Lead IT Support for a remotely distributed workforce through implementing ITSM best practices
Fully manage the installation, configuration, and maintenance of physical and virtual assets and serve as the go-to IT resource for company employees
Manage onboarding and off-boarding processes of employees, including computer/hardware procurement, setup, and account provisioning on Apple and Windows Devices.
Create accurate and clear technical, security, and HIPAA-related documentation, develop support playbooks and process governance, own data flow maps and systems inventory
Build and maintain vendor relationships, including tracking vendors, contract terms, security requirements, Business Associate Agreements (BAAs) maintenance, and policies
Oversee and manage the organization's security strategy and initiatives to protect its assets, employees, and stakeholders and ensure compliance with industry standards and regulations
Conduct regular risk assessments to identify potential security and HIPAA vulnerabilities, develop mitigation plans, and lead the response to security incidents, coordinating efforts to minimize impact and recover from breaches
Develop and test business continuity and disaster recovery plans
Own and support the IT, security, and data infrastructure required to maintain HIPAA compliance across the organization as required under HIPAA Security and Privacy Rules
Partner with Legal, People, Operations, and Engineering to ensure appropriate safeguards are in place for the protection of PHI and other sensitive data
Support internal and external audits, security questionnaires, and customer due diligence related to HIPAA and data protection practices
Develop and deliver employee security and HIPAA awareness training in partnership with People Ops and Legal
Assist in investigation and response to potential security or privacy incidents involving PHI, including documentation and remediation tracking
Continuously improve controls and processes to strengthen Sana’s security posture and ensure ongoing HIPAA compliance as the organization scales
Requirements
Bachelor’s degree in Information Security, Computer Science, or a related field preferred; Master’s degree is a plus.
Minimum of 8 years’ experience in the IT industry, with at least 5 years in information security roles.
5+ years of experience with management of IT Assets, Services and Cloud applications, procurement, and employee on-boarding/off-boarding workflows
Experience working in a small company going through hyper-growth from 50 employees to 200 employees
Strong analytical and problem-solving abilities.
Exposure to HIPAA compliance highly desirable.
Advanced certifications such as CISSP, CISM, or CISA are highly desirable.
In-depth knowledge of information security standards, frameworks, and best practices (e.g., ISO 27001, NIST, CIS Controls).
In-depth knowledge of IT standards, frameworks, and best practices (e.g., ITIL, COBIT).
Solid understanding of networking, systems, and information security principles.
Strong project management skills.
Tech Stack
Cloud
ITSM
Benefits
Remote company with a fully distributed team – no return-to-office mandates
Flexible vacation policy (and a culture of using it)
Medical, dental, and vision insurance with 100% company-paid employee coverage
401(k), FSA, and HSA plans
Paid parental leave
Short and long-term disability, as well as life insurance
Competitive stock options are offered to all employees
Transparent compensation & formal career development programs
Paid one-month sabbatical after 5 years
Stipends for setting up your home office and an ongoing learning budget
Direct positive impact on members’ lives – wait until you see the positive feedback members share every day