Information Security Specialist

Information Security Specialist

UST Global is looking for a Security Engineer (Offshore) to support enterprise security assessments, compliance initiatives and third-party risk reviews for one of the leading healthcare organizations in the US. The ideal candidate will possess strong analytical skills, solid understanding of healthcare data protection requirements and the ability to collaborate effectively with technical and business stakeholders across distributed teams.

Responsibilities

• Conducts security reviews for applications integrating with the organization, including SaaS platforms and API-based solutions.
• Evaluates vendor-provided security controls and documentation to ensure alignment with enterprise security and compliance requirements.
• Reviews data flow, PHI usage and integration patterns to validate adherence to healthcare security standards.
• Supports implementation and maintenance of security frameworks such as NIST, SOC 2 Type 2 and HITRUST (experience with HITRUST preferred).
• Participates in governance, risk, and compliance activities including documenting controls, tracking remediation and preparing artifacts for audits.
• Performs initial triage of security exception requests and routes them appropriately based on technical complexity and risk.
• Conducts research and analysis of third-party applications to determine suitability, data protection posture and potential model training or data-use concerns.
• Assesses endpoint-level security requirements and ensures solutions meet baseline security expectations.
• Coordinates with internal teams to launch, conduct and manage security awareness and training.
• Develops documentation, assessment reports and communication materials for technical and non-technical stakeholders.
• May provide guidance to project teams and act as a subject-matter resource for application and vendor security assessments.

Requirements

• Bachelor's degree in Information Security, Computer Science, or a related field; minimum of 5 years of security engineering, application security, or GRC experience.
• CISSP certification is required.
• Experience conducting security assessments for SaaS, API and third-party integrations.
• Strong understanding of PHI handling requirements and healthcare data protection expectations.
• Familiarity with security frameworks such as NIST, SOC 2 Type 2 and HITRUST.
• Experience Supporting Governance, Risk, And Compliance Functions.
• Ability to analyze technical controls at an appropriate level without requiring deep engineering specialization.
• Experience reviewing exception requests, vendor assessments or third-party risk evaluations.
• Strong written and verbal communication skills, including the ability to create clear documentation and communicate risk effectively.
• Comfortable working independently in an offshore model while collaborating closely with US based teams.
• Proficiency with productivity tools such as MS Word, MS Excel, and standard security assessment templates or platforms.

Key skills/competency

• Information Security
• Application Security
• Security Audit
• Compliance Management
• HITRUST
• NIST
• SOC 2
• PHI
• Third-Party Risk
• GRC