About Crossover Health

Crossover Health is creating the future of health as it should be. A national, team-based medical group with a focus on wellbeing and prevention that extends beyond traditional sick care, the company delivers an entirely new model of healthcare—Primary Health—built on the foundation of trusted relationships, an interdisciplinary care team approach, and outcomes-based payment. Crossover’s Primary Health model integrates primary care, physical medicine, mental health, health coaching, care navigation and more, and delivers care in surround-sound—in-person, virtually and via asynchronous messaging. Together we are building a community of members that embraces healthcare as a proactive part of their lifestyle.

Job Summary
 

Job Responsibilities

This role is critical to Crossover’s security and compliance efforts. The ideal candidate will thrive in an environment where every day brings opportunities to learn new technologies, work on projects small and large. This role will focus on Third-Party Risk Management and will be responsible for performing annual and new vendor risk reviews, and supporting internal and external audits including SOC2 and HITRUST Certifications. 

Perform security vendor risk assessments to evaluate  third-party security risks, ensuring all vendors meet Crossover Health’s security standards

Assist third party security audits including HITRUST and SOC2 by collecting and reviewing evidence, supporting internal control owners, and coordinating with assessors. 

Serve as an advisor to TechOps, DevOps, Engineering, HR, and other business units to ensure teams are aware of, and understand, compliance requirements that impact their department

Monitor the organization's Security risks, risk registers, and treatment plans. Coordinate with business stakeholders and auditors to perform point-in-time and annual security risk assessments

Monitor compliance with Crossover Health’s policies and procedures

Assist with  internal security risk assessments and communicate findings to stakeholders.

Identify policy and process improvement opportunities, develop recommendations, and communicate with stakeholders collaboratively

Respond to customer security questionnaires

Provide high quality written and verbal reports as required

Perform other duties as assigned

Required Qualifications

2+ years experience in an IT, security, compliance, audit or development role

Internal audit and/or compliance experience

Knowledge of core security controls and systems such as risk analysis quantification and points of escalation

Strong understanding of information security principles, including risk assessment and mitigation strategies. 

A broad understanding of Information Security technologies, programs and systems

Coordinate large scale projects such as annual security audits

Demonstrated excellence in organizing, prioritizing, and multitasking in a high paced environment

Excellent verbal and written communication skills to speak across multiple audiences

Excellent analytical and problem-solving skills in the context of information security.

Ability to work independently, as well as in a team environment

Continuously sought and embraced opportunities to build upon your skills and knowledge

Strong organizational and problem solving skills

Preferred Qualifications

Prior experience conducting SOC, ISO, PCI and/or SOX audits. 

Experience running a vendor risk management program or conducting vendor risk  assessments

Knowledge of cloud technologies and IaaS, PaaS, and SaaS platforms

Experience writing and reviewing formal policies and procedures

Working knowledge of federal and state healthcare regulations such as HIPAA

Working knowledge of privacy laws and regulations such as GDPR & CCPA

Prior experience working in healthcare and/or software 

Security related certifications, such as CISA, CISM, CISSP, CRISC,  and/or other professional certifications

The base pay range for this position is $91,881.00 to $119,445 per year. Pay range may vary depending on work location, applicable knowledge, skills, and experience. This position may be eligible for an annual bonus opportunity and comprehensive benefits package that includes Medical Insurance, Dental Insurance, Vision Insurance, Short- and Long-Term Disability, Life Insurance, Paid Time Off and 401K.

Crossover Health is committed to Equal Employment Opportunity regardless of race, color, national origin, gender, sexual orientation, age, religion, veteran status, disability, history of disability or perceived disability. If you need assistance or an accommodation due to a disability, you may email us at careers@crossoverhealth.com.

To all recruitment agencies: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.

#LI-Onsite