GoHealth is a leading health insurance marketplace and Medicare-focused digital health company. Through the efficient, multi-tiered guidance of our highly specialized licensed insurance agents, GoHealth meets Medicare consumers where they are in their enrollment journeys and empowers them to choose the plan and carrier best suited for their healthcare needs. Our extensive industry expertise, including the use of data science and machine learning with key investments in proprietary technology, helps consumers cut through the confusion and enroll confidently.
As an industry leader in the Medicare marketplace, we are compelled to not only embrace change but to actively be the change to adapt to our consumers complex needs. We believe in hiring risk-takers, innovators, and collaborators within our industry to create individualized, simplified healthcare solutions for our beneficiaries.
Our #TeamGoHealth employees are at the core of our collective success; that's why we are committed to discovering the best in-class talent and ensuring that each team member receives the development tools and support they need to flourish in their professional endeavors.
We also understand that you may not check every box in our requirements list -- most applicants don’t! In fact, frequently cited statistics show that women and underrepresented groups apply to jobs only if they meet 100% of the qualifications. GoHealth encourages you to break that statistic and to apply today!
About the role:
The Senior Director of Information Security will be responsible for leading our organization’s efforts to protect our customer’s technology and data assets. This person will safeguard GoHealth from both physical and cyber threats. The Senior Director of Security will lead the efforts to develop and maintain our security program.
What you'll do:
- Live the GoHealth Culture and ensure it is represented within the team.
- Evaluate and identify potential cyber threats and vulnerabilities, and design and implement appropriate security measures to mitigate risks.
- Be actively informed and engaged in upcoming and completed security projects across the business.
- Enforce a strong security culture mindset set forth by risk management, ensuring uniformity across technical teams, business units and employees.
- Foster strong relationships with internal business units and excel in risk management, technical controls and cybersecurity communication.
- Engage with critical third parties and validate adequate controls are in place.
- Gather and report on security metrics that demonstrate the relative cost/benefit of the security operations and other cybersecurity initiatives
- Ensure the successful deployment of premier Cybersecurity services by partnering with our key vendors
- Reduce cost and optimize enterprise cybersecurity posture through efficiencies, reciprocity, security shared services, and automation
- Operate a program that helps ensure that Cybersecurity services are being deployed efficiently and effectively
- Work with multi-functional teams to identify and implement ways to reduce support tickets and improve service deployment
- Perform functions promptly and with an acute level of attention to detail, vitality, and thoroughness
- Ensure vendors follow appropriate policies, SOPs, training, and guidelines for deploying services
- Provide input into the department's annual budget and make recommendations for projects to improve deployment activities
What we're looking for:
- At least 10 years of experience working in cybersecurity or information technology
- At least 7 years of experience providing guidance and oversight of Security concepts
- At least 7 years of experience performing security risk assessments and security architecture reviews
- At least 7 years of experience with architecture, software design, networking, and cloud infrastructure
- At least 5 years of experience with cloud security engineering (AWS, Google Cloud Platform, Azure)
- 4+ years of experience in IAM or related areas
- Experience building software utilizing public cloud
- Familiarity with Cloud patch management practices such as system rehydration and image management
- Experience utilizing Agile methodologies
- Experience with Software Security Architecture
- Experience with Application Security
- Experience with Threat Modeling
- Experience with Penetration Testing or Vulnerability Management
- Experience with integrating SaaS products into an Enterprise Environment
- Experience with securing Container services
Education and Experience:
- Current certifications such as CISSP, CISA, CRISC, CISM or other relevant certification.
- Self-starter requiring minimal supervision.
- Highly organized and efficient.
- Excellence in communicating compliance, business risk and remediation requirements from assessments.
- Demonstrates strategic and tactical thinking, along with decision-making skills and business acumen.
Location: Onsite Chicago/Hybrid
- Happy hours, ping-pong tournaments, and more company-sponsored events
- Subsidized gym memberships
- GoHealth is an Equal Opportunity Employer
- Open vacation policy
- 401k program with company match
- Medical, dental, vision, and life insurance benefits
- Flexible spending accounts
- Commuter and transit benefits
- Professional growth opportunities
- Casual dress code
- Generous employee referral bonuses