Information Security Manager
GoHealth has an ambitious mission: to advance health care in America. Achieving this mission relies on hiring and developing great people, which is why our team is our top priority. When you join GoHealth, you can look forward to more than top-notch benefits and height-adjustable desks (although you’ll get those, too). We encourage employees to do their best work through innovation and risk taking. Our environment is fun yet constructive, thanks to leaders whose doors are always open. And most importantly, we’ll never stop investing in you and your career.
Job Description
The Information Security Manager will help guide GoHealth’s Information Security program and provide vision, strategy, and hands-on execution of our security initiatives. In this role, he or she will implement and coordinate the security efforts across the company.
Responsibilities:
- Lead the development and implementation of effective security policies and practices to protect sensitive customer data and corporate assets.
- Ensure compliance with security standards, governmental regulations and company policies through development and management of training programs and periodic security audits.
- Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
- Work with executives to prioritize security initiatives and spending based on appropriate risk management and financial methodology.
- Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene the necessary incident response teams for the purpose of addressing and investigating security incidences that arise.
- Examine impacts of new technologies on the company’s overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
- Evangelize security within the company and provide security advice and guidance to all departments.
- Directly interact with and manage all partner and customer security needs during the RFP process, technical due diligence, or as part of ongoing interactions.
- Lead internal and external audits to ensure adequate controls are in place to support ISO 27001 and HITRUST compliance certifications.Qualifications
- BS or MS in Computer Science, Information Systems or related field.
- Professional certifications such as CISSP, CISM or CISA
- Experience with HIPAA, HITRUST, ISO 27001, PCI-DSS, SOC2 reporting or SOX compliance is a strong plus.
- Strong knowledge of network-based and system-level attacks and mitigation methods, as well as strong knowledge of application level attacks; especially web applications and their mitigation methods.
- Should have experience leading and conducting formal audits in support of an Information Security Management System or certifications.
- Must be an excellent communicator who can effectively work with the executive management team and articulate security-related concepts to a broad range of technical and non-technical staff.
- Should have experience with business continuity planning, auditing, and risk management, as well as third-party security management.
- Must be able to effectively evaluate security and compliance requirements, understand their impact on the business, and design creative security solutions that are not disruptive to the business.
- Minimum of 3-5 years of direct management and support of an Information Security Management Program.
- Minimum of 5 years of cumulative experience in at least two security specific domains.