Manager, IT Compliance

GoHealth Intro: GoHealth is a leading health insurance marketplace and Medicare-focused digital health company. Through the efficient, multi-tiered guidance of our highly specialized licensed insurance agents, GoHealth meets Medicare consumers where they are in their enrollment journeys and empowers them to choose the plan and carrier best suited for their healthcare needs. Our extensive industry expertise, including the use of data science and machine learning with key investments in proprietary technology, helps consumers cut through the confusion and enroll confidently. 

Learn more about the GoHealth Culture in this video.

Why Apply: As an industry leader in the Medicare marketplace, we are compelled to not only embrace change but to actively be the change to adapt to our consumers complex needs. We believe in hiring risk-takers, innovators, and collaborators within our industry to create individualized, simplified healthcare solutions for our beneficiaries. 

Our #TeamGoHealth employees are at the core of our collective success; that's why we are committed to discovering the best in-class talent and ensuring that each team member receives the development tools and support they need to flourish in their professional endeavors. 

We also understand that you may not check every box in our requirements list -- most applicants don’t! In fact, frequently cited statistics show that women and underrepresented groups apply to jobs only if they meet 100% of the qualifications. GoHealth encourages you to break that statistic and to apply today! 

About the role:  We are seeking a dynamic individual to join our team as a Manager, GRC (Governance, Risk, and Compliance). As a key member of our compliance group, you will lead a team and collaborate with multiple vendors to develop and maintain a robust model for Cyber and Third-Party Risk Management and Business Continuity / DRP processes.  Specifically, your role will involve conducting IT risk assessments, overseeing continuous monitoring efforts, and facilitating the deployment of a GRC platform.  Additionally, we are also seeking a manager to establish and implement a comprehensive privacy program, centered on the upcoming deployment of Data Loss Prevention (DLP) solutions, data discovery capabilities, and a robust data governance framework.  You will focus on regulatory compliance monitoring for various standards including CMS, NIST, HITRUST, NY DFS, various privacy frameworks, and carrier contractual obligations.

What You’ll Do

• Partner with service providers to build a comprehensive cyber risk management process, including periodic cyber risk assessments, leveraging frameworks like NIST, HITRUST, and NY DFS.
• Lead efforts in deploying a TPRM framework that evaluates vendor security postures, ensures compliance, and manages inherent and residual risks.
• Implement and maintain a top-down Business Continuity and Disaster Recovery strategy, ensuring alignment with enterprise risk management goals and objectives.
• Deploy and manage processes and tooling within LogicGate’s GRC platform to enhance risk visibility, control, and compliance efforts.
• Help establish and deploy a privacy program with foundational capabilities, such as data governance frameworks, data discovery solutions, and Data Loss Prevention (DLP) implementations.
• Build out real-time risk dashboards and establish continuous monitoring mechanisms for cyber risk, compliance, and third-party risks.
• Deploy and maintain a cybersecurity control framework (CSA model) and conduct regular assessments to ensure its effectiveness and alignment with industry standards.
• Monitor compliance with CMS and carrier contractual obligations, ensuring that regulatory and business requirements are met.

What We’re Looking For

• Bachelor's degree in Information Technology, Cybersecurity, Business Administration, or related field. Master's degree preferred.
• Minimum of 3-5 years of experience in GRC, compliance, or related roles, with demonstrated expertise in cyber and third-party risk management.
• Have explicit experience in developing, leading, and maintaining end-to-end cyber risk management programs using NIST RMF.
• Knowledge of privacy programs, data governance, data discovery, and DLP solutions.
• Experience managing a team and leading cross-functional projects.
• Strong understanding of regulatory requirements and standards such as CMS, NIST, HITRUST, NY DFS, and carrier contractual obligations.
• Experience with GRC platforms and tools preferred.
• Excellent communication, leadership, and problem-solving skills.

Location

• Chicago, IL

What We Offer

• Fast-paced, entrepreneurial environment
• Opportunity to make a real impact
• Mentorship from senior leaders to invest in your career growth
• Open vacation policy because work life balance is important
• 401k program with company match
• Employee Stock Purchase Program
• Medical, dental, vision, and life insurance benefits
• Paid maternity and paternity leave
• Employee Resource Groups

#LI-SR1

#IDCORP