<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=1112906&amp;fmt=gif">

Information Security & Compliance Officer (U.S.)

Are you excited by the idea of transforming how working families take care of children and aging loved ones while improving their professional lives? Are you passionate about leveraging technology to provide caregivers with life-changing information and services? 

Caregiver support has emerged as one of the top concerns among employers, and Torchlight leads the market with an innovative technology platform coupled with the nation’s top specialists. Now covering millions of employees at hundreds of leading enterprise clients, Torchlight is poised for accelerated growth.

Torchlight is looking for a full-time Security & Compliance Officer to oversee and drive the information security and privacy compliance function for the organization and our AWS-based SaaS product.

We can’t wait to talk to you if you are looking to use your talents for good, can iterate your way to innovation, and are committed to personal growth and excellence in all that you do.

You must be a self-starter who is comfortable collaborating across multiple disciplines, coordinating initiatives with the business, product, and technical teams. You should also be able to execute tactically, with limited resources, against aggressive goals, while also contributing strategically. 

Essential Job Functions:

  • Own all aspects of the Torchlight compliance requirements, including the management and implementation of the key controls of SOC2 type 2 and HIPAA, and eventually e.g. CCPA, GDPR, ISO27001
  • Manage the formal review process and subsequent change management of all company policies and procedures 
  • Provide strategies for improving system security, change management, and security related policies and procedures, automating the implementation wherever possible
  • Serve as an internal point-person for Torchlight employees by translating security policy and compliance frameworks into actionable requirements and guidance to inform their work
  • Triage and categorize network intrusions and incidents. Work with Product-Engineering and DevOps to resolve
  • Drive business continuity and disaster recovery, vulnerability management, and annual penetration testing. Work with internal and external stakeholders to ensure our systems are protected and highly available
  • Plan and manage the external auditing process, including the collection of all required evidence, and the monitoring, managing, and closing of audit issues
  • Ensure that the internal controls for compliance are actively followed and identify, track and resolve problems discovered in the controls review process and implement corresponding mitigating controls 
  • Ensure that Information Security policies and procedures comply with regulations; draft, edit, and publish policies and procedures when they need to be updated or created
  • Provide responses and evidence for Prospect/Partner/Client Information Security requests, also maintain a library of response documents 
  • Drive the Vendor Information Security Review process and liaise with outside vendors/suppliers regarding security and compliance measures (e.g., IT, DevOps) 
  • Coordinate with appropriate departments across the organization for changes required to support compliance activities 
  • Communicate to the Executive Team and Board of Directors on a regular basis on compliance status and any issues related to meeting the business compliance commitments


  • Hands-on experience analyzing and applying compliance requirements to security practices, including, but not limited to, SOC2, HIPAA, GDPR, CCPA, ISO27001, and NIST. Ability to monitor and keep current with changes and trends in the regulatory landscape
  • 3-5+ years of relevant experience implementing security controls (SOC2 and HIPAA in particular). Having done so with SaaS products on AWS is a strong plus
  • Technical expertise in AWS or Linux security systems and processes is a plus
  • Experience working in an Agile software development environment
  • Can work independently as well as collaborate with leadership, product & outside development resources


All or any of these certifications would be desired: 

  • Information Privacy Professional (CIPP) 
  • Information Systems Auditor (CISA) 
  • Information Systems Security Professional (CISSP) 
  • Risk and Information Systems Control (CRISC) 
  • AWS Cloud Practitioner (ACP)

We require:

  • honesty, kindness, and quality
  • entrepreneurial mindset
  • excellent communication and analytical skills
  • a Bachelor's degree or equivalent 

About Torchlight

At Torchlight, we believe that caring is everyone’s business and caring is good business. We are the only complete caregiver support solution for employers and member organizations. We offer solutions informed by data and, thus, are built for better results. Our approach includes a user-friendly digital platform and a team of expert advisors. No matter the age, stage or concern, Torchlight’s decision-support tools, caregiving knowledge base, and human expertise combine to reduce stress and enhance outcomes for both families and their sponsoring organizations more cost-effectively than call center or concierge-only solutions. Because getting caregivers the right resources, in the right ways, right from the beginning should be business as usual.

Headquartered in Burlington, MA (although currently fully remote), we offer a flexible work environment and generous benefits package with equity. We are an equal opportunity employer and are committed to maintaining a diverse workplace.

Caregiving in the Next Normal

Caring is Everyone’s Business.

COVID-19 is affecting everyone around the world. We’re in a unique position to help employee caregivers get the support they need. Download and share our “Caregiving in the Next Normal” kit.