• Provide strategic leadership to define and advance the company Information Security priorities and objectives.
• Develop and maintain key relationships across business units and in a matrixed environment to define business-unit objectives, identify and track high-value assets, evaluate possible risks, implement risk management processes, and raise risk awareness.
• Advise senior management and our board on policies, processes, and systems.
• Analyze and mitigate Information Security threats.
• Ensure internally developed and acquired technologies comply with organizational security & compliance requirements.
• Plan, design, and implement an information security strategy to protect the confidentiality, integrity, and availability of the company’s information assets.
• Provide operationally robust, cost-effective, centralized security services to all departments.
• Liaise with auditors, regulators, and other third parties to ensure compliance and effective security controls.
• Assess and manage the security posture of third-party vendors and partners.
• Determine the cause of internal and external security incidents and institute appropriate corrective action.
• Present regular feedback reports on Information Security to organizational leadership.
• Monitor and drive organizational response to evolutions in Information Security standards and threats.
• Develop and manage Information Security budget and expenses.
• Provide oversight of Endpoint, Server, Cloud, SIEM, Email, Data, and IAM Security initiatives.
• Facilitate BC/DR table-top test exercises.
• Lead security & architecture assessments and operationalization of ISO, SOC, SOX, HIPAA, and NIST framework controls.
• Provide security leadership for AWS, Azure, and IaC environments.
• Mature the privacy compliance including GDPR and CCPA.
• Responsible for RFP and Contract review of cybersecurity related content in collaboration with legal departments.

Required qualifications:

• Bachelor's degree in computer science, information technology, or a related field.
• Minimum of experience required, with expertise in security architecture design, network security, mobile security, vulnerability management, threat intelligence/analysis, and risk management.
• Minimum 5 years leading a team and/or partnering with senior leadership on related responsibilities.
• Experience managing budgets and financial forecasting.
• Superior collaboration, communication, people management, and coaching skills.
• In-depth understanding of relevant frameworks and regulations including HIPAA, SOX, and NIST.
• Ability to translate complex technology and security information into understandable business risks.
• Demonstrated ability to build consensus and execute iteratively as a pragmatic change agent.
• Excellent written and verbal communication skills.

Location:

Onsite Chicago/Hybrid

Perks/Benefits:

• Happy hours, ping-pong tournaments, and more company-sponsored events
• Subsidized gym memberships
• GoHealth is an Equal Opportunity Employer
• Open vacation policy
• 401k program with company match
• Medical, dental, vision, and life insurance benefits
• Flexible spending accounts
• Commuter and transit benefits
• Professional growth opportunities
• Casual dress code
• Generous employee referral bonuses

#LI-SR1

GoHealth Privacy Policy