Oscar Insurance is hiring a

Senior Manager, Security Governance, Risk, and Compliance

Remote

Hi, we're Oscar. We're hiring a Senior Manager, Security Governance, Risk, and Compliance to join our Security team.

About the role

In this role, you will be responsible for leading and managing a cross-functional team charged with the development and maintenance of Oscar’s Information Security policies, cybersecurity risk management, and compliance efforts in a highly regulated industry. You will identify opportunities to automate processes critical to meeting and exceeding Oscar’s compliance obligations to our regulators across a variety of frameworks. The GRC team works across a wide variety of stakeholders across the Oscar organization, and serves as an interpreter of technical controls for those various teams to identify effective means of implementing and demonstrating compliance.  You will be involved in shaping and driving Oscar’s GRC strategies through proactive measures and continuous improvement, and a demonstrated curiosity on continuously evolving our approaches. 

You will report into the Chief Information Security Officer. 

Work Location:

Oscar is a blended work culture where everyone, regardless of work type or location, feels connected to their teammates, our culture and our mission. 

If you live within commutable distance to our New York City office (in Hudson Square), our Tempe office (off the 101 at University Dr), or our Los Angeles office (in Marina Del Rey), you will be expected to come into the office at least two days each week. Otherwise, this is a remote / work-from-home role.  

You must reside in one of the following states: Alabama, Arizona, California, Colorado, Connecticut, Florida, Georgia, Illinois, Iowa, Kansas, Kentucky, Maine, Maryland, Massachusetts, Michigan, Minnesota, Missouri, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Utah, Vermont, Virginia, Washington, or Washington, D.C. Note, this list of states is subject to change. #LI-Remote

Pay Transparency:

The base pay for this role is: $158,400 - $207,900 per year. You are also eligible for employee benefits, participation in Oscar’s unlimited vacation program, company equity grants, and annual performance bonuses.

Responsibilities

  • Lead a team of cross-functional Governance, Risk, and Compliance (GRC) experts including guiding, mentoring and coaching the team
  • Develop medium and long term strategies to improve the effectiveness and efficiency of the GRC program
  • Lead collaboration across engineering and governance functions to ensure common awareness and understanding of the what and why of various GRC requirements
  • Act as the primary liaison between other risk management and compliance teams at Oscar and interpret their needs of the cybersecurity program
  • Lead compliance efforts providing guidance and technical expertise in relation to the cybersecurity requirements related to SOX (Sarbanes-Oxley), MAR (Market Abuse Regulation), PCI (Payment Card Industry Data Security Standard), CMS EDE (Centers for Medicare & Medicaid Services Enhanced Direct Enrollment), HIPAA (Health Insurance Portability and Accountability Act), NYDFS (New York Department of Financial Services), SOC2, HITRUST, and other relevant security and regulatory frameworks
  • Manage and lead maturity assessments against cybersecurity requirements and Oscar’s current control inventory to identify areas of deficiency and potential GAPs to achieve certification or to successfully complete the audit cycle
  • Manage the team responsible for Oscar’s Security inventory for audit artifacts to ensure continuity in audits and efficient response to client and regulator requests. Manage and coordinate periodic assessments, audits, and reviews to assess compliance with regulatory requirements with a focus on Cybersecurity controls and artifacts. 
  • Stay up to date on the latest cybersecurity regulations, policy and news to ensure Oscar’s security program documents upcoming requirements and areas in which enhancements to process are required for alignment with the standard.
  • Design, develop, and manage third-party risk management processes, including vendor assessments, due diligence, and ongoing monitoring to identify inherent and residual cybersecurity risks for tracking, monitoring and corrective action planning.
  • Manage and lead the development and maintenance of cybersecurity governance, risk, and compliance policies, procedures, and standards in alignment with industry best practices and regulatory requirements with the ability to discern Oscar’s technical operations to align with the requirements dictated in policy in an effort to flag areas of deficiency or areas which require enhancement to align with current operating practices.
  • Create and deliver cybersecurity training programs and awareness campaigns to educate employees and stakeholders about relevant topics and concepts related to key cybersecurity risks (i.e. Insider Threats, Data Handling and Phishing).
  • Compliance with all applicable laws and regulations
  • Other duties as assigned

Qualifications

  • Bachelor's degree or years of equivalent experience
  • 5+ years of experience related to risk management
  • 4+ years of experience related to project management
  • Experience developing GRC programs  in a cloud and SaaS environment.

Bonus Points

  • Prior work experience in or understanding of security challenges specific to the healthcare or health insurance industries
  • Prior experience managing individual contributors.

This is an authentic Oscar Health job opportunity. Learn more about how you can safeguard yourself from recruitment fraud here

At Oscar, being an Equal Opportunity Employer means more than upholding discrimination-free hiring practices. It means that we cultivate an environment where people can be their most authentic selves and find both belonging and support. We're on a mission to change health care -- an experience made whole by our unique backgrounds and perspectives.

Pay Transparency:  Final offer amounts, within the base pay set forth above, are determined by factors including your relevant skills, education, and experience. Full-time employees are eligible for benefits including: medical, dental, and vision benefits, 11 paid holidays, paid sick time, paid parental leave, 401(k) plan participation, life and disability insurance, and paid wellness time and reimbursements.

Reasonable Accommodation: Oscar applicants are considered solely based on their qualifications, without regard to applicant’s disability or need for accommodation. Any Oscar applicant who requires reasonable accommodations during the application process should contact the Oscar Benefits Team ([email protected]) to make the need for an accommodation known.

California Residents: For information about our collection, use, and disclosure of applicants’ personal information as well as applicants’ rights over their personal information, please see our Notice to Job Applicants.

Apply for this job

Please mention you found this job on AI Jobs. It helps us get more startups to hire on our site. Thanks and good luck!

Get hired quicker

Be the first to apply. Receive an email whenever similar jobs are posted.

Ace your job interview

Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

Senior Manager Q&A's
Report this job
Apply for this job