Associate, Tech Governance

Hi, we're Oscar. We're hiring an Associate to join our Tech Governance team.

Oscar is the first health insurance company built around a full stack technology platform and a focus on serving our members. We started Oscar in 2012 to create the kind of health insurance company we would want for ourselves—one that behaves like a doctor in the family.

About the role

The Associate, Tech Governance ensures that business procedures and controls are efficient and effective, and in compliance with applicable regulatory and corporate standards and practices. The Associate works with Control and Process owners, reviews operational practices, creates and enforces policies & procedures, and performs reviews.

You will report to the Director of Tech and IT Controls.

Work Location: 

Oscar is a blended work culture where everyone, regardless of work type or location, feels connected to their teammates, our culture and our mission. 

If you live within commutable distance to our New York City office ( in Hudson Square), our Tempe office (off the 101 at University Ave), or our Los Angeles office (in Marina Del Rey), you will be expected to come into the office at least two days each week. Otherwise, this is a remote / work-from-home role. 

You must reside in one of the following states: Alabama, Arizona, California, Colorado, Connecticut, Florida, Georgia, Illinois, Iowa, Kentucky, Maryland, Massachusetts, Michigan, Minnesota, New Hampshire, New Jersey, New Mexico, New York, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, Tennessee, Texas, Utah, Vermont, Virginia, Washington, or Washington, D.C. Note, this list of states is subject to change. #LI-Remote

Pay Transparency:

The base pay for this role in the states of California, Connecticut, New Jersey, New York, and Washington is: $98,400 - $129,150 per year. The base pay for this role in all other locations is: $88,560 - $110,700 per year. You are also eligible for employee benefits, participation in Oscar's unlimited vacation program, and annual performance bonuses.

Responsibilities

• Assess, evaluate, and make recommendations regarding the risk and effectiveness of tech processes, and controls.
• Design, architect, and engineer effective and efficient controls and processes utilizing tooling/solutions across various technical domains.
• Help foster a culture where controls are well understood by the impacted departments and other stakeholders.
• Ensure documentation of internal controls and processes are up to date and accessible.
• Assist with an annual technology risk assessment and work with risk owners on risk responses.
• Manage audit projects initiated by Oscar or external stakeholders, including Sarbanes-Oxley and SOC 1.
• Demonstrate aptitude and ability to translate between technical and non-technical stakeholders.
• Contribute to the development of tooling, processes, and policies that support governance, risk, and compliance (GRC).
• Advocate for improvements that increase control efficacy and testing efficiency.
• Maintain system to capture and track control deficiencies and remediation status (in collaboration with the second line).
• Collaborate with Control and Process Owners to develop action plans to correct control deficiencies, and to develop reviews with appropriate management on action until satisfactory resolution.
• Compliance with all applicable laws and regulations.
• Other duties as assigned.

Qualifications

• Bachelor's Degree or 3+ years of relevant work experience in governance, risk, and compliance (GRC) and/or IT audit
• 3+ years of relevant work experience in governance, risk, and compliance (GRC) and/or IT audit.
• 2+ years of experience with Cloud-native environments on AWS or GCP using Agile and/or Kanban methodologies.
• 2+ years of experience with SOX, SOC 1, SOC 2, HITRUST, PCI, and/or HIPAA.
• 2+ years of experience managing high volume and complicated projects, keeping track of details, and staging work to deliver projects on time.
• 2+ years of designing and developing queries using SQL and/or other database query languages
• 2+ years of experience with code repository tools such as BitBucket, GitLab, or GitHub

Bonus Points

• Experience configuring and tuning alert policies in PagerDuty or other alerting tools
• Solid understanding of IAM principles and solutions including zero trust, least privilege, and entitlement reviews
• Experience working with or at a Big 4 firm
• CISA, CIA, or similar
• Experience in a start-up and/or health tech environment

Travel

• Up to 5%