Collective Health’s mission is to make it effortless for organizations and their people to understand, navigate, and pay for their healthcare. We’ve built an innovative technology platform and world-class member concierge service to support our clients and their members, and are entrusted with their most sensitive information. Our growing team of risk and compliance professionals and security engineers are committed to building and implementing safeguards that put the security and privacy of our clients and their members first.
We are currently looking for a Senior Risk and Compliance Associate to assist with continuing to build and operate our risk and compliance program. The Senior Risk and Compliance Associate will collaborate closely with the legal and security engineering teams to ensure we are implementing appropriate security, privacy, and operational safeguards across all areas of the business.
- Perform enterprise risk assessments to identify security, privacy, and operational risks across all business functions, systems, and products
- Identify controls to mitigate identified risks and drive cross-functional collaboration to implement controls
- Develop a common, unified control framework that aligns our controls to relevant information security and privacy standards and regulations
- Collaborate with security, legal, and business stakeholders to perform risk assessments of third parties
- Collaborate with our product and operations teams to conduct privacy impact assessments for new products, features, and processes
- Develop and deliver company-wide security and privacy trainings and assist with awareness activities to build a culture of security awareness
- Assist with responding to external audits and assessments of our security and privacy programs
- Assess and monitor the effectiveness of security and privacy controls across the company and contribute to continuously improving our security, privacy, and risk programs
- 4+ years of work experience in Risk Management, Information Security, Privacy, or IT Compliance related field.
- Experience working at a high-growth technology company and/or consulting or auditing firm
- Excels in a fast-paced, complex environment where business initiatives and priorities are constantly evolving
- Rapidly adapts to changing priorities and willing to tackle areas outside of your core competencies
- Experience with HITRUST, SOC-2, NIST, ISO 27001, or other security standards or certifications
- Experience with core privacy concepts, including, but not limited to data classification, data mappings, data collection and use requirements, and privacy impact assessments.
- Familiar with a broad range of technical concepts including: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy.
- Excellent writing, communication, and presentation skills
- Eagerness to work for an early-stage, mission-driven company
- CISA, CISM, CIPP, CIPM, CISSP, or other relevant professional certifications/associations
- MBA or other advanced degree
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.