Hi, we’re Oscar. We’re hiring a Director, Tech Risk and Compliance to join our Tech Operations team.

Oscar is the first health insurance company built around a full stack technology platform and a focus on serving our members. We started Oscar in 2012 to create the kind of health insurance company we would want for ourselves—one that behaves like a doctor in the family.

About the role

As the Director, Tech Risk and Compliance you will manage a team of people and be accountable for the identification, assessment, oversight reporting and disclosure of all key controls and deficiencies in the area they support. You will work with direct reports and key stakeholders to create a high performance culture. You will be responsible for building a department specific sustainable operating model and establishing an annual review and audit program for general controls.

Additionally, you will work closely with Control and Process Owners to ensure the business procedures and/or controls are in compliance with applicable regulatory and corporate standards and practices. You will develop and maintain relationships with senior leadership and foster a culture where controls are well understood by every role. You will collaborate with partners in risk management personnel (second line of defense) and internal audit personnel (third line of defense), to perform annual risk assessments to identify key risks and develop an annual governance, risk, and compliance plan to assess and respond to those risks. 

You will report to the Senior Director, Tech Operations. 

Work Location:

Oscar is a blended work culture where everyone, regardless of work type or location, feels connected to their teammates, our culture and our mission. 

This is a hybrid role in our New York City office. You will work part of the time in the office and part of the time remote / work-from-home. #LI-Hybrid

Pay Transparency: 

The base pay for this role in the states of California, Connecticut, New Jersey, New York, and Washington is: $158,400 - $207,900 per year. The base pay for this role in all other locations is: $142,560 - $187,110 per year. You are also eligible for employee benefits, participation in Oscar’s unlimited vacation program, company equity grants and annual performance bonuses.

Responsibilities

• Control Ecosystem:
  • Establish a well designed and documented control ecosystem, with clear roles and responsibilities within and between your team, related Control/Process Owners, control performers, as well as the second and third lines.
  • Oversee the evaluation and design of internal controls; make recommendations to improve controls and processes by improving efficacy or streamlining processes.
  • Create and foster a culture where controls are well understood by the impacted departments and other stakeholders.  
  • Ensure documentation of internal controls and processes is up to date and accessible by all, especially related as needed for audits.  
• Team and Program/Audit Management:
  • Develop and manage an annual plan of projects, using a risk-based approach to prioritization.
  • Perform an annual technology risk assessment and work with leadership on risk responses.
  • Ensure your team program manages audit projects initiated by Oscar or external stakeholders, including SOX/SOC.
  • ​​Prepare and present updates to senior management.
  • Mentor, coach, and train existing staff. Develop plans to hire, onboard and train new staff as needed.
• Technical aptitude:
  • Demonstrate aptitude and ability to translate between technical and non-technical stakeholders.
  • Assist with the development of tooling, processes and policies that support governance, risk, and compliance. Advocate for investments that will increase control efficacy and testing efficiency.
• Control Remediation:
  • Develop and implement a system to capture and track control deficiencies and remediation status (in collaboration with the second line).
  • Collaborate with Control and Process Owners to develop action plans to correct control deficiencies, and to develop reviews with appropriate management on action until satisfactory resolution.
• Compliance with all applicable laws and regulations.
• Other duties as assigned. 

Qualifications

• Bachelor’s degree in Technology, Accounting, Finance or relevant field, or 4 years of commensurate work experience.
• 10+ years’ relevant work experience in IT Audit, and/or governance, controls and risk (GRC).
• 4+ years experience with Cloud-native environments on AWS or GCP using Agile and/or Kanban methodologies.
• 4+ years of experience internal controls, audit or risk management
• 4+ years of experience auditing IT processes, applications and infrastructure (servers, databases, data centers, firewalls, etc.)
• 4+ years of experience with SOX, SOC reporting, HITRUST, PCI, and HIPAA 

Bonus Points

• Commutable to New York City preferred
• Experience within the healthcare and technology industries
• Experience working with a 250+ person Technology team
• Experience in public accounting and/or CPA license
• Experience remediating significant deficiencies and material weaknesses
• Familiarity with internal control frameworks, such as COSO, COBIT, NIST.
• Ability to document and verbally communicate Technology processes in a clear and concise manner, including assessment of design and operating effectiveness controls.
• Track record of streamlining technology controls and/or processes.
• Communication and relationship skills to educate/raise awareness of foundational elements/methodologies needed to support an internal controls framework.
• Project management and process improvement skills.