Senior Information Security Compliance Analyst
Sidecar Health is redefining health insurance. Our mission is to make excellent healthcare affordable and attainable for everyone. We know that to accomplish this lofty mission, we need driven people who will make things happen.
The passionate people who make up Sidecar Health’s team come from all over, with backgrounds as tech leaders, policy makers, healthcare professionals, and beyond. And they all have one thing in common—the desire to fix a broken system and make it more personalized, affordable, and transparent.
Sidecar Health has raised more than $175M from top-tier investors. The company is currently valued at over $1B—and growing quickly. Our membership has increased sharply in the two short years we’ve been on the market, and we’re poised for rapid growth over the coming year.
If you want to use your talents to transform healthcare in the United States, come join us!
What You'll Do
- Develop the information security program including information security policies, standards, and procedures for HITRUST certification and HIPAA compliance
- Implement the controls to meet the policies and standards requirements
- Conduct audits to ensure policies and procedures are being followed and measure compliance
- Conduct risk assessments
- Establish metrics on the maturity of the information security program. Provide reports for senior management.
- Develop third party vendor process. Conduct reviews and audits.
- Develop a response program for reporting and investigating security and privacy incidents. Work with the team to investigate incidents.
- Develop and manage the security awareness training program in alignment with compliance requirements. Conduct phishing exercises. Provide metrics to senior management.
- Work with external auditors and regulators
What You'll Bring
- Bachelor's degree in Business Information Systems, Business Administration, Computer Science, Engineering or related field
- 4 years experience in information security and compliance. A company in a regulated industry preferred.
- Experience using a popular GRC tool
- Experience and/or an exceptionally good understanding of cloud technology and AWS security
- Knowledge and experience with legal, privacy, and regulatory compliance standards such as NIST, CIS, ISO 27001, and SOC 2. PCI-DSS, GDPR, HITRUST CSF, and HIPPA experience are a plus
- Knowledge of computer networking technology and security
- Knowledge of risk management frameworks and experience conducting assessments
- Knowledge of cyber threats and vulnerabilities
- A natural curiosity and a desire to grow professionally
Nice to Have
- Professional certification: CISA, CRISC, CISSP, HCISPP, CISM, CIPP, or PMP
- Insurance or Health industry experience
What You'll Get
- Competitive salary, bonus opportunity, and equity package
- Comprehensive Medical, Dental, and Vision benefits
- A 401k retirement plan
- Paid vacation and company holidays
- Opportunity to make an impact at a rapidly growing mission-driven company transforming healthcare in the U.S.
Sidecar Health is an Equal Opportunity employer committed to building a diverse team. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status or disability status.