing empathy, kindness, and a commitment to making a positive difference.
  2. Be Stronger Together: Embrace a team player mentality, leveraging the strengths of yourself and others to collaborate as one team.
  3. Do What’s Right: Adhere to high ethical standards, acting with integrity to do what’s right for partners, customers, and colleagues.
  4. Embrace a Growth Mindset: Embrace a culture of continuous learning, education, and professional development.
  5. Drive Solutions: Demonstrate ingenuity and skill by sharing ideas and solutions that drive our mission forward.

 

About Bloom:

Bloom is a third-party insurance services provider that partners with Medicare health plans to enable high-quality Medicare enrollment and drive earlier health plan activation. Founded in 2007, Bloom has partnered with national and regional payers to implement solutions for every step of the member journey, from telesales and quote & enroll to health activation outreach. Supported by its Ascend technology platform, Bloom produces closer connections and better outcomes for Medicare beneficiaries and health plan stakeholders to deliver High Value Enrollment.

Apply now
See more open positions at Bloom
Privacy policyCookie policy