IT Security & Operations Lead

As our new IT Security & Operations Lead, you will take hands-on ownership of critical IT security and operations projects. You will be responsible for executing projects like our HIPAA Risk Assessment and driving our current Google Workspace security remediation plan. Long-term, you will drive high-impact technology projects ranging from Data Loss Prevention (DLP), deploying enterprise password management tools, to the technical oversight of our application security intake and third-party vendor risk assessment process.

A successful candidate will collaborate effectively with colleagues throughout the organization, demonstrate strong problem-solving and decision-making skills, and exhibit a commitment to continuous learning and improvement.

You will serve as a strategic partner to business stakeholders to identify and deploy tools that enhance productivity—such as AI or clinical workflow apps—while providing the technical judgment to ensure every rollout is architected safely and remains compliant with our security standards.

You will be joining a lean, highly effective IT team that reports directly to the Senior Manager of IT & Data Analytics. You'll work in tight collaboration with our Senior Manager, Systems Administrator, Managed Service Provider (MSP), and other vendors to execute our technical roadmap. Our IT team's scope is focused on corporate technology, security, and data - we do not manage EMRs. We operate in a hybrid environment - leveraging Google Workspace for productivity & collaboration and we are in the process of migrating identity management and device security to utilize Microsoft Entra ID and InTune.

This position is a hybrid role offering the flexibility of both remote and in-office work, accompanied by a base salary ranging $95,000-$120,000, a comprehensive benefits package designed to support your health, financial well-being, and work-life balance. This role is located in our Greenwood Village or Salt Lake City office.

About CarePoint

Our administrative and management staff provide a host of services, from operations support to legal services and everything in between, to support 600+ physicians and advanced practice providers in 11 different clinical settings. The nonclinical support our employees provide enable our clinical professionals, who work in dozens of emergency departments and hundreds of hospitals across the U.S., to remain laser-focused on what matters most — providing the highest level of care to patients each and every day.

Key Responsibilities

• Security & Compliance: Spearhead our annual HIPAA Risk Assessment and lead related remediation activities.
• Security Remediation: Take ownership of our existing Google Workspace security audit findings. You will drive remediation projects to completion by managing our MSP's execution and handling the critical configurations that require our internal business context.
• IT Policy and Compliance: You will be a key contributor to our strategy, not just an executor. In partnership with the Senior Manager of IT & Data Analytics, you will be responsible for developing, implementing, and maintaining information security policies, standards, and procedures, including the AI Usage Policy and the Disaster Recovery Plan.
• Strategic IT Projects: Serve as the hands-on project lead for key initiatives. This includes long-term, high-impact projects like rolling out an enterprise password manager, implementing data classification, building our Data Loss Prevention (DLP) strategy, and driving secure AI adoption.
• Technology & Vendor Risk Assessments: Own the intake and security review process for new business applications, Google Workspace add-ons, and third-party vendors. You will be responsible for conducting security assessments to determine if a vendor or tool meets our standards before it is introduced to our environment.
• Vendor & MSP Collaboration: Act as a primary technical point of contact for our security partners and our MSP. You will coordinate penetration tests and cloud security assessments, ensuring vendors deliver on scope and that remediation plans are executed.
• Lead end-to-end change management strategy (communications, training, and stakeholder engagement) for new technology implementations.
• Contribute to the overall IT cybersecurity strategy and technical roadmap, ensuring alignment with business objectives and best practices.
• Proactively monitor and stay informed about new security threats, vulnerabilities, and technologies pertinent to the organization.
• Other duties as assigned.

Qualifications

Education:

Bachelor’s degree in a field related to technology or cybersecurity, or equivalent practical experience.

Experience:

Minimum 3 years of proven hands-on experience personally executing complex technical projects (e.g., system configurations, security audits) required.

Knowledge/Skills/Abilities:

• Direct, practical experience with HIPAA required. Must be able to demonstrate strong knowledge of cybersecurity related control frameworks such as NIST, HIPAA, CIS Critical Security Controls, and ISO 27001.
• Demonstrable experience building and executing change management plans to drive user adoption, including measuring success post-launch.
• Advanced proficiency in Google Workspace administration - including the admin console, security configurations, and permission structures.
• Relevant technical certifications (Security+, CISSP, PMP, Google Workspace Administrator, etc.) preferred.
• Experience with AWS services (e.g., IAM and S3) is preferred.
• Ability to identify and prioritize security enhancements that provide maximum organizational protection while minimizing operational friction for clinical and administrative staff.
• Strong communication skills and a demonstrated ability to communicate complex technical risks and security objectives to non-technical stakeholders.
• Demonstrated ability to lead MSPs and security partners on specific project deliverables.

Benefits

CarePoint is committed to the well-being of our valued employees, offering a wide range of voluntary benefits such as:

• Comprehensive health coverage, including medical, dental, and vision insurance, with access to a Health Savings Account (HSA).
• Wellbeing and support resources, including an Employee Assistance Program offering confidential counseling and support services.
• Time away from work benefits, featuring accrued paid time off that increases with tenure, along with paid parental leave.
• Financial security and protection, including 401(k) retirement plan, life insurance, and identity theft protection.
• Community and culture initiatives, including weekly in-office events every Wednesday that foster connection collaboration, and team engagement.
• Financial security, CarePoint automatically contributes 7.5% into 401(k) retirement plan after 1 year of employment.

More about CarePoint

Carepoint is a rapidly growing, mission-driven organization dedicated to delivering exceptional, patient-centered care. We operate at the intersection of technology and healthcare, focusing on innovative solutions to improve health outcomes and enhance the patient experience. We value collaboration, integrity, and continuous improvement, striving to create a dynamic and supportive environment for our employees to thrive.

Our Values:

• Collaboration and Teamwork: We work in partnership with patients, fellow providers, and each other. It is through partnerships that we are able to achieve great work.
• Communication and Transparency: We pride ourselves on practicing open communication with all CarePoint members. As a physician-owned and led management services organization and practice, we hold transparency as one of our top core values and seek to communicate often and well.
• Sustainability and Innovation: We seek to honor our history by working hard to preserve our culture and unique model. We simultaneously want to be a part of the evolving world of healthcare and invest in future models of care delivery.