Oscar is hiring a
Senior Manager

Summary

Join Oscar's Security team as a Senior Manager, Security Governance, Risk, and Compliance. Lead a cross-functional team in developing and maintaining Information Security policies, cybersecurity risk management, and compliance efforts. Identify opportunities to automate processes critical to meeting and exceeding Oscar's compliance obligations.

Responsibilities

• Lead a team of cross-functional Governance, Risk, and Compliance (GRC) experts including guiding, mentoring and coaching the team
• Develop medium and long term strategies to improve the effectiveness and efficiency of the GRC program
• Lead collaboration across engineering and governance functions to ensure common awareness and understanding of the what and why of various GRC requirements
• Act as the primary liaison between other risk management and compliance teams at Oscar and interpret their needs of the cybersecurity program
• Lead compliance efforts providing guidance and technical expertise in relation to the cybersecurity requirements related to SOX (Sarbanes-Oxley), MAR (Market Abuse Regulation), PCI (Payment Card Industry Data Security Standard), CMS EDE (Centers for Medicare & Medicaid Services Enhanced Direct Enrollment), HIPAA (Health Insurance Portability and Accountability Act), NYDFS (New York Department of Financial Services), SOC2, HITRUST, and other relevant security and regulatory frameworks
• Manage and lead maturity assessments against cybersecurity requirements and Oscar’s current control inventory to identify areas of deficiency and potential GAPs to achieve certification or to successfully complete the audit cycle
• Manage the team responsible for Oscar’s Security inventory for audit artifacts to ensure continuity in audits and efficient response to client and regulator requests. Manage and coordinate periodic assessments, audits, and reviews to assess compliance with regulatory requirements with a focus on Cybersecurity controls and artifacts
• Stay up to date on the latest cybersecurity regulations, policy and news to ensure Oscar’s security program documents upcoming requirements and areas in which enhancements to process are required for alignment with the standard
• Design, develop, and manage third-party risk management processes, including vendor assessments, due diligence, and ongoing monitoring to identify inherent and residual cybersecurity risks for tracking, monitoring and corrective action planning
• Manage and lead the development and maintenance of cybersecurity governance, risk, and compliance policies, procedures, and standards in alignment with industry best practices and regulatory requirements with the ability to discern Oscar’s technical operations to align with the requirements dictated in policy in an effort to flag areas of deficiency or areas which require enhancement to align with current operating practices
• Create and deliver cybersecurity training programs and awareness campaigns to educate employees and stakeholders about relevant topics and concepts related to key cybersecurity risks (i.e. Insider Threats, Data Handling and Phishing)
• Compliance with all applicable laws and regulations
• Other duties as assigned