Director – Tech Risk and Compliance
Confirmed live in the last 24 hours
Oscar Health

1,001-5,000 employees

Health insurance company
Company Overview
Oscar Health’s mission is to make high-quality health insurance accessible and affordable for everyone. The company is a software driven health insurance company that offers medical plans, medicare advantages, and small group products.
Data & Analytics

Company Stage


Total Funding





New York, New York

Growth & Insights

6 month growth


1 year growth


2 year growth

New York, NY, USA
Experience Level
Desired Skills
Google Cloud Platform
IT & Security
  • Bachelor's degree in Technology, Accounting, Finance or relevant field, or 4 years of commensurate work experience
  • 10+ years' relevant work experience in IT Audit, and/or governance, controls and risk (GRC)
  • 4+ years experience with Cloud-native environments on AWS or GCP using Agile and/or Kanban methodologies
  • 4+ years of experience internal controls, audit or risk management
  • 4+ years of experience auditing IT processes, applications and infrastructure (servers, databases, data centers, firewalls, etc.)
  • 4+ years of experience with SOX, SOC reporting, HITRUST, PCI, and HIPAA
  • Control Ecosystem:
  • Establish a well designed and documented control ecosystem, with clear roles and responsibilities within and between your team, related Control/Process Owners, control performers, as well as the second and third lines
  • Oversee the evaluation and design of internal controls; make recommendations to improve controls and processes by improving efficacy or streamlining processes
  • Create and foster a culture where controls are well understood by the impacted departments and other stakeholders
  • Ensure documentation of internal controls and processes is up to date and accessible by all, especially related as needed for audits
  • Team and Program/Audit Management:
  • Develop and manage an annual plan of projects, using a risk-based approach to prioritization
  • Perform an annual technology risk assessment and work with leadership on risk responses
  • Ensure your team program manages audit projects initiated by Oscar or external stakeholders, including SOX/SOC
  • Prepare and present updates to senior management
  • Mentor, coach, and train existing staff. Develop plans to hire, onboard and train new staff as needed
  • Technical aptitude:
  • Demonstrate aptitude and ability to translate between technical and non-technical stakeholders
  • Assist with the development of tooling, processes and policies that support governance, risk, and compliance. Advocate for investments that will increase control efficacy and testing efficiency
  • Control Remediation:
  • Develop and implement a system to capture and track control deficiencies and remediation status (in collaboration with the second line)
  • Collaborate with Control and Process Owners to develop action plans to correct control deficiencies, and to develop reviews with appropriate management on action until satisfactory resolution
  • Compliance with all applicable laws and regulations
  • Other duties as assigned
Desired Qualifications
  • Commutable to New York City preferred
  • Experience within the healthcare and technology industries
  • Experience working with a 250+ person Technology team
  • Experience in public accounting and/or CPA license
  • Experience remediating significant deficiencies and material weaknesses
  • Familiarity with internal control frameworks, such as COSO, COBIT, NIST
  • Ability to document and verbally communicate Technology processes in a clear and concise manner, including assessment of design and operating effectiveness controls
  • Track record of streamlining technology controls and/or processes
  • Communication and relationship skills to educate/raise awareness of foundational elements/methodologies needed to support an internal controls framework
  • Project management and process improvement skills