Bright Health
Through powerful relationships with care partners, Bright Health aims to help people live healthier and brighter lives
Austin, TX

AVP, Information Security (GRC) at Bright Health

| Austin | Remote
Sorry, this job was removed at 5:40 a.m. (CST) on Wednesday, January 26, 2022
Find out who's hiring in Austin.
See all Operations jobs in Austin
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Back to Career Site

Our Mission is to Make Healthcare Right. Together. Built upon the belief that by connecting and aligning the best local resources in healthcare delivery with the financing of care, we can deliver a superior consumer experience, lower costs, and optimized clinical outcomes.

What drives our mission? The company values we live and breathe every day. We keep it simple: Be Brave. Be Brilliant. Be Accountable. Be Inclusive. Be Collaborative.

If you share our passion for changing healthcare so all people can live healthy, brighter lives – apply to join our team.


The Associate Vice President, Cyber Security Governance, Risk, and Compliance (GRC) will be responsible for the management and daily operations of the GRC team. The team is responsible for assessing security risk, establishing security standards, and ensuring compliance against those standards across all disciplines of the information security domain. We are looking for a strategic leader who will be responsible for driving transformation in the way that the team manages work; driving shifts in the maturity of the control environment; and establishing best practices. You will be primarily responsible for enhancing and driving the security and resiliency risk management strategy, framework, tools, and processes.  Reporting to the CISO, you will act as a trusted business advisor to engage leadership at all levels of the organization and build/manage relationships across other departments and businesses.
The AVP, Governance, Risk, and Compliance is someone that has experience building and leading cyber security teams and is someone who is proactive, inclusive, and accountable for developing, maintaining, and carrying out the Risk Management strategic plan. This person will be delivering policy, processes, tools, technology, and human resources to a broad section of collaborators in the organization.


  • Recruit, manage, mentor, and lead a team responsible for the implementation of risk management strategy, High Value Asset protection and governance reporting.
  • Oversee and ensure an effective internal controls and regulatory compliance across the enterprise is being met following a risk-based approach in accordance with established company policies and procedures.
  • Establish cross-functional governance and develop executive and management-level reporting materials and GRC dashboards that report routinely the organization's security and resiliency risk posture, including risk reduction trends and risk mitigation status; develop Key Risk Indicators (KRI) processes to inform management and executives of the changing risk landscape.
  • Define and implement a security and resiliency risk management framework that includes alignment with business strategies and adoption of a common risk methodology, processes, and taxonomy; own reporting that drives risk buy-down, and GRC strategy in support of annual planning cycles.
  • Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitating the timely resolution of any audit findings.
  • Improve methods of capturing and presenting status of key compliance requirements in order to provide leadership with clear, concise data to enable appropriate decision making. Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitating the timely resolution of any audit findings.


  • Bachelor’s degree in computer science, engineering, or business administration, or related field, or equivalent combination of education and experience.
  • 10+ years of relevant work experience, including substantial work in information strategy, governance, risk, and compliance
  • 5+ years’ experience running a security GRC department in a fast-changing environment where new services and technologies constantly being on boarded and matured.
  • Experience with AuditBoard a plus
  • Expert knowledge of at least one scripting language is essential
  • Deep understanding and practical experience working with Sarbanes-Oxley (SOX HITRUST, MARS-E, FedRAMP, HIPAA, NIST-CSF, frameworks, and risk assessment activities.
  • Experience supporting security controls, compliance, and audit activity within a service provider organization with multiple technologies and architectures; Windows, Unix/Linux, VMWare, Oracle, SQL, IPS/IDS, DLP, and other security technologies.
  • Expert level knowledge regarding the implementation, deployment, and usage of security tools and programs
  • Strong knowledge of Windows, Linux and OSX operating systems.
  • Experience in large scale compliance or auditing environments
  • Experience performing vulnerability assessments, QA testing, Implementations & Validations
  • Strategic leader with experience leading change and delivering high quality results.
  • Demonstrable experience operating in a complex, federated global organization with a geographically dispersed team.
  • Successful track record of partnership across organizations to build trust and achieve shared goals.
  • Ability to take unpopular positions, when necessary, influence others to support these decisions, and maintain trust and credibility.
  • Excellent communications and presentation skills. Able to communicate sophisticated and technical issues effectively and concisely to executives.
  • Experience in facilitating Executive Leadership meetings.
  • High professional standards and expectations for self and others.
  • Professional stature and gravitas to collaborate with and influence team members with credibility and confidence.


