Healthcare IT Security Lead (Senior / Principal)

About MediSys Health Network & The Transformation Group+ (TTG)

MediSys Health Network provides the financial foundation and long‑term stability for The Transformation Group+ (TTG), a dedicated healthcare Managed Service Organization (MSO) and professional services firm. While your employment and benefits will be backed by MediSys — offering the job security — your day‑to‑day work will be with TTG, supporting a diverse portfolio of hospitals, clinics, and health networks.

TTG’s team of healthcare specialists, analysts, and developers is united by a mission to strengthen healthcare operations through smart, reliable, and purpose‑driven technology. Our deep understanding of clinical and operational workflows allows us to build solutions that go beyond IT, helping providers deliver better care, improve outcomes, and work more efficiently.

Work location

Hybrid work schedule (3 days in office, 2 days remote) - first 90 days are on fully in office

If located outside of the NYC/Long Island area, fully remote options are available.

Travel may be required based upon client needs.

Job Description

The Transformation Group+ (TTG) is a healthcare‑specific Managed Services Organization (MSO) delivering high‑impact IT, security, and compliance services to provider organizations nationwide. We are seeking a Senior or Principal‑level IT Security Lead who can operate at the intersection of hands‑on engineering, strategic advisory, and leadership execution.

This role is responsible for assessing, implementing, and managing comprehensive security programs for healthcare clients—spanning technical controls, governance, risk, compliance, and incident response. You will also support TTG’s internal security posture, ensuring our own environment reflects the standards we deliver to clients.

The ideal candidate brings deep technical expertise, strong client‑facing communication skills, and the ability to translate complex security requirements into practical, scalable solutions.

Responsibilities

Client Advisory & Engagement

• Lead security assessments for prospective and existing clients, identifying gaps, risks, and improvement opportunities across infrastructure, applications, cloud environments, and organizational processes.
• Present findings and recommendations to technical and non‑technical stakeholders with clarity and confidence.
• Serve as a trusted advisor on security architecture, compliance requirements, and best‑practice frameworks relevant to healthcare organizations.

Security Engineering & Operations

• Implement, configure, and manage security controls across Active Directory, Azure, IAM, endpoint protection, network security, and cloud environments.
• Oversee or support Epic Security administration, access governance, and template/role design.
• Develop and execute vulnerability management processes, including scanning, remediation planning, and reporting.
• Support or lead incident response activities, including triage, containment, investigation, documentation, and breach notification coordination.

Governance, Risk & Compliance

• Conduct ongoing risk assessments, threat/vulnerability analyses, and control evaluations aligned with healthcare regulatory requirements (e.g., HIPAA, HITECH) and industry frameworks.
• Develop, maintain, and implement security policies, standards, and procedures for both TTG and client organizations.
• Support audit readiness and audit response activities for internal and client environments.
• Lead or contribute to Disaster Recovery and Business Continuity planning, testing, and program management.

Program Leadership & Continuous Improvement

• Design and oversee security program components such as monitoring, logging, SIEM use cases, DLP, identity governance, and access review processes.
• Drive continuous improvement initiatives across security operations, compliance workflows, and client service delivery.
• Deliver or coordinate security awareness training and promote a culture of security across TTG and client organizations.
• Collaborate with TTG leadership to ensure alignment between security strategy, operational execution, and client needs.

Qualifications

• 7+ years of experience in Information Security, with a blend of engineering, consulting, and program leadership responsibilities.
• Team player with strong collaboration skills, a positive attitude, and solution-oriented mindset.
• Demonstrated ability to communicate complex concepts to business stakeholders, and lead client-facing meetings, operating as a service provider to deliver value.
• Strong understanding of healthcare regulatory requirements and security frameworks (HIPAA, NIST CSF, CIS Controls, SOC 2, etc.).
• Hands‑on experience with IAM, Azure security, AD hardening, endpoint security, vulnerability management, and incident response.
• Experience with Epic Security.
• Industry‑standard certifications strongly preferred: CISSP, CISM, HCISPP, Security+, CEH, or equivalent.

Compensation

• The compensation for this role includes a salary or contract range of $150,000–$250,000. Candidates may be hired as either W‑2 employees or 1099 contractors, depending on the role and mutual preference. Additional benefits and perks may also be available, depending on the position and employment terms.
• This range and total compensation reflect several factors, including skills, experience, training, certifications, and organizational needs.