Senior Manager, Technology Compliance

United States

About Us

One Medical is a primary care platform challenging the industry status quo by making quality care more affordable, accessible and enjoyable. But this isn’t your average doctor’s office. We’re on a mission to radically transform healthcare, which means tackling the frustrations of everyone involved — from patients and providers to employers and health networks. 

Across the country, our members enjoy seamless access to comprehensive care at more than 90 locations across thirteen cities (and counting!) as well as 24/7 access to virtual care powered by intelligent uses of technology. In addition to a direct-to-consumer membership model, we work with more than 7,000 companies to provide One Medical health benefits to their employees.

On January 31, 2020 we marked a milestone with our public listing on Nasdaq, but our work is far from over. As we continue to grow and broaden our impact, we’re building a diverse, driven and empathetic team, while working hard to cultivate an environment where everyone can thrive.

The Opportunity

As a Technology Compliance Senior Manager at One Medical, you will lead critical high-profile cross-organizational projects that help improve our business processes while improving our compliance.  You’ll be key in developing and maturing our technology compliance program and team. While driven by regulations and industry standards in technology governance, we are business advisors, helping the organization by ensuring the security and privacy of our member’s, provider’s and employee’s information.

Day-to-day, you will manage large scale, complex work that has a significant impact on the business and our members.

What you'll work on: 

  • Manage the Risk and Governance team within the Tech Compliance group
  • Take a leading role with business teams, process owners, SMEs, external auditors, and external parties on highly complex projects, assessments, and remediation exercises
  • Lead cross-organizational initiatives, interfacing between technical teams and company leadership on company-critical projects
  • Lead projects integrating acquired company’s privacy and  security compliance operations
  • Demonstrate flexibility, creative solutioning, and nuanced judgement when working with a wide variety of business teams and technical teams
  • Influence organization privacy and security policy, through influence and relationships
  • Serve as subject matter expert on technology regulations & standards such as PCI-DSS, HIPAA, SSAE18, HITRUST, CCPA, ISO27001, FedRAMP, and state specific requirements
  • Collaborate with technical and non-technical teams to help mature and improve internal processes and programs
  • Serve as an ambassador to the company, furthering privacy and security control awareness, process development, and engagement

You’ll need:

  • 10+ years of experience in compliance, security and/or audit (internal, or external) - with added points for healthcare, med tech, or technology industry experience
  • 3+ years team leadership experience
  • Developed or matured a technology compliance program that guides the company toward strategic regulatory and compliance objectives and maintenance of annual obligations in a fast paced environment
  • Led initial stage compliance projects and assessments against a major privacy and security framework
  • Developed or matured an information security risk management program
  • Developed technical documentation, policies, guidelines, training, and presentations as artifacts of the technology compliance program
  • Advised business process and control owners in the completion of technology compliance related documentation and enabled their ongoing ownership of it
  • Identified and operationalized opportunities to redesign and improve controls through automation
  • Clearly communicated issues, including preparing comprehensive written reports, and program status reports, with audiences ranging from control operators through executive management
  • Managed a program with a GRC tool such as ZenGRC, OneTrust, MetricStream, Workiva or Archer
  • Experience at a Big 4 or other large consulting firm, with PCI-DSS, HIPAA, SSAE18 SOC 2, SOX, ISO 27001, COBIT, CCPA, FedRAMP, GDPR
  • Certification (CISSP, CIPM, CISA, CIPP, CISM etc.) preferred

Benefits designed to aid your health and wellness:

Taking care of you today

  • Paid sabbatical after 5 and 10 years
  • Employee Assistance Program - Free confidential advice for team members who need help with stress, anxiety, financial planning, and legal issues
  • Competitive Medical, Dental and Vision plans
  • Free One Medical memberships for yourself, your friends and family
  • Pre-Tax commuter benefits
  • PTO cash outs - Option to cash out up to 40 accrued hours per year

Protecting your future for you and your family

  • 401K match
  • Opportunity to participate in company equity programs
  • Credit towards emergency childcare
  • Company paid maternity and paternity leave
  • Paid Life Insurance - One Medical pays 100% of the cost of Basic Life Insurance
  • Disability insurance - One Medical pays 100% of the cost of Short Term and Long Term Disability Insurance

This is a full-time role that can be remote anywhere in the US.

#LI-REMOTE
#LI-DP1

One Medical is an equal opportunity employer, and we encourage qualified applicants of every background, ability, and life experience to contact us about appropriate employment opportunities.

Subject to applicable law, proof of COVID 19 vaccination is required for employees and contractors who interact with patients, access a shared office space or engage with other team members, except where a medical or religious accommodation applies.