Key skills
CloudITSMGoProject Management
About this role
Role Overview
- Lead IT Support for a remotely distributed workforce through implementing ITSM best practices
- Fully manage the installation, configuration, and maintenance of physical and virtual assets and serve as the go-to IT resource for company employees
- Manage onboarding and off-boarding processes of employees, including computer/hardware procurement, setup, and account provisioning on Apple and Windows Devices.
- Create accurate and clear technical, security, and HIPAA-related documentation, develop support playbooks and process governance, own data flow maps and systems inventory
- Build and maintain vendor relationships, including tracking vendors, contract terms, security requirements, Business Associate Agreements (BAAs) maintenance, and policies
- Oversee and manage the organization's security strategy and initiatives to protect its assets, employees, and stakeholders and ensure compliance with industry standards and regulations
- Conduct regular risk assessments to identify potential security and HIPAA vulnerabilities, develop mitigation plans, and lead the response to security incidents, coordinating efforts to minimize impact and recover from breaches
- Develop and test business continuity and disaster recovery plans
- Own and support the IT, security, and data infrastructure required to maintain HIPAA compliance across the organization as required under HIPAA Security and Privacy Rules
- Partner with Legal, People, Operations, and Engineering to ensure appropriate safeguards are in place for the protection of PHI and other sensitive data
- Support internal and external audits, security questionnaires, and customer due diligence related to HIPAA and data protection practices
- Develop and deliver employee security and HIPAA awareness training in partnership with People Ops and Legal
- Assist in investigation and response to potential security or privacy incidents involving PHI, including documentation and remediation tracking
- Continuously improve controls and processes to strengthen Sana’s security posture and ensure ongoing HIPAA compliance as the organization scales
Requirements
- Bachelor’s degree in Information Security, Computer Science, or a related field preferred; Master’s degree is a plus.
- Minimum of 8 years’ experience in the IT industry, with at least 5 years in information security roles.
- 5+ years of experience with management of IT Assets, Services and Cloud applications, procurement, and employee on-boarding/off-boarding workflows
- Experience working in a small company going through hyper-growth from 50 employees to 200 employees
- Strong analytical and problem-solving abilities.
- Exposure to HIPAA compliance highly desirable.
- Advanced certifications such as CISSP, CISM, or CISA are highly desirable.
- In-depth knowledge of information security standards, frameworks, and best practices (e.g., ISO 27001, NIST, CIS Controls).
- In-depth knowledge of IT standards, frameworks, and best practices (e.g., ITIL, COBIT).
- Solid understanding of networking, systems, and information security principles.
- Strong project management skills.
Tech Stack
- Cloud
- ITSM
Benefits
- Remote company with a fully distributed team – no return-to-office mandates
- Flexible vacation policy (and a culture of using it)
- Medical, dental, and vision insurance with 100% company-paid employee coverage
- 401(k), FSA, and HSA plans
- Paid parental leave
- Short and long-term disability, as well as life insurance
- Competitive stock options are offered to all employees
- Transparent compensation & formal career development programs
- Paid one-month sabbatical after 5 years
- Stipends for setting up your home office and an ongoing learning budget
- Direct positive impact on members’ lives – wait until you see the positive feedback members share every day