Companies you'll love to work for

Third Party Risk Program Manager

Iora Health

Iora Health

United States
Posted on Wednesday, July 19, 2023

About Us

One Medical is a primary care solution challenging the industry status quo by making quality care more affordable, accessible and enjoyable. But this isn’t your average doctor’s office. We’re on a mission to transform healthcare, which means improving the experience for everyone involved - from patients and providers to employers and health networks. Our seamless in-office and 24/7 virtual care services, on-site labs, and programs for preventive care, chronic care management, common illnesses and mental health concerns have been delighting people for the past fifteen years.

In February 2023 we marked a milestone when One Medical joined Amazon. Together, we look to deliver exceptional health care to more consumers, employers, care team members, and health networks to achieve better health outcomes. As we continue to grow and seek to impact more lives, we’re building a diverse, driven and empathetic team, while working hard to cultivate an environment where everyone can thrive.

The Opportunity

As a Senior Technology Compliance Analyst at One Medical, your primary focus will be managing our third party security risk management program, along with helping mature our technology compliance program. This is an evolving opportunity in tech compliance, with many interesting challenges ahead. The team is growing with opportunities for ownership, autonomy, innovation, and growth. You will execute critical high-profile cross-organizational projects that help improve our business processes while improving our compliance. While driven by regulations and industry standards in technology governance, we are business advisors, helping the organization by ensuring the security and privacy of our member’s, provider’s and employee’s information.

What you'll work on:

Primary Focus Areas:

  • Lead One Medical’s Third Party Risk Program.
  • Support, build, and execute risk-based assessments of third-party vendors’ technology processes and control areas.
  • Help determine the security posture and program maturity of our critical vendors.
  • Serve as a business liaison during the vendor onboarding process to ensure timely review of all potential third-parties.
  • Manage the master vendor and data inventory.
  • Streamlining controls execution and automating compliance activities across the organization and with third-parties.

Secondary Focus Areas:

  • Design, implement, and maintain a risk management program, collaborating with security, privacy, IT, and engineering teams.
  • Engage in audit readiness activities for various frameworks across the entire company (SOC2, PCI, HIPAA, HITRUST, CCPA/CPRA etc).
  • Lead gap remediation projects for technical compliance frameworks across the entire company.
  • Partner with the business as a trusted data privacy and security compliance advisor, providing timely and effective guidance to departments on technology regulatory requirements.

You’ll be set up for success if you have:

  • 3+ years of experience in technology compliance, security, and/or technology audit (internal or external), navigated (and negotiated) audit-related activities with external auditors
  • Experience developing and/or facilitating a Third Party Risk Management Program
  • Experience interfacing with external vendors and stakeholders
  • Experience reading and interpreting external audit / assessment reports (HITRUST, PCI, SOC2, etc)
  • Extensive hands on experience with at least one of the following: HIPAA, PCI, SOC, HITRUST
  • Experience managing cross-organizational projects of moderate scale and complexity
  • Ability to lead through influence and communication
  • Identified, assessed, and advised on compliance risks and controls to a variety of stakeholders and customers
  • Experience with JIRA ticketing and dashboarding

Nice to haves:

  • Experience in enterprise risk management
  • Experience at an accounting or consulting firm
  • Extensive hands on experience with two or more of the following: HIPAA, PCI, SOC, HITRUST, ISO, FedRAMP, CCPA, SOX
  • General understanding of agile methodologies and cloud-first environment
  • Certifications such as: CISA, CISM, CISSP, CRISC, CIPP

Benefits designed to aid your health and wellness:

Taking care of you today

  • Paid sabbatical after 5 and 10 years
  • Employee Assistance Program - Free confidential advice for team members who need help with stress, anxiety, financial planning, and legal issues
  • Competitive Medical, Dental and Vision plans
  • Free One Medical memberships for yourself, your friends and family
  • Pre-Tax commuter benefits
  • PTO cash outs - Option to cash out up to 40 accrued hours per year

Protecting your future for you and your family

  • 401K match
  • Opportunity to participate in company equity programs
  • Credit towards emergency childcare
  • Company paid maternity and paternity leave
  • Paid Life Insurance - One Medical pays 100% of the cost of Basic Life Insurance
  • Disability insurance - One Medical pays 100% of the cost of Short Term and Long Term Disability Insurance

This is a full-time role based anywhere in the United States.

One Medical is committed to fair and equitable compensation practices.

The base salary range for this role is $95,200 to $161,000**. Total compensation packages may be based on factors unique to particular candidates, such skill sets, depth of experience, and work location. The total compensation package for this position may also include annual performance bonus, RSUs, and/or benefits

One Medical is an equal opportunity employer, and we encourage qualified applicants of every background, ability, and life experience to contact us about appropriate employment opportunities.

One Medical participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. Please refer to the E-Verification Poster (English/Spanish) and Right to Work Poster (English/Spanish) for additional information.