Named by Rock Health as the Best Digital Health Company to Work For , Color is a leading healthcare technology company.
Color is building and delivering technology-enabled healthcare to millions of people.
Through partnerships with public and private partners including governments, employers and health systems, Colors infrastructure and software enables large populations to receive essential healthcare services directly where they live or work.
This includes testing and telehealth services for preventive health and infectious disease management.
Since March 2020, Color has mobilized to address the pandemic by leveraging its platform to scale COVID-19 testing programs around the country.
Colors platform is used by more than 100 major employers, universities and public health institutions, such as the City of San Francisco, the State of California and PerkinElmer, community-based efforts in Oakland, and others, to deliver critical health programs.
For more information about Color and its response to COVID-19, visit www.color.com .
By investing in the technology that ensures easy and affordable access to healthcare, Color is creating the infrastructure that will serve us for decades to come.
Apply to join Color and do some of the most important work of your career.
If you are not sure that you’re 100% qualified, but are up for the challenge
– we want you to apply We are looking for someone to join our Information Security team to help with the regulatory and compliance reporting.
This is a Full-time employment position.
How Youll Contribute: Update policies and procedures and supporting documentation as necessary.
Participate in the steps of the security authorization and assessment processes for systems and services.
Provide advice to stakeholders to assign resources and establish timelines to ensure the successful security authorization of systems.
Review and validate the relevant security controls and applicable departmental policies for each technical system assigned.
Perform oversight and reporting of compliance of Colors security program governance.
Review, validate, and monitor the NIST Plan of Actions & Milestones (POA&Ms) for each non-compliant control.
Document to support the POA&M lifecycle as required, including waivers and exceptions detailing the potential risks to the relevant stakeholders.
Provide, track and report security controls effectiveness throughout the life cycle of all relevant projects within the accreditation boundary of assigned systems.
Contribute to the development of customer-facing materials covering topics related to security, compliance, and audit to help customers manage their own audit efforts involving Color products more effectively.
Contribute to ongoing efforts to standardize and improve audit readiness testing techniques and program-level Manage internal audit and Customer Audit of services and solutions as necessary.
Work closely with the security team to provide analysis and oversight for all requested initiatives.
Our Ideal Candidate Will Have: 5 years experience in audit or compliance roles.
Recent experience with regulatory and compliance frameworks such as HIPAA, NIST 800-53, ISO 27001.
Ability to synthesize compliance requirements into technical implementations in complex environments.
A passion for improving processes, iterate and refine beyond the status quo or checkboxes.
Experience in designing, testing and implementing, and reviewing internal controls.
Demonstrated experience in Public Sector Compliance and Security
– ConMon Management, ATO management.
Exposure to software version control systems/Git and GitHub.
Some experience with scripting or automating manual workflows.
Adept at project management and analysis work, including facilitation, interpretation, note-taking, and documentation.
Nice to Have: Experience in Digital Health or SaaS organizations operating in highly regulated industries.
Experience with the General Data Protection Regulation or California Consumer Privacy Act.
Experience with cloud environments such as Amazon Web Services.
LI-SK Color is an equal opportunity employer.
In accordance with anti-discrimination law, it is the purpose of this policy to effectuate these principles and mandates.
Color prohibits discrimination and harassment of any type and affords equal employment opportunities to employees and applicants without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Color conforms to the spirit as well as to the letter of all applicable laws and regulations.