Job Information
Wondr Health Manager of Compliance & Security in Washington, District Of Columbia
JOB DESCRIPTION
DEPARTMENT : Technology : IT & Security
POSITION : Manager of Compliance and Security
REPORTS TO: S VP, Information Technology and Security
SUPERVISES: None
JOB CLASS : Exempt
COMPANY OVERVIEW :
Wondr Health is the proven leader in digital behavior transformation. Leveraging over 15 years of behavior change experience and partnership with health plans and employers, Wondr Health delivers interrelated, personalized, skill-building programs for full-spectrum weight management, mindfulness and movement that improve the physical and emotional health of participants. Powered by Wondr’s data-driven engagement expertise and personalized programming, and supported by expert content and coaching, the company’s flexible and scalable solutions engage populations, improve quality of life and health outcomes, and prevent and reduce the cost of chronic health conditions. To learn more, visit www.wondrhealth.com .
PURPOSE :
The Manager of Compliance and Security ensures compliance with governmental requirements (HIPAA, GDPR, etc.). The Manager requires an in-depth understanding of how organizational capabilities interrelate across the function or segment. This position is also responsible for monitoring the IT Security environment to immediately detect, verify, and respond swiftly to cyber threats, e.g., vulnerability exploitation, malware, cyber-attacks, etc., serving as a technical escalation resource and providing mentoring to lower-level staff. This role also oversees accessibility and ensures all products conform to 508c and WCAG standards. This role effectively establishes the Incident Response operations of the organization, by working closely with IT and business stakeholders to execute in a non-disruptive manner across the organization. This position also develops and implements compliance policies and procedures. Research compliance issues and recommends changes that assure compliance with contract obligations.
Maintains relationships with government agencies. Coordinates site visits for regulators, coordinates implementation and compliance with corrective action plans, as needed.
ESSENTIAL FUNCTIONS :
Lead Wondr Health’s Information Security team, including Security Engineering function, data privacy and compliance.
Work together with leaders in Product, Legal, Finance and IT teams to create a Security & Privacy culture and to constantly improve the security and privacy of company, employee, and customer data.
Ensure that all security monitoring systems and processes are functional and effective.
Build collaborative relationships with key business partners.
Actively participate in Wondr Heath software development lifecycle to ensure that developers are trained in and are following secure coding practices as well as privacy-by-design standards.
Monitor changes in industry-relevant legislation and accreditation.
Maintain and enhance Wondr Health’s Security Incident Response Plan, evaluate the effectiveness of the program and coordinate incident response across the company.
Contribute and lead Wondr Health’s Security Risk Management program.
Drive Wondr Health’s HITRUST and SOC2 implementations as well as other certifications that meet Wondr Health’s needs.
Lead the Security, Privacy and Compliance Committee (SPCC).
Provide expert advice in all areas of regulatory healthcare compliance.
Oversee company-wide compliance operations including sanction screening.
Oversee the development and maintenance of company-wide compliance and securities policies. .
Develop communications and analyses for inclusion in executive level presentations.
Develop and oversee completion of company-wide compliance education.
Direct research and review of complex issues.
Oversee the contract review process to ensure compliance with regulatory requirements.
Provide guidance for staff and leadership concerning regulatory compliance topics.
Work with Chief of Operations, Engineering and Product Development to update and implement disaster recovery plans and business continuity plans.
Interface with clients to ensure Wondr Health meets all necessary client security and compliance requirements.
Review and monitor existing and potential vendors with access to Wondr Health data to ensure they meet the company’s security and compliance requirements.
QUALIFICATIONS :
Education: Bachelor’s degree required. Graduate degrees preferred.
Experience:
Must have 5-8 years’ experience in healthcare security, compliance, and auditing.
Must have experience in developing policy, procedure manuals and managing audits to confirm compliance.
Previous technology and cybersecurity background preferred.
Experience with HIPAAcompliance for healthcare technology is required.
Strong technical writing skills
HITRUST r2& SOC-2 audit experience is required.
HITRUST CSF training or certification would be a plus.
GENERAL WORKING CONDITIONS:
General office working conditions can be remote work from home or in the office. Each department head determines if position is work from home or hybrid meaning works from home and in the office as needed. Work schedules vary. When working in the office pod workstation area has little or no privacy. Involves extended periods of sitting at a workstation performing computer duties. Constant flow of interruptions by personnel, visitors to the area and telephone calls. Private workstations are available as needed. Certain positions are assigned to an office.
DISCLAIMER
This description is intended to be sufficient merely to identify the classification and be illustrative of the duties that may be assigned. It should not be interpreted to describe all the duties an employee assigned to this classification may be required to perform.
Wondr Health is an equal opportunity employer and values diversity. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status. All employment is decided based on qualifications, merit, and business need.
