Collective Health’s mission is to make it effortless for organizations and their people to understand, navigate, and pay for their healthcare. We’ve built an innovative technology platform and world-class member concierge service to support our clients and their members, and are entrusted with their most sensitive information. Our growing team of risk and compliance professionals and security engineers are committed to building and implementing safeguards that put the security and privacy of our clients and their members first.

We are currently looking for a Senior Risk and Compliance Associate to assist with continuing to build and operate our risk and compliance program. The Senior Risk and Compliance Associate will collaborate closely with the legal and security engineering teams to ensure we are implementing appropriate security, privacy, and operational safeguards across all areas of the business.

Responsibilities

  • Perform enterprise risk assessments to identify security, privacy, and operational risks across all business functions, systems, and products
  • Identify controls to mitigate identified risks and drive cross-functional collaboration to implement controls
  • Develop a common, unified control framework that aligns our controls to relevant information security and privacy standards and regulations
  • Collaborate with security, legal, and business stakeholders to perform risk assessments of third parties
  • Collaborate with our product and operations teams to conduct privacy impact assessments for new products, features, and processes
  • Develop and deliver company-wide security and privacy trainings and assist with awareness activities to build a culture of security awareness
  • Assist with responding to external audits and assessments of our security and privacy programs
  • Assess and monitor the effectiveness of security and privacy controls across the company and contribute to continuously improving our security, privacy, and risk programs

Qualifications

  • 4+ years of work experience in Risk Management, Information Security, Privacy, or IT Compliance related field.
  • Experience working at a high-growth technology company and/or consulting or auditing firm
  • Excels in a fast-paced, complex environment where business initiatives and priorities are constantly evolving
  • Rapidly adapts to changing priorities and willing to tackle areas outside of your core competencies
  • Experience with HITRUST, SOC-2, NIST, ISO 27001, or other security standards or certifications
  • Experience with core privacy concepts, including, but not limited to data classification, data mappings, data collection and use requirements, and privacy impact assessments.
  • Familiar with a broad range of technical concepts including: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy.
  • Excellent writing, communication, and presentation skills

Bonus

  • Eagerness to work for an early-stage, mission-driven company
  • CISA, CISM, CIPP,  CIPM, CISSP, or other relevant professional certifications/associations
  • MBA or other advanced degree
Collective Health is a technology company working to create the healthcare experience we all deserve. Founded in 2013, our team of engineers, designers, product managers, and actuaries are redefining the $1 trillion market of employer-sponsored health benefits with data-driven and people-focused products. Our complete health benefits solution helps great companies like Activision Blizzard, Palantir, Restoration Hardware, and Pinterest take care of their people by harnessing the power of design and technology. Based in San Francisco, CA, we’re backed by some of the best investors in Silicon Valley including Google Ventures, Founders Fund, NEA, and Redpoint Ventures. For more information, visit us at https://www.collectivehealth.com.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Apply for this Job
* Required
File   X
File   X