JELLYVISION NEEDS AN INFORMATION SYSTEMS AUDITOR
We here at Jellyvision are the proud parents of ALEX®, an interactive employee communications platform that happens to share some DNA (and a sense of humor) with the smash-hit trivia video game YOU DON’T KNOW JACK®, created by Jellyvision's founder. ALEX makes navigating tricky decisions—like choosing and using employee benefits or improving your financial wellness—easier, faster, and more helpful, not to mention entertaining. The success of the ALEX platform has exceeded our wildest dreams, (except for the part right before we woke up where our mom was riding a giraffe), which is why we need talented folks like you to help us help ALEX take over the world…er…continue to grow and succeed.
SO WHAT'S THIS JOB ABOUT?
As a member of our Information Security and Compliance team, you will be a critical piece of our charming yet practical puzzle that ensures that we have our i’s dotted and t’s crossed when it comes to HIPAA and other regulatory compliance, aligns us to our controls framework and policies, and keeps us in check with a smattering of other industry best practices.
You will help with the:
- Performing of internal audits and assessments of our systems and processes
- Identification of gaps in security and compliance
- Herding of stakeholders to come up with risk treatment plans including timeframes
- Promotion and monitoring of controls frameworks and best practices within our IT and OPS departments
- Auditing of vendors and review of their third-party audits
- Maturation of our compliance monitoring
- Oversight of external auditors and assessors
WHAT KIND OF SKILLS SHOULD I HAVE?
- Industries: Healthcare! OCR Phase 2 Auditing Protocol experience would be preferred, but not necessary if you used a different method.
- Frameworks and Standards: Familiarity with a framework or standard such as NIST CSF, HITRUST CSF, ISO 2700x, or NIST SP 800-53. Understand the basics of administrative, technical and physical controls, and also preventive, detective and corrective controls. And know useful examples of those controls.
- Technical knowledge: You don’t need to know how to build a fully armed and operational Death Star from scratch. You should understand the basics of information systems, AWS or other IaaS providers, the technical portions of capacity planning, etc.
- CISA: A CISA would be nice but we understand that five years of experience is often needed, so if you don’t have your CISA yet we can help with that.
- Audit chops: You should have familiarity and experience with a risk-based process of auditing information systems and vendors. We are looking for someone with an eye to pull out truth from a sea of evidence, identify what’s wrong, and help formulate a high-level plan to achieve compliance.
- Security-fu: You don’t need to be able to hack into the NSA, but you should be familiar with concepts such as security testing techniques, the protection of assets, encryption, securing different types of networks, incident response, identity and access management, sufficient logging, and the like.
- People skills: You need to know how to ask a lion for its freshly killed prey without getting injured. If you don’t have that skill, then we would appreciate it if you were able to work well with others and are able to diffuse potentially tense situations to gather audit evidence.
HOW MUCH EXPERIENCE DO I NEED?
We are looking for someone with four or more years of auditing, preferably in healthcare. Performing BIAs and other parts of risk management is beneficial, but not essential.
Think we’ve forgotten something that makes you a rock star auditor? Tell us about it!
ANYTHING ELSE? We share a commitment to excellence and a desire to work in a comfortable, friendly atmosphere, so we only hire nice, bright, funny people who are willing to work hard. Our credo is a simple one: be helpful. And we think we can be most helpful if our workforce is as diverse in thought, perspective, and culture as the people who use our products. We are looking to add amazing folks to our team who will bring diversity across many lines, including race, ethnicity, religion, sexual orientation, age, marital status, disability, gender identity, sex, and country of origin.
ARE THERE ANY PERKS? Yes, we love perks.
- Competitive pay, 401(k) with matching and benefits. We pay 100% of the cost of premiums for medical, dental, vision, disability and life insurance for our employees (as long as you qualify for our tobacco-free discount; if you’re a tobacco user, your medical premiums will be higher than $0). We also cover a really nice chunk of the cost of premiums for spouse/dependent medical, dental and vision insurance.
- Casual dress and a flexible schedule. Come in a sweatshirt, jeans, whatever, like everyone else here.
- Creative work environment. We are lucky to work in a place that is full of intelligent, talented and innovative folks. Although most hours the place is deathly quiet (we're a focused bunch), this is punctuated with hilarious outbursts and general merriment, which makes a nice way to spend the day.
- Free food. Every week, we stock our kitchen with free healthy snack foods, and we have a catered lunch every other week to give people a reason to hang out and eat together.
- Easy transportation and lots of love for folks who bike to work. We’re really close to the North/Clybourn red line stop and the Halsted (#8) bus (right by the Apple Store and Mega Whole Foods too), and we have a transit FSA that allows you to dedicate pre-tax dollars to public transportation expenses. A number of our employees like to bike to work, so we also have bike storage, showers and lockers in the office. And for those without their own bike in the city, we offer free divvy memberships – complete with Jellyvisionbike helmets you can borrow from the office.
- Did we mention our yoga class? We bring a pro instructor right to the office. Fully subsidized by Jellyvision and fully optional, btw.
- Oh! And we have a massage chair. Not just any massage chair, my friend. It’s the HumanTouch HT 5320 WholeBody™ Massage Chair. Feeling a little stiff? Sit down. Relax. Feel better? Good. Okay, back to work.
AND HOW DO I APPLY?
We look forward to hearing about you and what you do. Make sure your application includes:
- A cover letter that highlights three reasons you think you’d be great for the gig, focusing on how your past experience has prepared you for this kind of position. Writing is key to all we do, and we weigh cover letters heavily. We love a cover letter that really shows us your personality (check out our company bios to see the wide range of personalities we’ve already got in house), but don’t stress if you’re not a comedian. You don’t have to be funny. Just be yourself. We’re mostly interested in learning who you are, what you love to do, and why you’d love to do it here with us.
- Your resume
You will receive an auto-reply confirming that we've received your application.
Please know that every single application we receive is read by a real live human being. However that kind of thoughtful review takes time, so it may take us a little while to get back to you (but we will, we promise). In the meantime, NO FOLLOW UP PHONE CALLS OR EMAILS, PLEASE. It’s not that we don’t love hearing from you. It’s just that time spent responding to follow ups could be spent…well…reading your application. Please rest assured that if you received a confirmation from Recruiting Robot, we’ve got your application, and will get back to you really soon. We knew you’d understand.
If you still have pressing questions in the meantime, please feel free to check out our handy-dandy FAQ page!
Thanks for your interest in Jellyvision!