Security and Compliance Manager

🕒 il y a 1 mois

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

Rezilient Health

Site WebLinkedInTous les Emplois

51 - 200 employés

⚕️ Assurance santé

☁️ SaaS

Healthcare Insurance • SaaS

Rezilient Health est une entreprise de santé offrant un avantage de soins primaires et multi-spécialités conçu pour être à la fois complet et rentable pour les entreprises et leurs employés. Elle fournit des services de santé intégrés grâce à ses CloudClinics, aux soins virtuels et aux dispositifs numériques connectés, permettant aux employés d'accéder à des soins de santé de haute qualité de manière efficace et abordable. L'entreprise met l'accent sur les soins préventifs et des résultats de santé durables tout en réduisant la dépendance aux services d'urgence et de soins urgents, réduisant ainsi les coûts globaux des soins de santé pour les entreprises. L'approche innovante de Rezilient Health inclut des rendez-vous en clinique et virtuels le jour même, ainsi qu'un accès à des messages 24/7 aux prestataires de soins de santé.

Description

• At Rezilient, we’re redefining primary care by making access to healthcare more convenient, timely, and seamless. Our innovative CloudClinic model combines virtual provider visits with cutting-edge technology to create a personalized digital healthcare experience that puts patients at the center of their care. • - Develop, implement, and maintain the security & compliance program aligned with company goals and regulatory requirements (HIPAA, HITECH, HITRUST, SOC 2, etc.). • - Lead certification and attestation efforts, including SOC 2 audits, HITRUST readiness, and other healthcare/security frameworks. • - Develop and maintain security and compliance policies, standards, and procedures; ensure they are operationalized and enforced across the organization. • - Oversee governance activities including risk assessments, internal audits, compliance reviews, and reporting of KPIs/metrics to leadership. • - Own and manage the third-party/vendor risk management program, including security assessments, ongoing monitoring, and partnership with legal/procurement on contract requirements. • - Oversee incident response from a governance and compliance perspective, ensuring response plans are in place, coordinating cross-functional efforts, and managing regulatory reporting when required. • - Maintain and manage the enterprise risk register, including tracking remediation efforts and escalating risks appropriately. • - Coordinate and oversee security awareness and compliance training programs, ensuring effectiveness and adoption across the organization. • - Provide regular reporting to the CISO and executive team on security posture, compliance status, and risk landscape. • - Monitor the evolving regulatory and industry landscape (healthcare, privacy, SaaS/cloud) and ensure the organization adapts proactively. • - Partner closely with Product and Engineering teams to embed security and compliance into the product lifecycle. • - Lead or support security and compliance reviews of new features, infrastructure, and architecture decisions. • - Ensure adherence to secure development practices, data protection requirements, and regulatory considerations in platform design (especially for PHI/PII handling). • - Act as a key stakeholder in design reviews, threat modeling, and release readiness from a compliance standpoint. • - Work closely with Clinical Operations teams to maintain and evolve the compliance program for care delivery (both virtual and in-clinic). • - Ensure workflows, protocols, and systems used in care delivery meet HIPAA/HITECH and other regulatory requirements. • - Support audits, documentation, and training related to clinical compliance and patient data handling. • - Partner with IT on clinic and corporate security, including device management, endpoint security, access controls, and software governance. • - Ensure consistent enforcement of security policies across physical clinics and distributed environments. • - Support implementation and monitoring of controls related to identity/access management, endpoint protection, and SaaS tools. • - Partner with Growth (Sales) and Client Success teams to support security and compliance needs throughout the customer lifecycle. • - Respond to security questionnaires, RFPs, and due diligence requests from prospective and existing clients. • - Act as a subject matter expert in sales cycles, helping articulate the company’s security posture and build trust with buyers. • - Develop and maintain standardized security materials (e.g., trust center content, policies, certifications, FAQs) to streamline sales and client interactions.

🎯 Exigences

• - Bachelor’s degree in cybersecurity, IT, risk, or compliance (or equivalent experience) is required; advanced degree a plus. • - 5–10 years of experience in security/compliance in healthcare, digital health, or SaaS/cloud environments is required. • - Strong familiarity with frameworks such as SOC 2, HITRUST, HIPAA/HITECH, ISO 27001/27002, NIST CSF. • - Experience working cross-functionally with engineering, product, IT, and clinical/operational teams. • - Hands-on experience with audits, external assessors, and certification processes. • - Strong knowledge of third-party risk management, incident response, and security governance. • - Excellent communication skills with the ability to translate technical and compliance risks into business impact. • - Relevant certifications (CISSP, CISM, CISA, CRISC) strongly preferred.

🏖️ Avantages

• This opportunity offers the chance to shape the future of healthcare in a culture where your ideas and contributions have a meaningful impact on the organization's future. You’ll be part of a supportive, collaborative, and diverse team, with competitive compensation and benefits that include generous PTO, paid family leave, comprehensive medical, dental, vision, and life insurance, as well as stock options.