Security GRC Program Manager
Company: Oak Street Health
Title: Security GRC Program Manager
Location: Chicago, IL
Company Description
The mission of Oak Street Health is to rebuild healthcare as it should be.
We are a rapidly growing, innovative company of community-based healthcare centers delivering higher quality health and wellness care that improves outcomes, manages medical costs and provides an unmatched experience for adults on Medicare.
The Oak Street model integrates outstanding clinical expertise, technology, and teamwork to deliver improved care quality and cost savings. These cost savings are then reinvested into care in our communities, creating a virtuous cycle of improving community health.
We are a national organization serving over 100,000 patients and we are growing rapidly. We are a diverse team of care providers, service team members, technologists, community outreach experts, business professionals, and more -- all dedicated to our Oaky Values and motivated by our mission. We’re looking forward to getting to know you!
For more information, visit www.oakstreethealth.com.
Role Description:
Oak Street Health is looking for a Security GRC Program Manager to join our growing security team. This role reports directly to the CISO and is responsible for security governance, risk and compliance activities in a healthcare data environment.
This is a unique opportunity to be part of a team rearchitecting its security program to account for dynamic growth, expansion and new service offerings. Oak Street Health has significant regulatory requirements in its role as a national healthcare provider in the Medicare space.
This is a hands-on role, participating in all phases and all aspects of our security GRC program, from assessing a wide range of security controls, to overseeing remediations efforts to overall responsibility for our evidence locker. This role requires a balance of security GRC acumen and a willingness to fully commit to making the program successful!
Core Responsibilities:
Work hands-on with key members of the IT and security teams to assess and audit a wide-range of cybersecurity solutions to help achieve compliance with healthcare and Medicare requirements, such as the HIPAA Rules and NIST SP 800-53.
Take ownership for the development and execution of an annual assessment calendar encompassing both in-house and third-party security solutions.
Provide SME-level guidance and insight for members of Oak Street Health’s IT infrastructure and application development teams related to security requirements, regulations and contractual obligations.
Play a significant role in Oak Street Health’s Security Risk Management Program, through the identification, analysis and treatment of security risk.
Work with the CISO and members of the Cybersecurity Team on Oak Street Health’s goal of achieving the HITRUST CSF and NIST Cybersecurity Framework Certifications.
What are we looking for?
Bachelor’s Degree or an equivalent level of education and experience
7+ years of experience with security governance, risk and/or compliance
5+ years working in a regulated industry; experience in the healthcare space with the HIPAA Rules, HITRUST and NIST is a plus
Relevant security certifications including CISSP, CISA, CRISC, CISM, GSNA, etc. are highly desired
Ability to communicate effectively, both verbally and in writing, across a diverse team of business, technology and compliance leaders
Excellent problem solving skills with the ability to deliver effective and efficient solutions
Self-motivated, able to work both independently and as a team
Someone who embodies being “Oaky”
What does being “Oaky” look like?
Radiating positive energy
Assuming good intentions
Creating an unmatched patient experience
Driving clinical excellence
Taking ownership and delivering results
Being scrappy
Why Oak Street?
Oak Street Health offers our coworkers the opportunity to be at the forefront of a revolution in healthcare, as well as:
Collaborative and energetic culture
Fast-paced and innovative environment
Competitive benefits including paid vacation and sick time, generous 401K match with immediate vesting, and health benefits