Senior IT Manager

What you will do:

• Lead IT Support for a remotely distributed workforce through implementing ITSM best practices
• Fully manage the installation, configuration, and maintenance of physical and virtual assets and serve as the go-to IT resource for company employees
• Manage onboarding and off-boarding processes of employees, including computer/hardware procurement, setup, and account provisioning on Apple and Windows Devices. 
• Create accurate and clear technical, security, and HIPAA-related documentation, develop support playbooks and process governance, own data flow maps and systems inventory 
• Build and maintain vendor relationships, including tracking vendors, contract terms, security requirements, Business Associate Agreements (BAAs) maintenance, and policies
• Oversee and manage the organization's security strategy and initiatives to protect its assets, employees, and stakeholders and ensure compliance with industry standards and regulations
• Conduct regular risk assessments to identify potential security and HIPAA vulnerabilities, develop mitigation plans, and lead the response to security incidents, coordinating efforts to minimize impact and recover from breaches
• Develop and test business continuity and disaster recovery plans
• Own and support the IT, security, and data infrastructure required to maintain HIPAA compliance across the organization as required under HIPAA Security and Privacy Rules
• Partner with Legal, People, Operations, and Engineering to ensure appropriate safeguards are in place for the protection of PHI and other sensitive data
• Support internal and external audits, security questionnaires, and customer due diligence related to HIPAA and data protection practices
• Develop and deliver employee security and HIPAA awareness training in partnership with People Ops and Legal
• Assist in investigation and response to potential security or privacy incidents involving PHI, including documentation and remediation tracking
• Continuously improve controls and processes to strengthen Sana’s security posture and ensure ongoing HIPAA compliance as the organization scales

About you:

• Bachelor’s degree in Information Security, Computer Science, or a related field preferred; Master’s degree is a plus.
• Minimum of 8 years’ experience in the IT industry, with at least 5 years in information security roles.
• 5+ years of experience with management of IT Assets, Services and Cloud applications, procurement, and employee on-boarding/off-boarding workflows
• Experience working in a small company going through hyper-growth
• Strong analytical and problem-solving abilities.
• Exposure to HIPAA compliance highly desirable. 
• Advanced certifications such as CISSP, CISM, or CISA are highly desirable.
• In-depth knowledge of information security standards, frameworks, and best practices (e.g., ISO 27001, NIST, CIS Controls).
• In-depth knowledge of IT standards, frameworks, and best practices (e.g., ITIL, COBIT).
• Solid understanding of networking, systems, and information security principles.
• Strong project management skills.

Benefits:

• Remote company with a fully distributed team – no return-to-office mandates
• Flexible vacation policy (and a culture of using it)
• Medical, dental, and vision insurance with 100% company-paid employee coverage
• 401(k), FSA, and HSA plans
• Paid parental leave
• Short and long-term disability, as well as life insurance
• Competitive stock options are offered to all employees
• Transparent compensation & formal career development programs
• Paid one-month sabbatical after 5 years
• Stipends for setting up your home office and an ongoing learning budget
• Direct positive impact on members’ lives – wait until you see the positive feedback members share every day