Security Analyst, Risk and Compliance
ABOUT WELL HEALTH
Our Mission: Make healthcare the gold standard in customer service.
What We Deliver: WELL™ Health is a SaaS digital health leader in patient communications and the 2021 Best in KLAS winner in Patient Outreach. WELL Health’s intelligent communications hub is the only two-way digital health solution engaging patients throughout their entire care experience. WELL Health enables conversations between patients and their providers through secure, multilingual messaging in the patient’s preferred communications channel: texting, email, telephone, and live chat. By unifying and automating disjointed communications, WELL Health helps healthcare organizations drive more patient visits, build exceptional patient loyalty, and reduce staffing costs, frustration and turnover.
Our Impact: WELL Health helps 200k+ healthcare providers facilitate more than 1 billion messages for 30+ million patients annually.
Our award-winning culture: In 2021, WELL Health was named #10 on the Forbes list of America’s Best Startup Employers and was also recognized as one of the Best Midsize Companies to Work for in Los Angeles by Built In LA. Additionally, WELL Health is proud to recently be named #484 on the Inc. 5000 list of fastest growing private companies, and #133 on Deloitte’s 2021 Technology Fast 500. In 2020, WELL Health was named among the Best Places to Work by Modern Healthcare.
SUMMARY
WELL is looking for a jack of all trades, Information Security Generalist to support our company-wide information security risk and governance program. You would report directly to our Director of Information Security. You will be responsible for the day-to-day operation of security controls that keep our customers’ and our company’s data safe. You will come in day one and learn our control frameworks, and help operate controls across each domain of the program. You are excited about being involved in all facets of security, and you have a passion for keeping data safe.
You have strong organization skills, and work well across departments. You are able to wear multiple hats, and manage tasks associated with large initiatives such as a full ISO or HITRUST audit. You will quickly be able to operationalize compliance requirements, and identify and mitigate technology risks for the company. You will have the ability to develop, implement, and execute on processes in a fast-paced environment.
This position is an exciting opportunity if you are looking to be at the forefront of healthcare technology and are passionate about security.
RESPONSIBILITIES
- Administer and operate our GRC (Governance, Risk, and Compliance) tool and ensure compliance requirements such as HITRUST, HIPAA, and GDPR are met
- Maintain security / technology related policies, procedures, and standards that address security requirements related to strategies, regulations, and business & technology risks
- Perform information security control reviews and assessments across technology and business teams
- Identify, quantify, track, and lead mitigation of risks and control exceptions in collaboration with Third Party Risk program requirements
- Assist audit efforts related to HITRUST, FedRAMP and various other audits
- Maintain asset inventory and risk reduction response documentation
- Participate in security related meetings with clients
- Respond to RFPs and security questionnaires
- Respond to security related incidents
REQUIREMENTS
- University/college courses in information security, computer science, management information systems, computer information systems, or a related discipline (or equivalent experience)
- 4-10 years of experience in one or all of the following: network engineering, Information technology security programs, audits, assessments, risk, or remediation management work experience
- Experience with HITRUST, ISO 27001, HIPAA, NIST 800-53, PCI DSS, SSAE 18 and/or other risk-centric standards and frameworks
- Excellent communication skills, and an ability to collaborate with members of various teams
- Good problem analysis, problem-solving, and judgment skills
BONUS
- Relevant security certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISMP (Certificate in Information Security Management Principles)
- Internal or external IT audit experience
- Healthcare experience
- Experience creating software user training materials
- Experience with cloud based infrastructure security principles
- Experience working with distributed teams
- Experience with data privacy/protection
LOCATION
WELL is headquartered in Santa Barbara, CA. This role is fully remote, and we are open to candidates based anywhere in the United States. #LI-Remote
WORKING AT WELL
- Fantastic company culture – frequent Zoom company events (Lunch & Learns, trivia, yoga, etc.) and daily fun brought to you by many creative Slack channels.
- Employee equity groups – 11 groups available for all to join. Black & Latinx, Women, LGBTQ+, Disability, and many more!
- Learning and development – frequent events and tools available to help our employees #PursueGrowth.
- Career mobility – we promote from within and have opportunities for employees to transfer between teams.
- Santa Barbara office perks – dog-friendly office, healthy (and unhealthy) snacks, Kombucha and beer on tap, light-filled space, standing desks, and the occasional taco truck.
- Company perks and benefits – MacBook Pro provided, unlimited PTO, generous equity package and full health benefits (medical, dental, and vision).
Interested in learning more? Please visit our LinkedIn page or our Life at WELL Instagram (@wellhealthinc) to hear from our employees about working at WELL.
Committed to Diversity, Equity, and Inclusion
WELL Health is an Equal Opportunity Employer and is committed to fair and equitable hiring practices. All hiring decisions at WELL are based on strategic business needs, job requirements and individual qualifications. All candidates are considered without regard to race, color, religion, gender, sexuality, national origin, age, disability, genetics or any other protected status.
With that said, research shows that women and other underrepresented groups apply only if they meet 100% of the criteria. WELL Health is committed to leveling the playing field, and we encourage you to apply for positions even if you do not meet 100% of the criteria. We would love to connect with you and see if you would be a great fit for our role!
We’re dedicated to creating an inclusive, equitable, and diverse workplace, where everyone feels safe to be themselves and diversity is a strength. WELL is committed to providing employees with a work environment free of discrimination and harassment; WELL will not tolerate discrimination or harassment of any kind.
Candidates should be aware that WELL Health currently maintains a policy requiring all employees (Resident, Mobile and Remote) to be fully vaccinated. New employees should be fully vaccinated by their start date. WELL Health is an equal opportunity employer, and will provide reasonable accommodation to those unable to be vaccinated where it is not an undue hardship to the company to do so as provided under federal, state, and local law.