4 days ago

Logo of GoodRx

Sr. Director, Information Security and Compliance 4 Locations

$190k - $404k

GoodRx

New YorkSan Francisco, CASanta Monica, CARemoteNorth AmericaNew York, NYUSAmericasCalifornia

GoodRx is America’s healthcare marketplace. Each month, millions of people visit goodrx.com to find reliable health information and discounts for their healthcare — and we’ve helped people save $60 billion since 2011. We provide prescription discounts that are accepted at more than 70,000 pharmacies in the U.S., as well as telehealth services including doctor visits and lab tests. Our services have been positively reviewed by Good Morning America, The New York Times, NBC News, AARP, and many others.

Our goal is to help Americans find convenient and affordable healthcare. We offer solutions for consumers, employers, health plans, and anyone else who shares our desire to provide affordable prescriptions to all Americans.

About the Role

GoodRx is looking for a Sr. Director of Information Security and Compliance to lead our Security and Compliance strategy and initiatives. This is a senior leadership role in which an individual would champion Information Security and Compliance efforts across the organization by ensuring the protection of company’s data and assets. This individual would work closely with business stakeholders and executives to ensure that the organization is one step ahead of the curve to help keep our company secure, compliant, operational, and efficient.

The individual seeking this opportunity will be a strong thought leader, great people leader and excellent communicator. Above all, the person is expected to be an exceptional collaborator across multiple business stakeholders, vendor partners and the team members. Significant emphasis will be placed on identifying opportunities for innovation in order to ensure success in an increasingly competitive and fast-moving industry landscape. 

Responsibilities:

  • Ensure information security processes are in place and that information security and compliance department strategies and processes provide appropriate support to company-wide goals, and standards and expectations are integrated into all aspects of GoodRx’s operations.

  • Maintain compliance with audit methodology. Operate within industry best practices, applicable standards and regulations, and internal and external professional practice expectations to ensure successful annual audit and certification completion.

  • Manage our Information Security Management Program, including the development and implementation of security policies, procedures and standards to protect GoodRx information assets from unauthorized access, use, disclosure, disruption, modification, or destruction.

  • Ensure security processes consider and address organizational requirements.

  • Oversee the approval, training, and dissemination of policies, procedures, standards, controls, and guidelines across the organization. Manage on-going internal compliance education and training.

  • Partner closely with our Legal and Privacy teams to lead the risk assessment process and implement security controls when needed.

  • Communicate information security processes to all stakeholders. Keep Senior Management & Board members informed about security and compliance risks, and implications for the enterprise.

  • Recommend short and long-term technology initiatives and associated budgets.

  • Able to lead and grow experienced security and compliance teams while providing strategic guidance and planning.

  • Provide strong leadership to the various team members through mentoring, career development, interpersonal skills, teamwork ethic, and enabling leadership skills.

  • Champion collaboration, productivity and accountability: drive transparency across the function focusing on resource management, process controls and prioritization.

Skills and Qualifications:

  • College degree in a relevant discipline such as law, privacy, information technology, computer science or equivalent experience.

  • Strong background in privacy, cyber security, data security, software development and technology, preferably in a direct-to-consumer context.

  • Strength in leading and managing teams of dedicated information security and compliance professionals with a high growth rate.

  • 10+ years experience in the field of Security and Compliance. 5+ years experience in a senior management role. 6+ years of progressive advancement to senior leadership in a technology role.

  • Experience building out comprehensive compliance programs against frameworks such as HITRUST, ISO 27001, NIST 800-53, PCI DSS, SOC, SOC -2, HIPAA etc.

  • Maintain active industry certifications, such as CISSP, CISM, CRISC, CCSP, etc.

  • Demonstrated experience with various information and cloud systems, such as Service Now, Netsuite, Atlassian, GSuite, AWS, GCP etc.

  • Able to interpret technical details and translate those into business terms for executive leadership.

  • Proven technology leader with a track record of innovation and aggressive implementation of technologies.

  • Ability to lead technical implementation and impact successful plan execution.

  • Ability to develop and communicate relevant departmental metrics, SLA and performance reports to executive management.

  • Ability to multitask, work in a fast paced environment and have a high level of attention to detail.

  • Strong verbal and written communication skills.

  • Maintain positive and productive working relationships with other employees and departments.

  • Ability to work independently and to partner with others to promote an environment of teamwork.

  • Coordinate with General Counsel to monitor changes in the regulatory environment, and serves as the compliance SME regarding State and Federal laws and regulations, and communicate across Technology, Product, Compliance and Security teams to ensure alignment.

Security is responsible for implementing security measures, monitoring suspicious activity, and taking immediate action against cyber threats through the incident response process and vulnerability management program. Additionally, Security monitors GoodRx’s organizational systems for end users’ activities from an information security perspective and correlates / analyzes logs to detect potential Events and Incidents. Lastly, the team works collaboratively with other departments to improve the organization’s security posture.

At GoodRx, pay ranges are determined based on work locations and may vary based on where the successful candidate is hired. The pay ranges below are shown as a guideline, and the successful candidate’s starting pay will be determined based on job-related skills, experience, qualifications, and other relevant business and organizational factors. These pay zones may be modified in the future. Please contact your recruiter for additional information.

San Francisco and Seattle Offices:

$253,000.00 - $404,000.00

New York Office:

$232,000.00 - $371,000.00

Santa Monica Office:

$211,000.00 - $337,000.00

Other Office Locations:

$190,000.00 - $303,000.00

GoodRx also offers additional compensation programs such as annual cash bonuses and annual equity grants for most positions as well as generous benefits. Our great benefits offerings include medical, dental, and vision insurance, 401(k) with a company match, an ESPP, unlimited vacation, 13 paid holidays, and 72 hours of sick leave. GoodRx also offers additional benefits like mental wellness and financial wellness programs, fertility benefits, generous parental leave, pet insurance, supplemental life insurance for you and your dependents, company-paid short-term and long-term disability, and more!

We’re committed to growing and empowering a more inclusive community within our company and industry. That’s why we hire and cultivate diverse teams of the best and brightest from all backgrounds, experiences, and perspectives. We believe that true innovation happens when everyone has a seat at the table and the tools, resources, and opportunities to excel.

With that said, research shows that women and other underrepresented groups apply only if they meet 100% of the criteria. GoodRx is committed to leveling the playing field, and we encourage women, people of color, those in the LGBTQ+ communities, individuals with disabilities, and Veterans to apply for positions even if they don’t necessarily check every box outlined in the job description. Please still get in touch - we’d love to connect and see if you could be good for the role!

GoodRx is committed to providing reasonable accommodations for candidates with disabilities during our recruiting process. If you need any assistance or accommodations due to a disability, please reach out to us at accommodations@goodrx.com.

GoodRx is Americas healthcare marketplace. The company offers the most comprehensive and accurate resource for affordable prescription medications in the U.S., gathering pricing information from thousands of pharmacies coast to coast, as well as a tele-health marketplace for online doctor visits and lab tests. Since 2011, Americans with and without health insurance have saved $60 billion using GoodRx and million consumers visit goodrx.com each month to find discounts and information related to their healthcare. GoodRx is the #1 most downloaded medical app on the iOS and Android app stores. For more information, visit www.goodrx.com.