Hi, we're Oscar. Were hiring a Security Engineer, Privacy & Compliance to join our Security team in our New York office.
Oscar is a technology-driven, consumer-focused health insurance startup founded in 2012 & headquartered in New York City. Our goal is to make health insurance simple, transparent, & human. We need your help to do so.
About the role:
Oscar's business depends on efficient compliance with various industry & government regulations, as well as privacy & security of our customers & partners data. We believe that with our already strong controls & processes it should be possible to make engaging with various auditors & regulators easy by dedicating attention to organizing & automating our audit evidence collection, sorting, & retention. We also want to ensure that our systems are putting security, compliance & privacy front & center, making our stack secure, privacy conscious, & compliant by design.
As a member of the Security Engineering team, youll join our growing security organization alongside other motivated & talented security engineers. We take pride in our ability to find smart & efficient solutions & be organized about our process. You will work together with various peers in engineering & in other parts of the organization.
You will report into the Senior Director, Security Engineering.
- You will collect many stories of how different teams operate in their environment, while looking for ways to make the work aligned with compliance, security, & privacy requirements facilitate gathering of the evidence that will be presented to auditors.
- You will find ways to automate information gathering & remove manual dependencies as much as possible.
- You will participate in calls with various regulators & auditors, while representing the company.
The following is a sample list of tasks we oversee:
- Collect SOC1 & SOC2 reports for various vendors
- Collect & analyze various recommendations for SOC1, SOC2, & MAR compliance & make sure those recommendations are implemented across the organization in a timely manner
- Interview various teams to map & document their process
- Write scripts & software to collect evidence
- Work with product managers to suggest quick wins that can be incorporated into roadmaps
- Help identify vendors & SAAS solutions that can be integrated into our flow
- Contribute across other parts of the Security organization
- You have 3+ years professional software engineering experience working with a variety of technologies.
- You have at least a Bachelors degree in Computer Science or similar.
- You are passionate about security, privacy, & compliance.
- Using your technical skills to automate & engineer solutions to manual processes, is energizing for you.
- You can balance company needs with tech needs.
- Youre passionate about technologies, whether it be a shiny new thing or an arcane, ill-conceived protocol; our company may be new, but the healthcare industry isnt!
Life at Oscar:
At Oscar, being an Equal Opportunity Employer means more than upholding discrimination-free hiring practices. It means that we cultivate an environment where people can be their most authentic selves & find both belonging & support. We're on a mission to change health care -- an experience made whole by our unique backgrounds & perspectives.
We encourage our members to care for their whole selves, & we encourage our employees to do the same with comprehensive medical benefits, generous paid-time off, paid parental leave, retirement plans, company social events, stocked kitchens, wellness programs, & volunteer opportunities.
Oscar applicants are considered solely based on their qualifications, without regard to applicants disability or need for accommodation. Any Oscar applicant who requires reasonable accommodations during the application process should contact the Oscar Benefits Team (email@example.com) to make the need for an accommodation known.
Pay Transparency Policy:
Oscar ensures that you won't be discharged or discriminated against based on whether you've inquired about, discussed, or disclosed your pay. Read the full policy here.