All openings

Security and Compliance Manager

San Francisco, CA

The Security and Compliance Manager assists with the design, deployment, documentation and integration of all approved security solutions in accordance with HIPPA, NIST and HiTrust. Provides guidance to assure adherence to policies and procedure for efficient operations of the Security and IT teams. Performs IT Risk & Security assessments and develops information security strategies and appropriate policies. Supports strategic security planning to achieve business goals by prioritizing compliance initiatives and coordinating the evaluation, deployment, and management of current and future security technologies. Assists in the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements, to ensure that SPOF (Single Points of Failure) and DR issue are remediated in a timely manner.

Daily Responsibilities:

  • Helps Develop and implement security programs, policies, and procedures.

  • Implements and manages audits associated with Security and Compliance programs

  • Facilitates training of employees and consultants to establish “security awareness” to prevent or mitigate security incidents.

  • Recommends and supports the deployment of additional security products and tools, to detect violations of network security policies and procedures.

  • Participates in the development and implementation of a corporate security & compliance awareness program and ensures security compliance applicable with NIST, HIPPA, and HiTrust standards.

  • Creates and propagates security awareness and training programs among employees and consultants.

  • Assists in the development and maintenance of all security policies, procedures, regulatory compliance requirements, data privacy, and security standards.

  • Manages and schedules internal vulnerability scans to ensure compliance with password policies, on-boarding, off-boarding, and privileged use.

  • Supports and manages the relationship with Security and IT to ensure that segregation of duties is being enforced.

  • Performs periodic audits of the applications, services, systems, and devices that support the Security and IT infrastructure.

  • Develops, maintains, and supports the distribution, communication, and enforcement of Security & IT policies that relate to end user compliance.

What we want from you in the work environment:

  • Confidence coupled with an innate ability to get things done.

  • An attitude that is fundamentally focused on service and maintaining company wide security standards.

  • Able to work in a fast-paced, changing environment.

  • Super organized and detailed focused.

  • Impeccable communication skills, both verbal and written.

  • 3-7 years of supporting security and compliance initiatives.

  • Small company and fast paced start-up environment experience is a plus.

  • Self-motivated, passionate and humble.

  • A high sense of urgency and strong multitasking skills.

Rally Health is committed to ensuring that its workforce reflects America’s diverse population.  Rally Health knows that such diversity will enrich us with the talent, energy, perspective and inspiration it needs to achieve its mission.  Rally Health believes in a policy of equal employment and opportunity for all people based on merit and commitment to the principles of diversity.  It is our policy to recruit, hire, train, and promote individuals in all job titles, and administer all programs, without regard to race, color, religion, national origin or ancestry, citizenship, sex, age, marital status, pregnancy, child birth or related medical conditions, personal appearance, sexual orientation, gender identity or expression, family responsibilities, genetic information, disability, matriculation, political affiliation, veteran status, union affiliation, or any other category protected by applicable federal, state or local laws. Individuals with disabilities and veterans are encouraged to apply.  Applicants who require an accommodation related to the application and/or review process should notify Talent Acquisition (