CarePort is seeking a full-time Director of Security and Compliance. This role provides IT risk management leadership and consulting to multiple interdepartmental stakeholders to ensure that risks are identified and appropriately addressed in line with company policies as well as government and industry regulations. This position is responsible for performing risk assessments, evaluating risk acceptances, and helping to manage the overall IT risk posture of the organization. This position works directly with technical and business leadership teams across the organization to ensure security and compliance requirements are maintained.

The ideal candidate will be experienced with agile development methodologies and able to drive agile processes throughout the compliance teams.


  • Perform risk assessments of platforms, applications, client solutions and/or supporting environments utilizing industry standard cybersecurity frameworks
  • Identify required regulatory and compliance areas, as well as gaps within the overall security environment. Provide recommendations and work with stakeholders to develop and implement a plan of action while allowing the organization to support customer needs in a timely and effective manner
  • Perform regular risk management activities, including follow-up with stakeholders to drive risk mitigation
  • Test risk areas to ensure activities in place appropriately address the identified risk and oversee the remediation and reporting of security incidences
  • Manage the IT policy and procedure compliance governance, approval and exceptions and ensure compliance of the policies and procedures
  • Perform assessments of third-party service providers to validate appropriate security controls are in place
  • Support company-wide security awareness and training initiatives and report and prepare presentations on risk management to key stakeholders such as IT-business unit management, senior management, and internal/external auditors and clients
  • Identify and remain current with industry requirements and regulatory changes that will affect IT/IS technologies, policies and procedures


  • Strong written and oral communication skills with the ability to present IT concepts clearly and concisely to management and end-users
  • Background in general computing controls (GCCs), and knowledge of SOC 2, HiTrust and HIPAA
  • Interpersonal skills including the ability to lead others, work in a team environment and take direction from superiors
  • Ability to multi-task and prioritize
  • Must possess strong analytical troubleshooting skills coupled with a strong sense of urgency

Preferred Qualifications

  • Possession of standard certifications in Information Security or Compliance
  • Experience supporting security controls, compliance and audit activity on cloud platforms and within a service provider organization with multiple technologies and architectures
  • Bachelor’s Degree in Business, Computer Science, Information Systems, or equivalent prior work experience in a related field
  • Five to eight years of experience in an Information Technology field, preferably working in PaaS and/or SaaS, with at least ten years in Information Security in an enterprise setting
  • Demonstrated competency in information security management for a cross-functional environment and with the proven ability to lead
  • Deep understanding of information security risk management frameworks such as ISO 27001, COBIT, NIST, etc.
  • An understanding of applicable federal, state, and local regulations as well as maintain current training and knowledge of applicable Information Security, Compliance and Privacy program requirements

Please submit all inquiries and resumes (in PDF format) to


  • Competitive Salary
  • 401(k)
  • Employee Stock Purchase Program
  • Health, dental, and vision insurance
  • Convenient office location just one block from Boston’s South Station

About CarePort Health

CarePort Health provides care coordination software solutions to manage patient transitions across the continuum. The end-to-end platform bridges acute and post-acute EHRs, providing visibility for providers, payers and ACOs into the care that patients receive across care settings so that all providers can efficiently and effectively coordinate patient care.