Senior Manager - Governance, Risk and Compliance - 1232292
Senior Manager - Governance, Risk and Compliance
Curative is taking on fundamentally changing US healthcare. We are building a vertically integrated platform for managing the health of our patients. No more silos or navigating multiple companies to seek care and unexpected bills. We’re rebuilding from first principles, focusing on patients and delivering the highest quality care, not billing. Preventative care will be made easy and accessible to our patients, facilitated by the lab infrastructure we built for the scale of the covid19 pandemic. The work we’ve done delivering more than 30 million COVID tests and over 2 million vaccinations during the pandemic has given us the resources and lessons to achieve this mission.
Information Security at Curative:
This team moves fast, and you should be excited about interacting with a wide variety of stakeholders—you'll have a direct impact on how patients, doctors, and other care professionals all interface securely with Curative. You should have a strong interest in building tools, be comfortable working with new technologies, and have a strong sense of enabling business operations through secure designs.
Finally it's important to us that everyone on our team be prepared to work with and supportive of a variety of backgrounds, roles, and needs. Our organization is built on trust and mutual respect, we know that it's only together that we achieve truly great things.
Note: This role can be remote but the candidate must be able to travel onsite to Curative HQ as well as other Curative locations across the United States
What you'll do
Reporting to the VP, Information Security you will be responsible for managing the Information Security Governance, Risk and Compliance Program at Curative
- Define and manage the Risk Management Framework; identifying, quantifying and addressing information security risks at Curative.
- Establish continuous monitoring regime to ensure controls applied to risks are operating effectively.
- Help Curative to achieve its compliance objectives aligned to HIPAA-HiTECH Security and Privacy rules, using the HiTrust Framework and/or SOC2 controls
- Develop a policy library that sets out the enterprise information security policy and communicates it effectively
- Coordinates closely with the Legal team; specifically with the Privacy and Healthcare Compliance officers to ensure that cybersecurity risk and control is properly communicated to those entities.
- Manage a security training and awareness program that communicates expectations for user adherence to policies and practices, and instills in users the best practices for information security.
- Develop and publish metrics that demonstrate the effectiveness and efficiency of the program and the overall security health of the Enterprise.
- Keep current on information security trends
- Experience with common Risk Frameworks and risk approaches, such as FAIR, NIST RMF, etc.
- 5 years experience in Healthcare Related Risk and Compliance
- Familiarity with HiTrust myCSF and HIPAA Security and Privacy rules
- Familiarity with CCPA, CPRA and other Privacy standards; although this role is not responsible for Privacy per se, it does coordinate with the Privacy officer on infosec controls.
- Audit background; either conducting audits or having responsibility for managing audit responses for an enterprise
- Experience collaborating with IT operations and product teams
- Experience rolling out Information Security awareness and training programs
- 5 years working with enterprise IT systems and developing monitoring programs to validate control effectiveness.
- Information security certification such as CISSP, CISA or similar.
- Familiarity with US Government Security Standards such as NIST 800-53, and 800-171