Compliance Program Manager
ABOUT WELL HEALTH
Our Mission: Make healthcare the gold standard in customer service.
What We Deliver: WELL™ Health is a SaaS digital health leader in patient communications and the 2021 Best in KLAS winner in Patient Outreach. WELL Health’s intelligent communications hub is the only two-way digital health solution engaging patients throughout their entire care experience. WELL Health enables conversations between patients and their providers through secure, multilingual messaging in the patient’s preferred communications channel: texting, email, telephone, and live chat. By unifying and automating disjointed communications, WELL Health helps healthcare organizations drive more patient visits, build exceptional patient loyalty, and reduce staffing costs, frustration and turnover.
Our Impact: WELL Health helps 200k+ healthcare providers facilitate more than 1 billion messages for 30+ million patients annually.
Our award-winning culture: In 2021, WELL Health was named #10 on the Forbes list of America’s Best Startup Employers and was also recognized as one of the Best Midsize Companies to Work for in Los Angeles by Built In LA. Additionally, WELL Health is proud to recently be named #484 on the Inc. 5000 list of fastest growing private companies, and #133 on Deloitte’s 2021 Technology Fast 500. In 2020, WELL Health was named among the Best Places to Work by Modern Healthcare.
SUMMARY
WELL is looking for a Compliance Program Manager to support our company-wide information security risk and governance program. You will report directly to our Director of Information Security. You will come in on day one and learn our control frameworks, and help operate controls across each domain of the program. You are excited about being involved in all facets of security, and you have a passion for keeping data safe.
You have strong organization skills, and work well across departments. You are able to wear multiple hats, and manage large initiatives such as a full ISO, SSAE18 or HITRUST audit. You will quickly be able to operationalize compliance requirements, and identify and mitigate technology risks for the company. You will have the ability to develop, implement, and execute on processes in a fast-paced environment.
This position is an exciting opportunity if you are looking to be at the forefront of healthcare technology and are passionate about security.
RESPONSIBILITIES
- Administer and operate our GRC (Governance, Risk, and Compliance) tool and ensure compliance requirements such as HITRUST, HIPAA, and GDPR are met
- Develop and maintain security / technology related policies, procedures, and standards that address security requirements related to strategies, regulations, and business & technology risks
- Perform information security control reviews and assessments across technology and business teams
- Identify, quantify, track, and lead mitigation of risks and control exceptions in collaboration with Third Party Risk program requirements
- Lead audit efforts related to HITRUST, ISO 27001, SOC2, and various other audits
- Maintain asset inventory and risk reduction response documentation
- Participate in security related meetings with clients
- Respond to RFPs and security questionnaires
- Respond to security related incidents
REQUIREMENTS
- A Bachelor's degree in Information Security, Computer Science, Management Information Systems, Computer Information Systems, or a related discipline (or equivalent experience)
- Relevant security certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISMP (Certificate in Information Security Management Principles)
- 3-5 years of experience in one or all of the following: Information technology security programs, audits, assessments, risk, or remediation management work experience
- Experience with data privacy/protection
- Experience with HITRUST
- Excellent communication skills, and an ability to collaborate with members of various teams
- Good problem analysis, problem-solving, and judgment skills
- Strong project management skills
BONUS
- Bonus: FedRamp, ISO 27001, HIPAA, NIST 800-53, PCI DSS, SSAE 18 and/or other risk-centric standards and frameworks
- Internal or external IT audit experience
- Healthcare experience
- Experience creating software user training materials
- Experience with cloud based infrastructure security principles
- Experience working with distributed teams
- Startup experience
- SaaS experience
LOCATION
WELL is headquartered in Santa Barbara, CA. For this role, we are looking for candidates that are currently located within the United States and are seeking a permanently remote role. #LI-Remote
WORKING AT WELL
- Fantastic company culture – frequent Zoom company events (Lunch & Learns, trivia, yoga, etc.) and daily fun brought to you by many creative Slack channels.
- Employee equity groups – 11 groups available for all to join. Black & Latinx, Women, LGBTQ+, Disability, and many more!
- Learning and development – frequent events and tools available to help our employees #PursueGrowth.
- Career mobility – we promote from within and have opportunities for employees to transfer between teams.
- Santa Barbara office perks – dog-friendly office, healthy (and unhealthy) snacks, Kombucha and beer on tap, light-filled space, standing desks, and the occasional taco truck.
- Company perks and benefits – MacBook Pro provided, unlimited PTO, generous equity package and full health benefits (medical, dental, and vision).
Interested in learning more? Please visit our LinkedIn page or our Life at WELL Instagram (@wellhealthinc). To hear firsthand what it’s like to work at WELL, please view this team video.
Committed to Diversity, Equity, and Inclusion
WELL Health is an Equal Opportunity Employer and is committed to fair and equitable hiring practices. All hiring decisions at WELL are based on strategic business needs, job requirements and individual qualifications. All candidates are considered without regard to race, color, religion, gender, sexuality, national origin, age, disability, genetics or any other protected status.
With that said, research shows that women and other underrepresented groups apply only if they meet 100% of the criteria. WELL Health is committed to leveling the playing field, and we encourage you to apply for positions even if you do not meet 100% of the criteria. We would love to connect with you and see if you would be a great fit for our role!
We’re dedicated to creating an inclusive, equitable, and diverse workplace, where everyone feels safe to be themselves and diversity is a strength. WELL is committed to providing employees with a work environment free of discrimination and harassment; WELL will not tolerate discrimination or harassment of any kind.
Candidates should be aware that WELL Health currently maintains a policy requiring all employees (Resident, Mobile and Remote) to be fully vaccinated. New employees should be fully vaccinated by their start date. WELL Health is an equal opportunity employer, and will provide reasonable accommodation to those unable to be vaccinated where it is not an undue hardship to the company to do so as provided under federal, state, and local law.