Vice President, Chief Information Security Officer

GoHealth is a leading health insurance marketplace and Medicare-focused digital health company. Through the efficient, multi-tiered guidance of our highly specialized licensed insurance agents, GoHealth meets Medicare consumers where they are in their enrollment journeys and empowers them to choose the plan and carrier best suited for their healthcare needs. Our extensive industry expertise, including the use of data science and machine learning with key investments in proprietary technology, helps consumers cut through the confusion and enroll confidently.

Why Apply :

As an industry leader in the Medicare marketplace, we are compelled to not only embrace change but to actively be the change to adapt to our consumers complex needs. We believe in hiring risk-takers, innovators, and collaborators within our industry to create individualized, simplified healthcare solutions for our beneficiaries.

Our #TeamGoHealth employees are at the core of our collective success; that's why we are committed to discovering the best in-class talent and ensuring that each team member receives the development tools and support they need to flourish in their professional endeavors.

We also understand that you may not check every box in our requirements list most applicants don’t! In fact, frequently cited statistics show that women and underrepresented groups apply to jobs only if they meet 100% of the qualifications. GoHealth encourages you to break that statistic and to apply today!

About the role :

We are looking for a Vice President, Chief Information Security Officer to lead a team of experienced security professionals to drive Information Security vision, strategy, adoption, and continuous improvement. There will be heavy emphasis on security and compliance requiring a strategic and proactive approach to safeguarding our organization’s data and ensuring adherence to regulatory requirements and contractual obligations. A successful candidate will be a highly motivated consensus builder, able to work across business lines, understand business challenges, and integrate them into a pragmatic, business-aligned strategy.

What you'll do :

• Provide strategic leadership to define and advance the company Information Security priorities and objectives.
• Develop and maintain key relationships across business units and in a matrixed environment to define business-unit objectives, identify and track high-value assets, evaluate possible risks, implement risk management processes, and raise risk awareness.
• Advise senior management and our board on policies, processes, and systems.
• Analyze and mitigate Information Security threats.
• Ensure internally developed and acquired technologies comply with organizational security & compliance requirements.
• Plan, design, and implement an information security strategy to protect the confidentiality, integrity, and availability of the company’s information assets
• Provide operationally robust, cost-effective, centralized security services to all departments.
• Liaise with auditors, regulators, and other third parties to ensure compliance and effective security controls.
• Assess and manage the security posture of third-party vendors and partners.
• Determine the cause of internal and external security incidents and institute appropriate corrective action.
• Present regular feedback reports on Information Security to organizational leadership.
• Monitor and drive organizational response to evolutions in Information Security standards and threats.
• Develop and manage Information Security budget and expenses.
• Provide oversight of Endpoint, Server, Cloud, SIEM, Email, Data, and IAM Security initiatives.
• Lead security & architecture assessments and operationalization of ISO, SOC, SOX, HIPAA, and NIST framework controls.
• Provide security leadership for AWS, Azure, and IaC environments.
• Mature the privacy compliance including GDPR and CCPA.
• Responsible for RFP and Contract review of cybersecurity related content in collaboration with legal departments.

What we're looking for :

• Bachelor's degree in computer science, information technology, or a related field.
• Minimum of experience required, with expertise in security architecture design, network security, mobile security, vulnerability management, threat intelligence / analysis, and risk management.
• Minimum 5 years leading a team and / or partnering with senior leadership on related responsibilities.
• Experience managing budgets and financial forecasting.
• Superior collaboration, communication, people management, and coaching skills.
• In-depth understanding of relevant frameworks and regulations including HIPAA, SOX, and NIST.
• Ability to translate complex technology and security information into understandable business risks.
• Demonstrated ability to build consensus and execute iteratively as a pragmatic change agent.
• Excellent written and verbal communication skills.

Location : Onsite Chicago / Hybrid

• Happy hours, ping-pong tournaments, and more company-sponsored events
• GoHealth is an Equal Opportunity Employer
• 401k program with company match
• Medical, dental, vision, and life insurance benefits
• Flexible spending accounts
• Commuter and transit benefits
• Professional growth opportunities
• Casual dress code
• Generous employee referral bonuses

LI-SR1

Chief Information Security Officer • Illinois