Hi, we're Oscar. We're hiring an Associate to join our Tech Governance team.

Oscar is the first health insurance company built around a full stack technology platform & a focus on serving our members. We started Oscar in 2012 to create the kind of health insurance company we would want for ourselvesone that behaves like a doctor in the family.

About the role

The Associate, Tech Governance ensures that business procedures & controls are efficient & effective, & in compliance with applicable regulatory & corporate standards & practices. The Associate works with Control & Process owners, reviews operational practices, creates & enforces policies & procedures, & performs reviews.

You will report to the Director of Tech/IT Controls.

Work Location:

Oscar is a blended work culture where everyone, regardless of work type or location, feels connected to their teammates, our culture & our mission.

This is a hybrid role in our New York office. You will work part of the time in the office & part of the time remote / work-from-home. #LI-Hybrid

Pay Transparency:

The base pay for this role is: $98,400 - $129,150 per year. You are also eligible for employee benefits, participation in Oscar's unlimited vacation program, & annual performance bonuses.

Responsibilities

• Assess, evaluate, & make recommendations regarding the risk & effectiveness of tech processes, & controls.
• Design, architect, & engineer effective & efficient controls & processes utilizing tooling/solutions across various technical domains.
• Help foster a culture where controls are well understood by the impacted departments & other stakeholders.
• Ensure documentation of internal controls & processes are up to date & accessible.
• Assist with an annual technology risk assessment & work with risk owners on risk responses.
• Manage audit projects initiated by Oscar or external stakeholders, including Sarbanes-Oxley & SOC 1.
• Demonstrate aptitude & ability to translate between technical & non-technical stakeholders.
• Contribute to the development of tooling, processes, & policies that support governance, risk, & compliance (GRC).
• Advocate for improvements that increase control efficacy & testing efficiency.
• Maintain system to capture & track control deficiencies & remediation status (in collaboration with the second line).
• Collaborate with Control & Process Owners to develop action plans to correct control deficiencies, & to develop reviews with appropriate management on action until satisfactory resolution.
• Compliance with all applicable laws & regulations.
• Other duties as assigned.

Qualifications

• Bachelor's Degree or 3+ years of relevant work experience in governance, risk, & compliance (GRC) and/or IT audit
• 3+ years of relevant work experience in governance, risk, & compliance (GRC) and/or IT audit.
• 2+ years of experience with Cloud-native environments on AWS or GCP using Agile and/or Kanban methodologies.
• 2+ years of experience with SOX, SOC 1, SOC 2, HITRUST, PCI, and/or HIPAA.
• 2+ years of experience managing high volume & complicated projects, keeping track of details, & staging work to deliver projects on time.
• 2+ years of designing & developing queries using SQL and/or other database query languages
• 2+ years of experience with code repository tools such as BitBucket, GitLab, or GitHub

Bonus points

• Experience configuring & tuning alert policies in PagerDuty or other alerting tools
• Solid understanding of IAM principles & solutions including zero trust, least privilege, & entitlement reviews
• Experience working with or at a Big 4 firm
• CISA, CIA, or similar
• Experience in a start-up and/or health tech environment