Hi, we're Oscar. Were hiring an Associate, Third-Party Risk Management to join our Security team in our New York office.
Oscar is a technology-driven, consumer-focused health insurance startup founded in 2012 & headquartered in New York City. Our goal is to make health insurance simple, transparent, & human. We need your help to do so.
About the role:
Taking care of our members includes securing their data. The mission of the Security team is to protect the data our customers have entrusted to us, & make it possible for Oscar management to make informed, risk-calibrated decisions.
Oscar works with many vendors & partners, each of which pose security, compliance, & operational risks. In this role, you would manage these risks & help Oscar teams make well-informed choices about its vendors. You will also manage Oscars own security-related responses to its counter-parties who are evaluating Oscars risk.
In this role, you will:
- Conduct initial & periodic third-party risk assessments of Oscars vendors & partners.
- Work to refine Oscars standardized approach to reviewing third-party risk.
- Work with other members of the Security Team to develop a quantitative approach to evaluating third-party risks.
- Work with subject matter experts on the Security Team to perform technical assessments of third-parties.
- Run & maintain any third-party risk management tools.
- Work with subject-matter experts on the Security Team & in the Tech Organization to develop & maintain technical & non-technical policies, procedures, & standards related to third-party risk.
- Build & maintain mutual trust with key stakeholders in the company, such as Procurement, Engineering, Legal, Compliance, & the People team.
- Manage Oscars response to existing & potential business partners who are conducting security due diligence.
- Have 3+ years of career experience related to information security, IT auditing, and/or technology risk.
- Strong knowledge of technology & security best practices.
- Past experience in a highly regulated environment (HIPAA-regulated is a plus).
- Can communicate security & compliance risks to both technical & non-technical audiences.
- Able to work collaboratively with technology-oriented individuals.
- Able to write policies & standards related to third-party risk.
Life at Oscar:
At Oscar, being an Equal Opportunity Employer means more than upholding discrimination-free hiring practices. It means that we cultivate an environment where people can be their most authentic selves & find both belonging & support. We're on a mission to change health care -- an experience made whole by our unique backgrounds & perspectives.
We encourage our members to care for their whole selves, & we encourage our employees to do the same with comprehensive medical benefits, generous paid-time off, paid parental leave, retirement plans, company social events, stocked kitchens, wellness programs, & volunteer opportunities.
Oscar applicants are considered solely based on their qualifications, without regard to applicants disability or need for accommodation. Any Oscar applicant who requires reasonable accommodations during the application process should contact the Oscar Benefits Team (firstname.lastname@example.org) to make the need for an accommodation known.
Pay Transparency Policy:
Oscar ensures that you won't be discharged or discriminated against based on whether you've inquired about, discussed, or disclosed your pay. Read the full policy here.