Technology Control Officer
Date ActiveMar 27, 2022 12:00:00 AM
Hours Per Week40
LocationRemote - Nationwide
Job Description/ Requirements
At HSA Bank, we're working toward a world where everyone is empowered to save for a healthy future. Our offerings in the healthcare savings space drive down healthcare costs, increase access, and assist with decision-making for consumers, health plans, partners, and advisors.
Are you ready to join us?
Reporting administratively to HSA COO, TCO is accountable to Webster CIO (or designate) to ensure HSA Bank in general, and the Bend organization specifically, are aligned to Webster information technology, information protection, and risk management policies.
- Define and implement information risk controls and technology operations processes to comply with and achieve intended outcomes of Webster Information Risk policies and standards as specific to Bend's technology environment.
- Provide input into the Bend integration, identifying process changes, system and application adjustments (features, protocols, etc.) required to meet Webster enterprise requirements
- Adopt Webster enterprise processes as appropriate to control risk efficiently. Adjust Webster enterprise processes where necessary, while ensuring intended outcomes are achieved.
- Support the Webster enterprise second line on policy development. Provide input and map Health Benefits (HSA/Notional) industry specific regulatory requirements to enterprise policies and standards.
- Perform information risk self-assessments including HIPAA, RCSAs and ISRAs
- Partner with CISO organization and HSA/Bend management team to ensure employees are appropriately educated and engaged in protecting information, including completing all necessary internal/external training.
- Lead Bend efforts to support assurance programs, including SOC 2 / HiTrust, SOX and PCI compliance
- Monitor Bend technology operations processes, risk control limits and tolerance thresholds
- Maintain and monitor HSA/Bend application asset inventories (application ownership, etc.) ensuring appropriate maintenance and upgrades occur to maintain compliance with Webster enterprise requirements as well as Bend SOC2 audit requirements. This will include overseeing endpoint protection, intrusion protection and prevention, static scanning, dynamic scanning, penetration testing, key rotations etc.
- Manage risk issues, oversee corrective actions, and escalate to the Webster second line as appropriate.
- Bachelor's degree in related field required.
- 5+ years of experience in technology governance, audit or risk management
- Experience in financial services, health benefits, and payment processing
- 3 years of AWS or other cloud native development experience
Travel to Milwaukee offices may be required on a limited basis and requires a valid driver's license with a safe driving record.