Senior Technology Compliance Analyst
One Medical is a primary care solution challenging the industry status quo by making quality care more affordable, accessible and enjoyable. But this isn’t your average doctor’s office. We’re on a mission to transform healthcare, which means improving the experience for everyone involved - from patients and providers to employers and health networks. Our seamless in-office and 24/7 virtual care services, on-site labs, and programs for preventive care, chronic care management, common illnesses and mental health concerns have been delighting people for the past fifteen years.
In February 2023 we marked a milestone when One Medical joined Amazon. Together, we look to deliver exceptional health care to more consumers, employers, care team members, and health networks to achieve better health outcomes. As we continue to grow and seek to impact more lives, we’re building a diverse, driven and empathetic team, while working hard to cultivate an environment where everyone can thrive.
As a Senior Technology Compliance Analyst at One Medical, your primary focus will be
supporting and maturing our range of technology compliance programs. This is an evolving
opportunity in tech compliance, with many interesting challenges ahead. The team is growing
with opportunities for ownership, autonomy, innovation, and growth. You will execute critical
high-profile cross-organizational projects that help improve our business processes while
improving our compliance. While driven by regulations and industry standards in technology
governance, we are business advisors, helping the organization by ensuring the security and
privacy of our member's, provider's and employee's information.
What you'll work on:
- Partner with the business as a trusted data privacy and security compliance advisor, providing timely and effective guidance to departments on technology regulatory requirements.
- Execute risk-based assessments of our third-party’s technology processes and control areas.
- Support and maintain the master data inventory and reporting environment.
- Help determine the security posture and maturity for our critical programs and processes.
- Assist with the advancement of a comprehensive continuous monitoring program.
- Partner in coordinating the technical compliance policy and procedure ecosystem.
- Drive improvements in control areas to increase the effectiveness of the security program.
- Streamline controls execution and automate compliance activities across the organization.
- Drive initiatives supporting the partnership and integration with Amazon.
- Support the risk and exception management programs, collaborating with security, privacy, IT, and engineering teams.
Other areas of focus:
- Lead audit readiness activities for various frameworks across the entire company
- (SOC2, PCI, HIPAA, HITRUST etc).
- Lead gap remediation projects for technical compliance frameworks across the entire
- Support, build, and execute risk-based assessments of internal technology processes
- and control areas.
- Participate in the internal support queue and customer response programs.
You'll be set up for success if you have:
- 3+ years of experience in technology compliance, security, and/or technology audit
- (internal or external), navigated (and negotiated) audit-related activities with external
- Experience interfacing with internal and external stakeholders
- Experience reading and interpreting external audit / assessment reports (HITRUST, PCI,
- SOC 2, etc)
- Extensive hands on experience with at least one of the following: HIPAA, PCI, SOC 2,
- Experience managing cross-organizational projects of moderate scale and complexity
- Ability to lead through influence and communication
- Identified, assessed, and advised on compliance risks and controls to a variety of
- stakeholders and customers
- Experience with JIRA and Asana ticketing and dashboarding
Nice to haves:
- Experience in enterprise risk management
- Experience at an accounting or consulting firm
- Extensive hands on experience with two or more of the following: HIPAA, PCI, SOC,
- HITRUST, ISO, FedRAMP, CCPA, SOX
- General understanding of agile methodologies and cloud-first environment
- Certifications such as: CISA, CISM, CISSP, CRISC, CIPP
Benefits designed to aid your health and wellness:
Taking care of you today
- Paid sabbatical after 5 and 10 years
- Employee Assistance Program - Free confidential advice for team members who need help with stress, anxiety, financial planning, and legal issues
- Competitive Medical, Dental and Vision plans
- Free One Medical memberships for yourself, your friends and family
- Pre-Tax commuter benefits
- PTO cash outs - Option to cash out up to 40 accrued hours per year
Protecting your future for you and your family
- 401K match
- Opportunity to participate in company equity programs
- Credit towards emergency childcare
- Company paid maternity and paternity leave
- Paid Life Insurance - One Medical pays 100% of the cost of Basic Life Insurance
- Disability insurance - One Medical pays 100% of the cost of Short Term and Long Term Disability Insurance
This is a full-time role based anywhere in the United States.
One Medical is committed to fair and equitable compensation practices.
The base salary range for this role is $95,200 to $161,000**. Total compensation packages may be based on factors unique to particular candidates, such skill sets, depth of experience, and work location. The total compensation package for this position may also include annual performance bonus, RSUs, and/or benefits
One Medical is an equal opportunity employer, and we encourage qualified applicants of every background, ability, and life experience to contact us about appropriate employment opportunities.
One Medical participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. Please refer to the E-Verification Poster (English/Spanish) and Right to Work Poster (English/Spanish) for additional information.