Senior Manager, Security Governance, Risk and Compliance

Summary

Join Oscar's Security Governance, Risk, and Compliance team as a Senior Manager! Lead and manage a cross-functional team responsible for developing and maintaining Oscar's information security policies and cybersecurity risk management. You will manage regulatory obligations, represent Oscar's security program to customers, and report to the Chief Information Security Officer. This role offers a blended work culture with flexibility, including remote options for those outside commuting distance of our offices in New York City, Tempe, or Los Angeles. The base pay is $158,400 - $207,900 per year, plus benefits, unlimited vacation, equity grants, and performance bonuses. This position requires a Bachelor's degree or equivalent experience, along with significant experience in risk and project management.

Requirements

• Bachelor's degree or years of equivalent experience
• 5+ years of experience related to risk management
• 4+ years of experience related to project management

Responsibilities

• Lead a team of cross-functional Governance, Risk, and Compliance (GRC) experts including guiding, mentoring and coaching the team
• Develop medium and long term strategies to improve the effectiveness and efficiency of the GRC program
• Lead collaboration across engineering and governance functions to ensure common awareness and understanding of the what and why of various GRC requirements
• Act as the primary liaison between other risk management and compliance teams at Oscar and interpret their needs of the cybersecurity program
• Lead compliance efforts providing guidance and technical expertise in relation to the cybersecurity requirements related to SOX (Sarbanes-Oxley), MAR (Market Abuse Regulation), PCI (Payment Card Industry Data Security Standard), CMS EDE (Centers for Medicare & Medicaid Services Enhanced Direct Enrollment), HIPAA (Health Insurance Portability and Accountability Act), NYDFS (New York Department of Financial Services), SOC2, HITRUST, and other relevant security and regulatory frameworks
• Manage and lead maturity assessments against cybersecurity requirements and Oscar’s current control inventory to identify areas of deficiency and potential GAPs to achieve certification or to successfully complete the audit cycle
• Manage the team responsible for Oscar’s Security inventory for audit artifacts to ensure continuity in audits and efficient response to client and regulator requests. Manage and coordinate periodic assessments, audits, and reviews to assess compliance with regulatory requirements with a focus on Cybersecurity controls and artifacts
• Stay up to date on the latest cybersecurity regulations, policy and news to ensure Oscar’s security program documents upcoming requirements and areas in which enhancements to process are required for alignment with the standard
• Design, develop, and manage third-party risk management processes, including vendor assessments, due diligence, and ongoing monitoring to identify inherent and residual cybersecurity risks for tracking, monitoring and corrective action planning
• Manage and lead the development and maintenance of cybersecurity governance, risk, and compliance policies, procedures, and standards in alignment with industry best practices and regulatory requirements with the ability to discern Oscar’s technical operations to align with the requirements dictated in policy in an effort to flag areas of deficiency or areas which require enhancement to align with current operating practices
• Create and deliver cybersecurity training programs and awareness campaigns to educate employees and stakeholders about relevant topics and concepts related to key cybersecurity risks (i.e. Insider Threats, Data Handling and Phishing)
• Compliance with all applicable laws and regulations
• Other duties as assigned

Preferred Qualifications

• Prior work experience in or understanding of security challenges specific to the healthcare or health insurance industries
• Experience developing GRC programs in a cloud and SaaS environment
• Prior experience managing individual contributors

Benefits

• Employee benefits
• Participation in Oscar’s unlimited vacation program
• Company equity grants
• Annual performance bonuses
• Medical, dental, and vision benefits
• 11 paid holidays
• Paid sick time
• Paid parental leave
• 401(k) plan participation
• Life and disability insurance
• Paid wellness time and reimbursements