Senior Manager, Security, Privacy, and Compliance
Collective Health is transforming the way people experience healthcare. We believe that quality and accuracy are paramount to ensuring exceptional member and employer experiences, and are the foundation for analytics that change how we deliver and pay for care. To accomplish this, we are reimagining the operational core of health insurance.
If you are an experienced security, privacy, and compliance professional who is excited about developing and leading a broad range of functions at a mission-driven, highly regulated technology company, this role is for you! You’ll lead initiatives that address the company’s—and some of our industry’s—most complex and important security and privacy challenges. You will build relationships across all parts of the business and drive cross-functional initiatives to continuously improve our security and privacy posture.
What you'll do:
- Collaborate with cross-functional leaders to identify and mitigate security and privacy risks
- Lead assessments and audits against a wide variety of security and privacy regulatory and compliance frameworks, including but not limited to HIPAA, HITRUST, NIST, and CCPA
- Develop, socialize, communicate, and continuously improve organizational policies, procedures, and standards
- Lead third party assurance audits, such as SOC 2, SOC 1, and HITRUST
- Lead customer trust and transparency efforts, including participating in RFP’s, customer-facing meetings, and customer security and privacy audits
- Develop, review, and provide input on security and privacy-related contractual agreements with clients and third parties
- Conduct security and privacy assessments on new and existing technology products and features
- Oversee the company’s third party risk management program, including due diligence, contracting, and ongoing monitoring
- Develop and deliver innovative programs to build culture and awareness of security, privacy, and compliance, including new hire training, department-specific training, and ongoing awareness activities
- Assist with the continued development of the company’s corporate compliance program, including updates to the Code of Ethics, assessments against FCPA, AML, FWA, and other corporate compliance requirements, and the overseeing the company-wide ethics and compliance training program.
Your skills include:
- 8+ years of security and privacy compliance experience at a top-tier consulting/auditing firm or equivalent in-house experience
- Excels in a fast-paced, complex environment where business initiatives and priorities are constantly evolving
- Experience leading HIPAA, HITRUST, SOC 2, NIST and other security based standards, certifications, or audits
- Proven ability to build relationships and collaborate with with a broad range of stakeholders and departments
- Outstanding judgment.
- Excellent communication and presentation skills
- 4+ years of experience at a rapidly growing technology company preferred
- CISA, CISM, CIPP, CISSP, or other relevant professional certifications/associations strongly preferred
Collective Health is a technology company simplifying employer healthcare to make health insurance work for everyone. With more than 200,000 members and over 45 enterprise clients—including Pinterest, Red Bull, Restoration Hardware, Activision Blizzard, and more—our technical and customer experience teams are reinventing the healthcare experience for forward-thinking employers and their people across the U.S.
Collective Health is headquartered in San Francisco, CA, with additional offices in Chicago, IL, and Lehi, UT. Founded in 2013, Collective Health is backed by the SoftBank Vision Fund, DFJ Growth, PSP Investments, NEA, GV, G Squared, Founders Fund, Maverick Ventures, Mubadala Ventures, Sun Life, and other leading investors. For more information, visit us at https://www.collectivehealth.com
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Back to top