Sr. Director - IT Compliance

GoHealth Intro: GoHealth is a leading health insurance marketplace and Medicare-focused digital health company. Through the efficient, multi-tiered guidance of our highly specialized licensed insurance agents, GoHealth meets Medicare consumers where they are in their enrollment journeys and empowers them to choose the plan and carrier best suited for their healthcare needs. Our extensive industry expertise, including the use of data science and machine learning with key investments in proprietary technology, helps consumers cut through the confusion and enroll confidently.

Why Apply: As an industry leader in the Medicare marketplace, we are compelled to not only embrace change but to actively be the change to adapt to our consumers complex needs. We believe in hiring risk-takers, innovators, and collaborators within our industry to create individualized, simplified healthcare solutions for our beneficiaries.

Our #TeamGoHealth employees are at the core of our collective success; that's why we are committed to discovering the best in-class talent and ensuring that each team member receives the development tools and support they need to flourish in their professional endeavors.

We also understand that you may not check every box in our requirements list -- most applicants don’t! In fact, frequently cited statistics show that women and underrepresented groups apply to jobs only if they meet 100% of the qualifications. GoHealth encourages you to break that statistic and to apply today!

About the role: The Sr. Manager - I.T. Compliance is primarily responsible for providing leadership and supervision of the Information Security compliance and risk teams. The Sr. Manager - I.T. Compliance understands security risks and technologies and can effectively communicate them to business units and leadership. In addition, they help evaluate risk according to best practices, as well as compliance mandates, and provide detailed reports from assessments. When external examiners conduct engagements, the Sr. Manager - I.T. Compliance and their team are the primary point of contact and facilitator to ensure internal and external teams are abiding by secure and compliant computing and administrative procedures. In this position, the Sr. Manager - IT Compliance will regularly review, evaluate, and verify controls as well as support the documentation and reporting based on the current state. They will also use key risk indicators and Information Security controls to support the assessment of system designs, data privileges/access and the entire supply chain related to a business system.
The Sr. Manager - IT Compliance possesses a strong compliance and audit background and understands risk mitigation and technical controls. They are also expected to lead teams that perform technical work and must possess leadership qualities.
This position requires strong written and oral communication skills, as well as the ability to communicate detailed, technical information in a manner comprehensible by individuals at varying degrees of experience and skill level. The role requires the ability to speak confidently in front of large groups and with corporate management, vendors and service providers. The Sr. Manager - IT Compliance also contributes to the company Information Security strategy and roadmap.

What you'll do:

• Support internal audit department practices and processes with detailed reporting and accompanying technology recommendations
• Work closely with audit and security leadership to ensure cybersecurity and audit policies and practices as defined in global and industry standards are aligned with an appropriate level of risk.
• Retain expertise in one or more compliance standards, including Sarbanes-Oxley Act (SOX), Payment Card Industry (PCI), Service Organization Control 1 & 2 (SOC), National Institute of Standards and Technology (NIST) and International Standards Organization (ISO) 27001.
• Be actively informed and engaged in upcoming and completed security projects across the business.
• Enforce a strong security culture mindset set forth by risk management, ensuring uniformity across technical teams, business units and employees.
• Foster strong relationships with internal business units and excel in risk management, technical controls and cybersecurity communication.
• Engage with critical third parties and validate adequate controls are in place.
• Specify guidance on key risk indicators and security control testing methodology, validation and alignment with policies and documentation.
• Persuade IT and security teams to adopt cybersecurity controls.
• Help uncover, validate and document deficiencies in risk management, technology and cybersecurity practices.
• Serve as a point of contact and liaison with external examiners for assessments throughout the year and at end-of-year evaluations.
• Deliver presentations to management explaining audit findings and recommendations for corrective action that are operationally feasible, within budget and team skillset.
• Stay abreast of new laws, regulations/standards and assess their impact to the business.
• Travel as needed to office locations and third-party on-site engagements.
• Provide disaster recovery and business continuity planning advice when working with leaders for business and cybersecurity resiliency.
• Support and guide the information security risk management program and be knowledgeable in various risk assessment methodologies within the business unit.

What we're looking for:

• Bachelor's degree in computer science, information assurance, or related technical field or business administration.
• At least 10+ years’ IT or cybersecurity experience (or IT coupled with cybersecurity), with at least 5+ years in an IT and/or Information Security compliance and audit operationally focused role (e.g. PCI DSS, SOX, SSAE18, GDPR, etc.)
• Minimum of 3-5 years in a team lead or supervisor role. 
• At least 3 years’ experience working with business leadership and enterprise projects.
• Relevant project management, multitasking and organizational skills. 
• Applicable knowledgeable with national and global cybersecurity policies, regulations and security frameworks. 
• Capable of working with diverse teams and promoting an enterprise-wide positive security culture. 
• Adept at understanding business focus and processes and ability to inject cybersecurity into the business through teamwork and influence.
• High level of integrity, trustworthiness and confidence to represent the company and risk management leadership with the highest level of professionalism.

Education and Experience:

• Current certifications such as CISSP, CISA, CRISC, CISM or other relevant certification.
• Self-starter requiring minimal supervision.
• Highly organized and efficient.
• Excellence in communicating compliance, business risk and remediation requirements from assessments.
• Demonstrates strategic and tactical thinking, along with decision-making skills and business acumen.

Location: Onsite Chicago/Hybrid

Perks/Benefits:

• Happy hours, ping-pong tournaments, and more company-sponsored events
• Subsidized gym memberships
• GoHealth is an Equal Opportunity Employer
• Open vacation policy
• 401k program with company match
• Medical, dental, vision, and life insurance benefits
• Flexible spending accounts
• Commuter and transit benefits
• Professional growth opportunities
• Casual dress code
• Generous employee referral bonuses

#LI-DI1

GoHealth Privacy Policy