All openings

Product Security Advisor

San Francisco, CA, Washington, DC, Chicago, IL, Minneapolis, MN

Rally Health is all about putting health in the hands of the individual. It’s our mission, and it drives everything we do, which is to empower people with easy-to-use online and mobile tools that help them take charge of their health and health care, from improving their diet and fitness to selecting health benefits, and choosing the right doctor at the right price for their needs.

Our culture is built on a deep and sincere commitment to helping people live healthier lives. To do this, we are committed to innovating at every level. As our president and COO David Ko says, “We are a company that continuously innovates. It cannot end. It has to be in everything we do, which means that some of the things we’re going to do are not going to work – and that’s okay. We’re not trying to build something that is churn and burn. We’re building something that follows consumers over their lifetime.”

As a Product Security Advisor (PSA) you'll work with the day-to-day operations of Rally’s Security and Compliance (RSC) processes and programs. You'll be a critical integration point with business, specifically the product and engineering groups, and considered a change agent for the business in understanding security risks and the role and responsibilities of RSC, as well as ensuring that RSC fully understands and is engaged to support the needs, objectives and priorities of the business.

In this position you will be viewed by management as highly promotable within RSC, Engineering, or the business.

Responsibilities

  • Integrate product development teams ("pillars") into risk prioritized cyber security processes and controls, including risk management and integrate those processes and controls into the SDLC.
  • Participate in security incident response processes within your pillar
  • Serve as the pillar point of contact for RSC policy and process issues
  • Contribute as a team member in major programs or change initiatives aimed at growing Rally’s security capabilities.
  • Communicate with senior management on risk management concepts, as well as specific project risks and risk mitigation options / scenarios.
  • Maintain a deep understanding of your pillar across partners, our members and healthcare-delivery models -- you will have a handle on key systems, key contacts, priorities and concerns within the business and Engineering
  • You'll maintain current knowledge on information security topics and their applicability to RSC and the healthcare industry
  • You'll guide business personnel through security processes and ensure things like the following stay on track:
  • Security architecture reviews around innovative technology delivery models
  • Vendor risk management and contract reviews
  • Vulnerability management scanning and remediation
  • Identity and access management (IAM) system on-boarding and entitlement reviews
  • Application single sign on (SSO) and federation
  • Log monitoring via centralized security information and event management (SIEM)
  • Privileged access management (PAM)
  • Intrusion detection and prevention
  • Policy and exception management
  • Security compliance and remediation
  • Security awareness and training
  • Fraud prevention and fraud control implementation and maintenance

Qualifications

  • Bachelor’s Degree, Information Systems, Computer Science, Information Security or related field required.
  • 7+ years of IT security or information security experience with a demonstrable ability to engage with Senior Management, Product, Engineering and the business.
  • 4+ years of experience in administering IT security controls in an organization.
  • Knowledge of technical infrastructure, networks, databases and systems in a cloud environment in relation to IT Security and IT Risk.
  • Hands on experience with AWS, or other cloud environments.
  • Experience with IPS/IDS and SIEM technologies.

Preferred Qualifications:

  • Certified Information Systems Security Professional (CISSP), or related certification(s).
  • Prior experience within the healthcare industry.
  • Prior experience working with regulatory agencies such as OCR and CMS.
  • Project management skills preferred.
  • Prior experience performing security reviews and risk assessments.

Why join Rally? On top of an innovative work atmosphere and a chance to help people change their lives, we offer competitive pay, daily catered lunches, and an extensive benefits package for all full-time employees (including medical, dental, vision and 401(k)). In addition, offer the ability to grow, while truly making an impact in the healthcare system.

Rally Health is committed to ensuring that its workforce reflects America’s diverse population. Rally Health knows that such diversity will enrich us with the talent, energy, perspective and inspiration it needs to achieve its mission. Rally Health believes in a policy of equal employment and opportunity for all people based on merit and commitment to the principles of diversity. It is our policy to recruit, hire, train, and promote individuals in all job titles, and administer all programs, without regard to race, color, religion, national origin or ancestry, citizenship, sex, age, marital status, pregnancy, childbirth or related medical conditions, personal appearance, sexual orientation, gender identity or expression, family responsibilities, genetic information, disability, matriculation, political affiliation, veteran status, union affiliation, or any other category protected by applicable federal, state or local laws.

Individuals with disabilities and veterans are encouraged to apply. Applicants who require an accommodation related to the application and/or review process should notify Talent Acquisition (recruiting@rallyhealth.com).

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.