Senior Manager-Governance, Risk, and Compliance

# Why Join Us

Curative is taking on fundamentally changing US healthcare. We are building a vertically integrated platform for managing the health of our patients. No more silos or navigating multiple companies to seek care and unexpected bills. We’re rebuilding from first principles, focusing on patients and delivering the highest quality care, not billing. Preventative care will be made easy and accessible to our patients, facilitated by the lab infrastructure we built for the scale of the covid19 pandemic. The work we’ve done delivering more than 30 million COVID tests and over 2 million vaccinations during the pandemic has given us the resources and lessons to achieve this mission.

# Information Security at Curative:

This team moves fast, and you should be excited about interacting with a wide variety of stakeholders—you'll have a direct impact on how patients, doctors, and other care professionals all interface securely with Curative. You should have a strong interest in building tools, be comfortable working with new technologies, and have a strong sense of enabling business operations through secure designs.  

Finally it's important to us that everyone on our team be prepared to work with and supportive of a variety of backgrounds, roles, and needs. Our organization is built on trust and mutual respect, we know that it's only together that we achieve truly great things.

Note: This role can be remote but the candidate must be able to travel onsite to Curative HQ as well as other Curative locations across the United States

# What you'll do

Reporting to the VP, Information Security you will be responsible for managing the Information Security Governance, Risk and Compliance Program at Curative

# Responsibilities

• Define and manage the Risk Management Framework; identifying, quantifying and addressing information security risks at Curative.
• Establish continuous monitoring regime to ensure controls applied to risks are operating effectively. 
• Help Curative to achieve its compliance objectives aligned to HIPAA- HiTECH, HITRUST, NIST 800-171 and SOC2 controls
• Develop a policy library that sets out the enterprise information security policy and communicates it effectively
• Manage a security training and awareness program that communicates expectations for user adherence to policies and practices, and instills in users the best practices for information security.
• Develop and publish metrics that demonstrate the effectiveness and efficiency of the program and the overall security health of the Enterprise.  
• Keep current on information security trends

# Requirements

• Experience with common Risk Frameworks and risk approaches, such as FAIR, NIST RMF, etc. 
• 5-7 years experience with SOC2, NIST and healthcare specific compliance 
• Audit background; either conducting audits or having responsibility for managing audit responses for an enterprise
• Experience collaborating with IT operations and product teams
• Experience rolling out Information Security awareness and training programs
• 5-7 years working with enterprise IT systems and developing monitoring programs to validate control effectiveness.  

# Bonus:

• Information security certification such as CISSP, CISA or similar.
• Experience in the healthcare industry

About Us

Co-founded by CEO Fred Turner and powered by a team of world-leading doctors, scientists, engineers, and health industry experts, Curative responded in March 2020 to the urgent need for COVID-19 testing, ultimately developing a network of thousands of testing sites across over 40 states and three CLIA-certified, high-complexity laboratories. As a result, Curative and its managed medical entities provided over 30 million COVID-19 tests and over 2 million COVID-19 vaccines.

Curative’s patient-facing services, healthcare facilities, integrated supply chain, and labs are part of a large platform we've built from the ground up that has allowed us to grow quickly and more efficiently than other healthcare companies. As a result, we were one of the first companies to respond to the pandemic providing COVID-19 testing at scale across the United States. 

We are now implementing a new model of comprehensive healthcare delivery focused on the whole person's well-being: providing expanded healthcare and wellness services while also streamlining access to preventative care. We are setting out to change healthcare in the United States and fundamentally re-designing the way that patients interact with their healthcare and health insurance. By building a connected platform for managing the health of our patients, we believe that we can deliver a better healthcare experience at a lower cost and with better outcomes so that our patients can focus on getting and staying well. Our model delivers healthcare by investing in patient preventive health from the start, reducing the barriers to entry to traditionally complex care networks and eliminating the concern of unexpected medical bills. Curative will launch its first members-only healthcare offering in Austin, January 2023. 

For more details on Curative and to stay tuned on what’s ahead, please visit curative.com and follow on Facebook, Instagram, and Twitter.