We’re a small-but-growing constellation of businesses that have been brought together for the purpose of taking compliance practice to the next level. Inspired by interoperability, on fire about FHIR, committed to HITRUST and engaged with security, we’ve been in the compliance business for a really long time. We’re ready to step beyond the basics of the checkbox, and use our powers for the greater good. In short, we’re looking for someone who has the skills, the drive, the motivation, and the heart, to stand with Drummond in its mission to make compliance a partnership.


For this role as practice leader, we need someone who has crawled around in the trenches of compliance assessment, conducted rigorous compliance field work, instinctively includes security best practice in everything they do, and has the imagination, the drive, and the motivation to lead the growth of our healthcare practice focusing on standards such as HIPAA/NIST.

We expect you to be happy and at home in Healthcare IT environments, and with privacy and security regulations and policies. You should possess a base of technical knowledge of the infrastructure, operating processes, and security applications that support a secure environment. You’re comfortable with access controls, logging functions, encryption methods, backup and recovery functions, patching of operating system or applications, and help desk functions.

To fulfill Drummond’s vision of “humanitegrity,” you need to be client-oriented, people-oriented, and have the ability to easily network and make contacts. Because this is a leadership position, you also need to drive business, define and execute a practice, attract top talent, and manage P&L (demonstrating financial acumen). You need to be comfortable and able to execute in a startup environment, and fearless about rolling up your sleeves and doing the needful. And because this is not just a people leadership position but a thought leadership position, participation with industry groups and demonstrated ability to research and discuss the latest trends in security and privacy is important.


  • 3-5 years field work experience
  • Bachelor’s degree, preferably in IT Risk, Information Technology, Computer Science, or Business; or equivalent experience required.
  • Prior experience in such fields as: healthcare, regulation development, consulting, IT audit, medical application implementation, information technology, security management, third party audit, governance, risk management, information security, or compliance is preferred.
  • Knowledge of compliance standards and related methodologies such as: HITRUST CSF, ISO/IEC 27001/2, SOC, NIST Special Publication 800-53, and regulations such as HIPAA, EU GDPR, or GLBA.
  • Professional certifications such as HITRUST CCSFP, CISSP, CISM, CRISC, CISA, CEH, and/or ISO appreciated.
  • Involvement, experience, and knowledge of Active Directory, firewalls, encryption/SSL, 2-factor authentication types, virus software, and threat management
  • Participation or involvement with incident reporting processes, disaster recovery testing, change management, and/or other IT functions.
  • Ability to translate technical knowledge to non-technical audiences. Conference participation/presentation/organization a strong bonus.
  • Strong written and oral communication skills.
  • Ability to work independently with a high degree of accountability.
  • Willing to travel 25-30% of the time.
  • Must provide at least three references.



Drummond Group offers comprehensive compliance, security, risk management, surveillance, and education services to healthcare, financial, and other regulated industries. We bring thought leadership, expertise, practical tools, and partnership to the compliance and assessment processes for our clients. At Drummond Group, enabling customers to feel secure about the ways in which they share their business’s sensitive and private data is our primary goal.

Drummond Group is an Equal Opportunity Employer. This company does not and will not discriminate in employment and personnel practices on the basis of race, sex, age, disability, religion, national origin or any other basis prohibited by applicable law. Hiring, transferring and promotion practices are performed without regard to the above listed items.