Information Security Engineer

Falling Colors is a small B-corporation, women-owned and women-founded. We are a diverse and open-minded team, with a mix of genders, ethnicities, and interests. As a company, we value using our skills and time to improve the world around us, from behavioral health care to local educational opportunities. As a team, we strive to be kind, support each other, and work together, stepping forward to handling all the exciting things that get thrown our way.

The Information Security Engineer will aid the Information Security Team with the design, development, and execution of our comprehensive information management and security plan. This plan will be modeled on our current HITRUST-certified security platform, but needs to be creatively adapted to meet Falling Colors’ unique context, culture, and vision for the future.

The Information Security Engineer will also be responsible for aiding the Company with developing an efficient approach to managing the flow and retention of information across teams to ensure availability and effective management of up-to-date company resources, both internal and external.

As an Information Security Engineer at Falling Colors, you’ll:

  • Develop a deep understanding of Falling Colors’ operations and apply that knowledge to legal and regulatory compliance in areas like HITRUST, HIPAA, and more.

  • Maintain and enhance our security program by aligning with industry standards while adapting them to our unique context and culture.

  • Conduct or oversee periodic risk assessments, identify vulnerabilities, and recommend strategies to mitigate threats.

  • Guide the company’s security certification efforts and ensure our market positioning reflects strong and compliant security practices.

  • Keep leadership informed of industry trends, threats, and emerging risks, and help shape appropriate responses.

  • Own the day-to-day operations of our Information Security Management Program—including audits, tabletop exercises, disaster recovery planning, and compliance checks.

  • Regularly review and update security policies to ensure they’re effective, efficient, and aligned with current standards and company practices.

  • Maintain detailed and accurate security documentation and evidence to support compliance and incident response.

  • Collaborate with our InfoSec team to manage information governance tools (such as Microsoft 365) and enforce protection protocols.

  • Develop and lead engaging security training and awareness programs for all staff.

  • Work with teams to evaluate and improve technology controls across business processes and products.

  • Design and implement corrective actions when necessary—and monitor their success.

  • Partner with internal stakeholders to create effective security reports, audits, and system tools.

Requirements

  • BA in an information security-related field preferred; equivalent experience considered;

  • Prefer 2 - 3 years of experience in a comparable role for a company with a similar risk and information security profile;

  • Current Security+ certification

  • Current CISA certification

  • Excellent written and oral communication skills, facilitating communication across teams;

  • Prefer 2 - 3 years of experience designing and facilitating information security trainings for a broad range of employees and teams;

  • Foundational understanding of cybersecurity framework standards, including HIPAA, HITECH, and/or NIST;

  • Ability to analyze complex security issues and present findings to management.

  • Experience with Network Security, System Administration, and Application Security preferred

  • All applicants are asked to submit a cover letter.

Job Specifications and Pay

This job is a full-time, non-exempt position working approximately 40 hours a week. Our headquarters is in Santa Fe, New Mexico, with satellite offices across the United States. For the ideal candidate, this is a remote position that will require periodic travel to our headquarters. The candidate will need to have a functional at-home workspace with reliable internet service and the ability to travel to work in Santa Fe.

To Apply:

You will be asked to submit a resume and a cover letter. Please apply at apply@fallingcolors.com.

EEO Statement

Falling Colors provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, or genetic information.