Information Security and Compliance Manager
About the organization
About Included Health:
Finding a good healthcare provider is hard. Finding one when you’re LGBTQ+ is even harder. Too often, our health depends on our ability to self-advocate. To read between the lines of lengthy benefits documents, or uncomfortably ask our employer about policies for LGBTQ+ family planning or gender affirming care coverage, or even navigate being an employee out at work when we’d really rather not jump over one more hurdle. It’s a system that wasn’t designed to care for our bodies and our lives. Finding culturally competent, affirming providers and navigating the healthcare system isn’t impossible. But it is exhausting. That’s why we founded Included Health.
What You’ll Do:
Work directly with the CEO as one of the early members of our team to build a robust Information Security and Compliance Program
Develop and maintain an effective information security architectural approach, ensuring that the approach is implemented in accordance with HIPAA and other standards
Engage and collaborate with IT, DevOps, Product Management, HR, Finance, and Executive team members to conduct security and privacy risk assessments, design and implement controls, tools, or infrastructure addressing findings and business needs
Coordinate Vendor Management practices and evaluate vendor compliance documentation, service level agreements, and security posture
Lead quantitative risk practices, ongoing risk management, and associate initiatives
Identify and contain emerging threats before they have a negative impact on business operations.
Implement and manage industry best practices around access controls, end-point security capabilities, and infrastructure configuration management
Who We Are Looking For:
4+ years leading security and compliance practices in a highly regulated business
Expert knowledge around HIPAA and data privacy practices
Experience managing external vendor relationships and ensuring all business activities meet compliance frameworks
Ability to lead vulnerability management processes for conducting regular vulnerability scans and addressing penetration test findings
Ability to work independently and collaborate with stakeholders across the organization
Knowledge of cloud based computing environments and enterprise database management technologies
Highly service-oriented, champion for change, self motivated, excellent written and verbal communication, and excellent crisis management skills
Contact email: [email protected]
Who You Are:
As an early member of the Included Health team, you will be responsible for managing Included Health’s information security and compliance programs. You will work across the organization to ensure our internal practices and information sharing practices with clients are highly secure, and build trust with our members. You are determined to ensure that Included Health effectively protects and manages members' healthcare information. You will be passionate about our mission, and committed to building not only Included Health’s Information Security and Compliance framework, but also our organization.
We cherish and celebrate diversity at Included Health. It’s what we do, who we are, and why we are building this organization. We are an equal opportunity employer and are committed to creating an inclusive environment for all employees.
Equal Opportunity Employment
The posting employer has certified that this announcement complies with Peace Corps’ Equal Opportunity Employment policy:
The Peace Corps is committed to providing equal opportunity to all employees, Volunteers, and applicants for employment and volunteer service. Peace Corps policy prohibits discrimination and harassment because of race, color, religion, sex, national origin, age (40 or over), disability, sexual orientation, gender identity, gender expression, marital status, parental status, political affiliation, union membership, genetic information, or history of participation in the Equal Employment Opportunity process, grievance procedure, or any authorized complaint procedure.
Does this sound like the position for you?Apply to job