FreshRemote.Work

Security GRC Manager

Remote

ABOUT THE ROLE:

Join Rightway as a trailblazing Security GRC Manager, a crucial role that will empower you to shape the foundation of the GRC function. At Rightway, you will lead the charge to streamline procedures, mature the risk management program, and champion HITRUST and AI certifications. 

WHAT YOU’LL DO:

  • Audit Preparation & Management: Lead annual renewal of Rightway’s joint SOC2/HITRUST attestation partnering with Engineering, IT, People, and Finance.
  • Control Library Development: Develop a comprehensive control library, mapping our control activities to multiple frameworks (SOC2, HITRUST, and NY DFS) to prepare for future customer and regulatory obligations.   
  • Business Continuity Planning: Lead the evolution of business continuity planning and testing, honing the focus on a Business Impact Analysis (BIA) informed program. 
  • Policy Enhancement: Streamline operations by designing policies and procedures to balance compliance with operational efficiency at a rapidly scaling organization. 
  • Control Monitoring: Take the helm in monitoring, measuring, and reporting on controls effectiveness and maturity using standard frameworks and models where applicable.
  • Third Party Risk Management: Leverage AI tooling to optimize and execute a flexible yet thorough Third Party “Vendor” Risk Management (TPRM) program.
  • Risk Management: Participates in assessment, triage, tracking, and remediation of Security risks, in addition to annual risk assessments activities e.g., HIPAA SRA.
  • Customer Trust: Leverage novel tooling, including AI, to enhance RFP and questionnaire responses for security questions, assisting the Proposal Unit as needed. 

WHO YOU ARE:

  • 5-10 years of related work experience.
  • Proven experience leading HISRUST, SOC2, ISO 27001, or similar framework in a high growth environment.
  • A professional who understands how to mature controls consistent with organizational maturity and capacity. 
  • Maintains a certification relevant to the role (e.g., CCSFP, CISA, CISM). 
  • A deep understanding of risk assessment methodology.
  • Passionate advocate for governance, risk, and compliance, believing that these are not merely check box activities, but vital tools that significantly improve security posture and protect the organization. 
  • Possess an intermediate to advanced understanding of the Software Development Life Cycle and of IT and security tooling as it relates to controls (e.g. AWS, OKTA, JIRA, GIT/GITHUB).

EXTRA CREDIT: 

  • Experience with AI Governance, Risk and Compliance. 

BASE SALARY: $150,000 - $170,000

CYBERSECURITY AWARENESS NOTICE

In response to ongoing and industry-wide fraudulent recruitment activities (i.e., job scams), Rightway wants to inform potential candidates that we will only contact them from the @rightwayhealthcare.com email domain. We will never ask for bank details or deposits of any kind as a condition of employment. If you have any questions about a suspicious interaction with Rightway, please feel free to reach out to us at hr@rightwayhealthcare.com.

ABOUT RIGHTWAY:

Rightway is on a mission to harmonize healthcare for everyone, everywhere. Our products guide patients to the best care and medications by inserting clinicians and pharmacists into a patient’s care journey through a modern, mobile app. Rightway is a front door to healthcare, giving patients the tools they need along with on-demand access to Rightway health guides, human experts that answer their questions and manage the frustrating parts of healthcare for them.

Since its founding in 2017, Rightway has raised over $130mm from investors including Khosla Ventures, Thrive Capital, and Tiger Global at a valuation of $1 billion. We’re headquartered in New York City, with a satellite office in Denver. Our clients rely on us to transform the healthcare experience, improve outcomes for their teams, and decrease their healthcare costs.

HOW WE LIVE OUR VALUES TO OUR TEAMMATES:

We’re seeking those with passion for healthcare and relentless devotion to our goal. We need team members who will:

  • We are human first

Our humanity binds us together. We bring the same empathetic approach to every individual we engage with, whether it be our members, our clients, or each other. We are all worthy of respect and understanding and we engage in our interactions with care and intention. We honor our stories. We listen to—and hear—each other, we celebrate our differences and similarities, we are present for each other, and we strive for mutual understanding. 

  • We redefine what is possible 

We always look beyond the obstacles in front of us to imagine new solutions. We approach our work with inspiration from other industries, other leaders, and other challenges. We use ingenuity and resourcefulness when faced with tough problems.

  • We debate then commit 

We believe that a spirit of open discourse is part of a healthy culture. We understand and appreciate different perspectives and we challenge our assumptions. When working toward a decision or a new solution, we actively listen to one another, approach it with a “yes, and” mentality, and assume positive intent. Once a decision is made, we align and champion it as one team.

  • We cultivate grit 

Changing healthcare doesn’t happen overnight. We reflect and learn from challenges and approach the future with a determination to strive for better. In the face of daunting situations, we value persistence. We embrace failure as a stepping stone to future success. On this journey, we seek to act with guts, resilience, initiative, and tenacity.

  • We seek to delight

Healthcare is complicated and personal. We work tirelessly to meet the goals of our clients while also delivering the best experience to our members. We recognize that no matter the role or team, we each play a crucial part in our members’ care and take that responsibility seriously. When faced with an obstacle, we are kind, respectful, and solution-oriented in our approach. We hold ourselves accountable to our clients and our members’ success. 

Rightway is a healthcare company looking to improve healthcare outcomes for everyone, everywhere. With that in mind, we have to consider what is good for the health of our team, the company, and the communities we operate in. As such, Rightway has determined a mandatory COVID-19 vaccination policy for all employees, in combination with other safety precautions, is the best way forward.

Rightway is PROUDLY an Equal Opportunity Employer that believes in strength in the diversity of thought processes, beliefs, background and education and fosters an inclusive culture where differences are celebrated to drive the best business decisions possible. We do not discriminate on any basis covered by appropriate law. All employment is decided on the consideration of merit, qualifications, need and performance.

#LI-Hybrid

 

Apply

Job Profile

Tasks
  • Conduct risk assessments
  • Develop control library
  • Enhance business continuity planning
  • Lead audit preparation
  • Manage third party risk
  • Monitor controls
  • Streamline policies
  • Support customer trust initiatives
Skills

AI AWS Business Continuity Planning Control Monitoring Git GRC Healthcare Healthcare experience HIPAA HITRUST ISO 27001 Jira Okta Organization Policy Development Risk Management SOC2 Software development life cycle Testing Third-Party Risk Management

Experience

5-10 years

Education

Business Engineering Finance

Certifications

CCSFP CISA CISM

Timezones

UTC-5