Information Security GRC Analyst

Join us in creating a better way!

At eHealth, our mission is to expertly guide consumers through their health insurance and related options when, where, and how they prefer. We’re creating a better way – one that’s transparent and trustworthy for both our consumers externally and our employees internally. 

Move your career forward while connecting countless people to the life- changing, quality care they deserve. Our diverse team of innovators supports one another in solving some of the toughest challenges. We’re always on the lookout for creative opportunities to do right by our customers, and each other. Together, we’re creating a better way to work, united by our common passion to make a difference.

eHealth is America’s first and largest private online marketplace for health insurance, which allows individuals, families, and small businesses to compare insurance options side by side and enroll in coverage. Our mission is to help everyone find affordable Healthcare coverage through our website technology, consumer advocacy, and personalized customer assistance. The company has continued to evolve into an effective Expedia equivalent in the health care space. The increasing confidence that analysts and shareholders are demonstrating by our record share price is a testimony to our position in the health care market. Building a high-performance culture is critical for eHealth to continue on our path of intelligent and rapid growth and to win with our customers.

We’re looking for a versatile Governance, Risk, and Compliance (GRC) professional passionate about the people, processes, and technology that enable eHealth to achieve its mission. Your expertise will help to drive improvements to eHealth’s Information Security, Governance, Compliance, and Risk Assessment processes to empower sound decision-making. Your interpersonal skills will help foster a risk-aware culture throughout the company.

Compliance is a crucial pillar supporting eHealth’s overall Information Security Program. As an individual contributor on the GRC team, you will work with stakeholders across IT, Engineering, Legal, and HR along with other members of the GRC team. You will be responsible for assessing, evaluating, and making recommendations to leadership regarding the implementation of security controls aligned with SOC2 and eHealth's Risk Management program.

What you’ll do:

• Assist with internal and external audit engagements (SOC2 Type II, HITRUST, PCI-DSS, SOX, etc.)
  • Gather control evidence to ensure the information provided fulfills the requirements
  • Organize audit evidence and manage the control and process libraries
  • Assist the business to assess, document and remediate risks identified during the assessment
• Contribute to eHealth’s compliance maturity:
  • Work with the business to implement sound security controls aligned with the security policies and standards and identify control gaps
  • Develop metrics to report to management
• Assist with Security awareness training and phishing campaign exercises
• Work with business partners to respond to carrier security questionnaires
• Evaluate new vendors for security concerns
• Assess the status of projects to identify and implement appropriate corrective measures to resolve security concerns as they arise
• Demonstrate eHealth’s values in your behaviors, practices, and decisions.

What you’ll bring:

• A Bachelor's degree in Information Security, Information Systems or related field
• 2+ years of experience working in an Information Security audit setting such as SOC2 and HITRUST, and knowledge of security controls including NIST, HIPAA, & Privacy
• Ability to foster a collaborative working relationship in a fast-paced, team-oriented environment
• Strong written and verbal communication skills with a proven ability to hold constructive discussions with the business to ensure information security risks are adequately addressed
• We will consider candidates with equivalent work experience in lieu of a Bachelor’s.
• Attention to detail and strong research skills
• Ability to analyze problems from different angles and foster multiple perspectives
• Experience with risk management tool administration and configuration is a plus
• Ability to digest and translate technical language and relay to stakeholders outside of the Security field in understandable terms
• Ability to exercise judgement within defined procedures and determine appropriate action with autonomy and support as needed

What we value:

You’ll be part of an open-minded and cohesive team that works toward shared goals. We’re passionate about growing a diverse and inclusive information security team at eHealth because it makes us a stronger company and we’re stronger together. eHealth is committed to creating an inclusive space for everyone, no matter what.

What we offer (benefits):

• Generous benefits include medical, dental and vision beginning on your first day of employment
• 401K with matching
• Tuition reimbursement
• Employee stock purchase program
• 12 company paid holidays and flexible time off (PTO for non-exempt)

While this role is fully remote, all team members are expected to be available throughout each business day for video meetings and chats.

Please include a link to your LinkedIn profile, Github, and/or portfolio of

your work that you’d like to share with the hiring team. Profiles with these

will be prioritized.

PLEASE NO AGENCIES. We are NOT able to hire contractors through a 3rd party.

We are ONLY considering direct, full-time employment with eHealth in the US.

#LI-Remote

#LI-TB1

-

The base pay range reflects the anticipated pay range for this position. The actual base pay offered will depend on various factors including individual skills, experience, performance, qualifications, the department budget, and the location where work is performed. Base pay is one component of eHealth’s total rewards package, which also includes an annual performance bonus, plus an array of benefits designed to support employees’ personal and professional wellness. For more information on our total rewards offerings, please visit our career site.

-

Base Pay Range -$77,400 - $96,800

-

eHealth is an Equal Employment Opportunity employer. It is our policy to provide equal opportunity to all employees and applicants and to prohibit any discrimination because of race, color, religion, sex, national origin, age, marital status, sexual orientation, genetic information, disability, protected veteran status, or any other consideration made unlawful by applicable federal, state or local laws. The foundation of these policies is our commitment to treat everyone fairly and equally and to have a bias-free work environment.