Information Security and Compliance Manager

Included Health

About the organization

About Included Health:

Finding a good healthcare provider is hard. Finding one when you’re LGBTQ+ is even harder. Too often, our health depends on our ability to self-advocate. To read between the lines of lengthy benefits documents, or uncomfortably ask our employer about policies for LGBTQ+ family planning or gender affirming care coverage, or even navigate being an employee out at work when we’d really rather not jump over one more hurdle. It’s a system that wasn’t designed to care for our bodies and our lives. Finding culturally competent, affirming providers and navigating the healthcare system isn’t impossible. But it is exhausting. That’s why we founded Included Health.


What You’ll Do:

Work directly with the CEO as one of the early members of our team to build a robust Information Security and Compliance Program

Develop and maintain an effective information security architectural approach, ensuring that the approach is implemented in accordance with HIPAA and other standards

Engage and collaborate with IT, DevOps, Product Management, HR, Finance, and Executive team members to conduct security and privacy risk assessments, design and implement controls, tools, or infrastructure addressing findings and business needs

Coordinate Vendor Management practices and evaluate vendor compliance documentation, service level agreements, and security posture

Lead quantitative risk practices, ongoing risk management, and associate initiatives

Identify and contain emerging threats before they have a negative impact on business operations.

Implement and manage industry best practices around access controls, end-point security capabilities, and infrastructure configuration management


Who We Are Looking For:

4+ years leading security and compliance practices in a highly regulated business

Expert knowledge around HIPAA and data privacy practices

Experience managing external vendor relationships and ensuring all business activities meet compliance frameworks

Ability to lead vulnerability management processes for conducting regular vulnerability scans and addressing penetration test findings

Ability to work independently and collaborate with stakeholders across the organization

Knowledge of cloud based computing environments and enterprise database management technologies

Highly service-oriented, champion for change, self motivated, excellent written and verbal communication, and excellent crisis management skills

Application instructions

Contact email: [email protected]

Who You Are:

As an early member of the Included Health team, you will be responsible for managing Included Health’s information security and compliance programs. You will work across the organization to ensure our internal practices and information sharing practices with clients are highly secure, and build trust with our members. You are determined to ensure that Included Health effectively protects and manages members' healthcare information. You will be passionate about our mission, and committed to building not only Included Health’s Information Security and Compliance framework, but also our organization.

We cherish and celebrate diversity at Included Health. It’s what we do, who we are, and why we are building this organization. We are an equal opportunity employer and are committed to creating an inclusive environment for all employees.

Before responding to this announcement, please review the Terms of Use [PDF]. The Peace Corps is not able to confirm the legitimacy of all positions posted to this jobs board. If you believe an announcement has violated the Peace Corps Terms of Use, please contact [email protected].

Equal Opportunity Employment

The posting employer has certified that this announcement complies with Peace Corps’ Equal Opportunity Employment policy:

The Peace Corps is committed to providing equal opportunity to all employees, Volunteers, and applicants for employment and volunteer service. Peace Corps policy prohibits discrimination and harassment because of race, color, religion, sex, national origin, age (40 or over), disability, sexual orientation, gender identity, gender expression, marital status, parental status, political affiliation, union membership, genetic information, or history of participation in the Equal Employment Opportunity process, grievance procedure, or any authorized complaint procedure.

Does this sound like the position for you?

Apply to job