ABOUT WELL HEALTH

Our Mission: Make healthcare the gold standard in customer service.

What We Deliver: WELL™ Health is a SaaS digital health leader in patient communications and the 2021 Best in KLAS winner in Patient Outreach. WELL Health’s intelligent communications hub is the only two-way digital health solution engaging patients throughout their entire care experience. WELL Health enables conversations between patients and their providers through secure, multilingual messaging in the patient’s preferred communications channel: texting, email, telephone, and live chat. By unifying and automating disjointed communications, WELL Health helps healthcare organizations drive more patient visits, build exceptional patient loyalty, and reduce staffing costs, frustration and turnover. 

Our Impact: WELL Health helps 200k+ healthcare providers facilitate more than 1 billion messages for 30+ million patients annually. 

Our award-winning culture: In 2021, WELL Health was named #10 on the Forbes list of America’s Best Startup Employers and was also recognized as one of the Best Midsize Companies to Work for in Los Angeles by Built In LA. Additionally, WELL is proud to recently be named #484 on the Inc. 5000 list of fastest growing private companies. In 2020, WELL Health was named among the Best Places to Work by Modern Healthcare

SUMMARY

WELL is looking for a jack of all trades, Senior Information Security Officer to support our company-wide information security risk and governance program. You will report directly to our VP, CISO. You will be responsible for setting up and running the security operations that keep our customers’ and our company’s data safe. You will come in on day one and learn our control frameworks, and help operate controls across each domain of the program. You are excited about being involved in all facets of security, and you have a passion for keeping data safe. 

You have strong organization skills, and work well across departments. You are able to wear multiple hats, and manage large initiatives such as a full HITRUST audit. You will quickly be able to operationalize compliance requirements, and identify and mitigate technology risks for the company. You will have the ability to develop, implement, and execute on processes in a fast-paced environment.

This position is an exciting opportunity if you are looking to be at the forefront of healthcare technology and are passionate about security.

RESPONSIBILITIES 

  • Administer and operate our GRC (Governance, Risk, and Compliance) tool and ensure compliance requirements such as HITRUST, HIPAA, and GDPR are met
  • Develop and maintain security / technology related policies, procedures, and standards that address security requirements related to strategies, regulations, and business & technology risks
  • Perform information security control reviews and assessments across technology and business teams
  • Identify, quantify, track, and lead mitigation of risks and control exceptions in collaboration with Third Party Risk program requirements
  • Lead audit efforts related to HITRUST, SOC2, and various other audits
  • Maintain asset inventory and risk reduction response documentation
  • Participate in security related meetings with clients
  • Respond to RFPs and security questionnaires
  • Respond to security related incidents

REQUIREMENTS

  • A Bachelor's degree in Information Security, Computer Science, Management Information Systems, Computer Information Systems, or a related discipline (or equivalent experience)
  • Relevant security certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISMP (Certificate in Information Security Management Principles)
  • 3-5 years of experience in one or all of the following: Information technology security programs, audits, assessments, risk, or remediation management work experience
  • Experience with data privacy/protection
  • Experience with FedRAMP Authorization
  • Excellent communication skills, and an ability to collaborate with members of various teams
  • Good problem analysis, problem-solving, and judgment skills
  • Strong project management skills

BONUS

  • Bonus: HITRUST, ISO 27001, HIPAA, NIST 800-53, PCI DSS, SSAE 18 and/or other risk-centric standards and frameworks
  • Internal or external IT audit experience
  • Healthcare experience
  • Experience creating software user training materials
  • Experience with cloud based infrastructure security principles
  • Experience working with distributed teams
  • Startup experience
  • SaaS experience

LOCATION

WELL is headquartered in Santa Barbara, CA. For this role, we are looking for candidates that are currently located within the United States and are seeking a permanently remote role. #LI-Remote

WORKING AT WELL

  • Fantastic company culture – frequent Zoom company events (Lunch & Learns, trivia, yoga, etc.) and daily fun brought to you by many creative Slack channels.
  • Employee equity groups – 11 groups available for all to join. Black & Latinx, Women, LGBTQ+, Disability, and many more!
  • Learning and development – frequent events and tools available to help our employees #PursueGrowth.
  • Career mobility – we promote from within and have opportunities for employees to transfer between teams. 
  • Santa Barbara office perks dog-friendly office, healthy (and unhealthy) snacks, Kombucha and beer on tap, light-filled space, standing desks, and the occasional taco truck.
  • Company perks and benefits MacBook Pro provided, unlimited PTO, generous equity package and full health benefits (medical, dental, and vision).

Interested in learning more? Please visit our LinkedIn page or our Life at WELL Instagram (@wellhealthinc). To hear firsthand what it’s like to work at WELL, please view this team video

Committed to Diversity, Equity, and Inclusion

WELL Health Inc. is an Equal Opportunity Employer and is committed to fair and equitable hiring practices. All hiring decisions at WELL are based on strategic business needs, job requirements and individual qualifications. All candidates are considered without regard to race, color, religion, gender, sexuality, national origin, age, disability, genetics or any other protected status. 

We’re dedicated to creating an inclusive, equitable, and diverse workplace, where everyone feels safe to be themselves and diversity is a strength. WELL is committed to providing employees with a work environment free of discrimination and harassment; WELL will not tolerate discrimination or harassment of any kind.

 

Apply for this Job

* Required
  
  
When autocomplete results are available use up and down arrows to review
+ Add Another Education


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at WELL Health Inc. are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.