  • Certified Information System Security Professional (CISSP)
  • Health Care Information Security Privacy Practitioner (HCISPP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control
We’re Making Healthcare Right. Together.
We are realizing a completely different healthcare experience where payors, providers, doctors, and patients can all feel connected, aligned and unified on the same team. By eradicating the frictions of competing needs, we are making it possible to give everyone more of what they want and deserve. We do this by:
Focusing on Consumers
We understand patient pain points, eliminating complexity while increasing transparency, for greater access and easier navigation.
Building on Alignment
We integrate and align individual incentives at all levels, from financing to optimization to delivery of care.
Powered by Technology
We employ our purpose built, integrated data platform to connect clinical, financial, and social data, to deliver exceptional outcomes.
As an Equal Opportunity Employer, we welcome and employ a diverse employee group committed to meeting the needs of Bright Health, our consumers, and the communities we serve. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

See More
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Where we are

We are downtown at 515 Congress Avenue, right in the heart of downtown! Tons of restaurants and close to public transportation.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • .NETLanguages
    • C#Languages
    • JavaLanguages
    • JavascriptLanguages
    • PythonLanguages
    • RubyLanguages
    • ScalaLanguages
    • SqlLanguages
    • PowerShellLanguages
    • D3JSLibraries
    • ReactLibraries
    • ReduxLibraries
    • FlutterLibraries
    • ASP.NETFrameworks
    • ExpressFrameworks
    • Node.jsFrameworks
    • Ruby on RailsFrameworks
    • SparkFrameworks
    • SpringFrameworks
    • HiveDatabases
    • Microsoft SQL ServerDatabases
    • MongoDBDatabases
    • MySQLDatabases
    • PostgreSQLDatabases
    • InVisionDesign
    • SketchDesign
    • Lucid ChartDesign
    • Aha!Management
    • ConfluenceManagement
    • JIRAManagement
    • Microsoft ProjectManagement
    • Microsoft DynamicsCRM

What are Bright Health Perks + Benefits

Bright Health Benefits Overview

We have 2 different health insurance plans, all through BlueCross Blue Shield (HDP & PPO). We cover the majority of the cost for the employee and some cost for family. We have two dental plans and a vision plan as well. We have a Lifestyle Spending Account and options for HSA/FSA. We put 4% of your total earnings into your 401K plan and you are immediately vested. We have all the latest technology (Mac or Surface laptops – your choice) to use including standing desks. Fully stocked fridge with snacks and drinks. Last Wednesday of every month is reserved for WellBeing Wednesday where we don't schedule any meeting that day so our employees can focus on deep work or learning something new.

Volunteer in local community
Partners with Nonprofits
Friends outside of work
Eat lunch together
Daily sync
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Pair programming
Open office floor plan
Dedicated Diversity/Inclusion Staff
Unconscious bias training
Diversity Employee Resource Groups
Hiring Practices that Promote Diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Bright Health is proud to offer a wellness stipend of $200/month to all employees!
Onsite Gym
Mental Health Benefits
Retirement & Stock Options Benefits
We will put 3% of your total earnings into your 401K plan, even if you don't put anything in. It's a safe harbor contribution.
401(K) Matching
Bright Health provides employees with a 401(k) plan managed by Vanguard. We provide a ‘safe harbor’ non-elective contribution equal to 3% of your compensation, regardless of participation in the p
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
We provide up to 6 weeks of parental leave for the primary caretaker. We also provide 2 weeks of leave for the secondary caretaker.
Flexible Work Schedule
Bright Health provides employees with a flexible work schedule that includes Core hours, Flexible start and end times.
Remote Work Program
Family Medical Leave
Vacation & Time Off Benefits
Generous PTO
Paid Holidays
Paid Sick Days
Perks & Discounts
Casual Dress
Commuter Benefits
Stocked Kitchen
Happy Hours
Happy hours are hosted on occasion.
Relocation Assistance
Fitness Subsidies
Bright Health employees are eligible for discounts on several gym memberships.
Home Office Stipend for Remote Employees
Professional Development Benefits
Tuition Reimbursement
Diversity Program
Lunch and learns
Cross functional training encouraged
Promote from within
Time allotted for learning
Online course subscriptions available
Customized development tracks

Additional Perks + Benefits

Bright's primary goal is to offer employee benefits and perks that are as flexible as possible to meet each employee's unique needs!

An Insider's view of Bright Health

What’s the vibe like in the office?

The office has a relaxed and laid back vibe but people are very serious about their work - perfect!


Data Engineer

What does your typical day look like?

My day is so varied, given how quickly we're growing, which is fulfilling for me. I have a good balance of strategic and tactical work in my day as well as time to focus and time to collaborate.


VP, Digital

What makes someone successful on your team?

A hard-working team player who thinks first and codes next is likely to learn a lot and quickly become a valuable member of the team. Lots of experience with some of our tooling is always nice, but if someone can't knowledge-share well or responds poorly to code reviews and other requests for collaboration, it'll be a tough fit.


Software Engineer 3

How do your team's ideas influence the company's direction?

We hire smart individuals who thrive on accomplishment and purpose. Our teams are exposed to the bigger picture through constant communication and dialogues – that encourages them to come up with innovative solutions to problems. We've made significant adjustments on our direction in technology and process that were initiated by the team.


VP, Engineering

More Jobs at Bright Health