Role Overview As aCompliance Manager,you will oversee and manage the implementation, maintenance, and monitoring of compliance frameworks — includingHIPAA ,SOC 2 ,ISO 27701 , andHiTrust . You’ll collaborate across engineering, legal, operations, and security to ensure our platform and internal practices meet industry, regulatory, and partner standards. This is a critical, cross-functional role for someone who thrives at the intersection of regulation, systems thinking, and fast-moving tech environments.Responsibilities Compliance Program Management:Own the strategy, execution, and tracking of compliance across frameworks like HIPAA, SOC 2, ISO 27701, and HiTrustAudit & Certification Readiness:Lead internal readiness efforts for audits and certifications, partnering with third-party assessors and internal stakeholdersPolicy Development:Draft, maintain, and implement policies, procedures, and controls aligned with regulatory and industry standardsRisk Management:Conduct risk assessments, control gap analyses, and incident investigations to identify compliance weaknesses and mitigate riskCross-Functional Collaboration:Work closely with engineering, product, security, and legal to ensure new features and systems are compliant by designSecurity & Privacy Oversight:Support the security team in managing vendor reviews, access controls, data handling policies, and encryption practicesEmployee Training & Awareness:Develop and lead internal compliance education programs, including onboarding, role-based training, and refreshersRegulatory Monitoring:Stay up to date with changes in relevant laws and standards and proactively adjust company practices to stay in alignmentReporting:Prepare reports for leadership and external stakeholders demonstrating compliance posture, audit findings, and remediation effortsQualifications 5+ years of experience in compliance, privacy, or security-related roles, ideally within tech, SaaS, or healthcare organizationsDeep understanding of HIPAA, SOC 2, ISO 27701, and HiTrust frameworks and certification processesStrong knowledge of data privacy laws (e.g., GDPR, CCPA) and IT security principlesExperience working cross-functionally with product, security, legal, and engineering teamsExcellent writing, policy drafting, and documentation skillsHigh integrity and attention to detail, able to manage sensitive information and operate with discretionBonus: Certifications such as CIPP, CISA, CISSP, or HiTrust CCSFPBachelor’s degree in a related field (Information Security, Law, Business, or equivalent experience)
Job Title
Compliance Manager - Healthcare