The Information Security Office (ISO) sits within the Technology business unit within SullivanCotter and is located in the Minneapolis office. In this role, you will define and manage our information security program, information security policies, security audit and compliances processes. In addition, this role will also serve as our HIPAA officer to ensure our client data is protected through rigid internal processes. Implementing and standardizing an information security framework for our organization will be critical to ensure data, physical and electronic security for clients.


  • Develops, implements and monitors a strategic, comprehensive enterprise information security program to ensure the integrity, security and confidentiality of information owned, controlled or processed by the firm.
  • Responsible for HIPAA program and other related technology annual compliance training.
  • Creates an information security awareness program to customize communication tools and campaigns for the various business units.
  • Develops IT standards, procedures, and policies formulation related to internal and external security.
  • Develops and implements business plans, policies and procedures to maintain systems, networks, and data and application security related to our internal and cloud-based system.
  • Leads the development, implementation, and maintenance of information security, including access management, vulnerability assessments, penetration testing, infrastructure, and regulatory compliance.
  • Manages reporting, investigation, and resolution of data security incidents, including working with Human Resource colleagues on privacy and security issues.
  • Provides guidance and direction on best practices for the protection of information.
  • Ensures compliance with regulations and privacy laws related to data.
  • Oversees internal and external systems security (e.g., cloud services).
  • Understands potential and emerging security threats, vulnerabilities, and controls techniques and ensures communication to appropriate professionals.
  • Manages third party information security vendors and processes.


  • BA or BS, security, data management, information technology or related field.
  • 10+ years security experience including leading security programs in an Information Security Officer role.
  • Experience leading an information security system office and applying information security, risk management and privacy practices.
  • This role is ultimately a business leader and should have a track record of competency in the field of information security with direct experience in a significant leadership role.
  • Knowledge of the health care industry is preferred.
  • Ability to influence decisions within all levels.


  • Ability to present ideas in a business-friendly and user-friendly language and respond to client and/or survey respondent inquiries.
  • Self-starter with demonstrated ability to successfully assist with complex project deliverables in a very driven and changing organization.
  • Demonstrated ownership of assigned tasks and dedication and perseverance to getting the job done.
  • Flexibility, adaptability and the ability to work under tight deadlines or changing needs.
  • Confidence and ability to work independently.
  • Exceptional employee service orientation.
  • Attention to detail.
  • High level of self-motivation.

Applicants for employment must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States (i.e., H1-B visa, F-1 visa (OPT), TN visa or any other non-immigrant status).

Qualified applicants will be afforded equal employment opportunities without discrimination because of race, creed, color, national origin, sex, age, disability or marital status.

Share This: