About This Role

The Senior IT Compliance Analyst will operate at multiple levels within the organization leading and participating in IT compliance projects, risk assessments, SOX, NIST and HIPAA compliance, and IT policy management.  In addition, the Senior IT Compliance Analyst will work with IT and business groups to identify and recommend solutions on IT Compliance related issues and provide expertise surrounding a broad range of compliance duties.  We operate in a highly regulated environment (SOX, NIST, HIPAA, SOC 2, GDPR, ISO, FDA, The Joint Commission) and the IT Compliance Analyst must have a working knowledge in these regulations. 

Specific job responsibilities include:

• Actively identify and respond to IT compliance issues and incidents related to systems and workflow to ensure internal compliance controls are appropriate and operating as intended within the organization.
• Evangelize compliance initiatives and engage with operations and development teams to ensure adherence to policy guidelines and compliance standards. 
• Assist leading coordination and remediation efforts for compliance activities related to IT SOX compliance annual SOC 2 and SOC 3, HIPAA, NIST, and other compliance assessments.
• Maintain IT policies and procedures and lead annual update efforts.
• Conduct Proof of Concepts for solutions and technologies required for IT Compliance.
• Collaborate with various teams for IT Compliance activities, as required.
• Play a key role the development and ongoing delivery of IT compliance and HIPAA awareness training.
• Coordinate execution of annual incident response and disaster recovery table-top walkthroughs and update processes and associated documentation.
• The successful candidate will lead cross organizationally through influence and help shape operating processes with value-add recommendations and regulatory guidance.

About you:

• At least 8 years of IT SOX, NIST 800-53 and HIPAA experience preferably in a healthcare related industry and public company environment; with at least five (5) years of experience with security operations and risk assessment preferred.
• Experience performing regular User Access Reviews (UAR).
• Proven history of success partnering with IT control owners to implement new compliance frameworks (such as NIST 800-53, ISO, or SOC2)
• Experience with operation of Identity Access Management (IAM) and Data Loss Prevention (DLP) solutions such as Okta, Sailpoint, and FairWarning.
• Working knowledge of HIPAA/HITECH, GDPR, ISO, NIST 800-53, SOX and other compliance regulations.
• Ability to think strategically about compliance risks and tie those to organizational priorities.
• Capable of building a network of relationships across organizational functions and to liaise with senior management.
• Excellent written and verbal communication skills; experience developing and delivering presentations and reports.
• Relevant professional certifications such as Certified Information Systems Auditor (CISA), Certified Information System Professional (CISSP)
• Bachelor’s degree in Computer Science, Information Security, or related field required

What's In It For You

This is a regular full-time position with competitive compensation package, excellent benefits including medical, dental, and vision insurances (all of which start on your first day), health savings account employer contributions (when enrolled in high deductible medical plan), cafeteria plan pre-taxed benefits (FSA, dependent care FSA, commute reimbursement accounts), travel reimbursement for medical care, noncontributory basic life insurance & short/ long term disability. Additionally, we offer:

• emotional health support for you and your loved ones
• legal / financial / identity theft/ pet and child referral assistance
• paid parental leave, paid holidays, travel assistance for personal trips and PTO!

iRhythm also provides additional benefits including 401(k) (with company match), an Employee Stock Purchase Plan, pet insurance discount, unlimited amount of Linked In Learning classes and so much more! 

FLSA Status: Exempt

#LI-SB-1

#LI-Remote

Hi, we're Oscar. We're hiring a Senior Engineering Manager, Identity & Access Management to join our Engineering team.

Oscar is the first health insurance company built around a full stack technology platform and a focus on serving our members. We started Oscar in 2012 to create the kind of health insurance company we would want for ourselves—one that behaves like a doctor in the family.

About the role

As the tech-lead and people manager of the Identity and Access Management team, you will protect the data our customers have entrusted to us, and make it possible for Oscar management to make informed, risk-calibrated decisions.

Privileged account/access management (PAM) is one of the most critical parts of identity and access management to get right. We are building out our PAM program to become a leader in the area. We're looking for someone to help us achieve that mission and serve as a leader to the IAM Team and its partner teams.

In this role, you will be responsible for defining the strategy, roadmap and leading the implementation. You’ll collaborate closely with stakeholders in the Infrastructure, Security and IT teams to architect and build solutions that improve Oscar’s compliance posture. You will write software primarily in Golang / Python, deploy it on AWS with Kubernetes, and manage infrastructure elements with Terraform.

You will report to the Director, Engineering.

Work Location

Oscar is a blended work culture where everyone, regardless of work type or location, feels connected to their teammates, our culture and our mission. 

If you live within commutable distance to our New York City office (in Hudson Square), our Tempe office (off the 101 at University Ave), or our Los Angeles office (in Marina Del Rey), you will be expected to come into the office at least two days each week. Otherwise, this is a remote / work-from-home role.

You must reside in one of the following states: Arizona, California, Colorado, Connecticut, Florida, Georgia, Illinois, Iowa, Maryland, Massachusetts, Michigan, Minnesota, New Hampshire, New Jersey, New Mexico, New York, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, Tennessee, Texas, Utah, Virginia, Washington, or Washington, D.C. Note, this list of states is subject to change.

Pay Transparency

The base pay for this role in all locations is: $174,400 - $228,900 per year. You are also eligible for employee benefits, participation in Oscar’s unlimited vacation program, company equity grants, and annual performance bonuses.

Responsibilities

• Become the expert on your team's business and technical domains
• Lead the planning, execution and release of complex technical projects
• Work with partners, product managers, and designers to solve challenging problems
• Lead and mentor engineers on the team to improve technology and apply best practices
• Independently responsible for large or complex technology capabilities (set of components or services) within their team's domain or spanning multiple domains
• Facilitates, encourages, and enhances cross-team execution and collaboration; knows when cross-team projects are at risk and actively mitigates risk to deliver on time
• Prolific contributor to the objectives of their functional group, as well as (potentially) organization-wide projects
• Drives prioritization of technical roadmap and influences prioritization of product roadmap and process enhancements within their team
• Actively identifies and reduces failure domains
• Builds software to minimize effort and business impact during maintenance and failures 
• Guides the development of Service-Level Objectives (SLOs) for systems they are responsible for
• Own medium to large features or infrastructure projects from technical design through completion
• Compliance with all applicable laws and regulations
• Other duties as assigned

Qualifications

• 6+ years of professional software engineering experience, working with a variety of technologies, and have increasingly impactful accomplishments
• Experience as a major contributor cross-pod or cross-company deliverables
• Experience leading technical contributions, improving the quality of what your teams create, and are excited to build fault-tolerant, and scalable software systems.
• Demonstrates expertise of the practical application of CS concepts within their team.
• Sets and enforces the standard for writing stable, correct, and maintainable code 
• Experience mentoring and training more junior engineers

Bonus Points

• 6+ years of experience in enterprise IAM tools and technologies - IGA, privileged account/access management, access management, MFA, Modern authentication solutions, access control models - RBAC, ABAC/PBAC 
• Familiarity with Okta Identity Governance and Sailpoint IIQ
• Familiarity with AWS and/or GCP and developing with containers (Docker, Kubernetes) in cloud computing environments.
• Familiarity with regulatory and compliance requirements - HIPAA, SOX, MAR, PCI DSS
• Worked in agile and high-paced environments
• CISSP Certified 

How will this role have an impact?

Signify Health is looking for a Tools Ops Admin- Sailpoint Engineer IdentityNow to join our Enterprise Applications and Tool Operations Team. The  Tools Ops Admin- Sailpoint Engineer  will help shape and drive the Identity Access Management and Identity Governance program within Signify Health. In this role, you will be involved in the design, implementation, and maintenance of our identity management environment.

The individual will engage business and technical partners to ensure access is clearly defined and identified in an effort to mature and scale the scope of control and reduce risk. This role collaborates with Information Security, HR, and other teams in the design, planning, and implementation of access management solutions. This includes oversight of access provisioning, access management, and all identity management access and governance. This role also assists the organization in achieving IAM maturity including ongoing compliance with current regulations.

What will you do?

• Define strategy for the execution of Identity and Access Management program
• Design, develop, maintain ,and implement various lifecycle events using the SailPoint Identity Now platform.
  This includes (Joiner, Leaver, Mover, Rehire and Inactive).
• Customize workflows, forms, rules, roles, policies, reports, certifications
• Actively seeks new ways of automating and eliminating task-based and repetitive work, to remove human error, and improve security posture
• Implement and enforce mechanism to proactively monitor, respond and report on inappropriate data access events
• Provide support for all design, implementation, and maintenance activities related to Identity Access Management (IAM) with SailPoint.
• Identify, troubleshoot, and resolve SailPoint-related functional and technical issues
• Aid in the development of a strong Identity Governance program by identifying and working with stakeholders to onboard new platforms and applications into SailPoint with the goal of implementing Role-Based Access Control (RBAC)
• Under general direction, holds responsibility for the lifecycle management of enterprise end user accounts in various enterprise applications and services such as Active Directory, Azure Active Directory, Jira, ADP, Google Workspace, and SailPoint IdentityNow, and provides provisioning fulfillment services as needed
• Manage, maintain, and monitor the IAM application environment and tools; ensure the systems stay current and are running efficiently
• Adhere to defined coding standards and develop well-structured, maintainable and easy to understand code.

We are looking for someone with:

• Bachelor's degree in Computer Science, Engineering, Information Systems, or equivalent background or experience.
• 5+ years Sailpoint IAM experience
• Good understanding of Identity & Access Governance including access request, certification, and role-based access control.
• Ability to communicate about SailPoint and implementation at both the functional and technical level
• SailPoint Certified IdentityNow Engineer certification strongly preferred
• Excellent development / coding skills relevant to SailPoint (java / beanshell / oracle / jsf etc.).
• Security certifications such as CISSP, CISM, CISA, or CRISC a plus
• Experience in:
  • Leading IAM implementations
  • Developing complex lifecycle workflows
  • Developing custom connectors
  • Configuring custom reports and dashboards
  • ADP to SailPoint integration

The base salary hiring range for this position is $100,000 to $130,000. Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits.

In addition to your compensation, enjoy the rewards of an organization that puts our heart into caring for our colleagues and our communities.  Eligible employees may enroll in a full range of medical, dental, and vision benefits, 401(k) retirement savings plan, and an Employee Stock Purchase Plan.  We also offer education assistance, free development courses, paid time off programs, paid holidays, a CVS store discount, and discount programs with participating partners.  

About Us:
Signify Health is helping build the healthcare system we all want to experience by transforming the home into the healthcare hub. We coordinate care holistically across individuals’ clinical, social, and behavioral needs so they can enjoy more healthy days at home. By building strong connections to primary care providers and community resources, we’re able to close critical care and social gaps, as well as manage risk for individuals who need help the most. This leads to better outcomes and a better experience for everyone involved.
Our high-performance networks are powered by more than 9,000 mobile doctors and nurses covering every county in the U.S., 3,500 healthcare providers and facilities in value-based arrangements, and hundreds of community-based organizations. Signify’s intelligent technology and decision-support services enable these resources to radically simplify care coordination for more than 1.5 million individuals each year while helping payers and providers more effectively implement value-based care programs.
To learn more about how we’re driving outcomes and making healthcare work better, please visit us at www.signifyhealth.com.

Diversity and Inclusion are core values at Signify Health, and fostering a workplace culture reflective of that is critical to our continued success as an organization.

We are committed to equal employment opportunities for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.