Compliance Manager - IT/Healthcare

Responsibilities:

- Compliance Program Management: Own the strategy, execution, and tracking of compliance across frameworks like HIPAA, SOC 2 ISO 27701 and HiTrust.

- Audit & Certification Readiness: Lead internal readiness efforts for audits and certifications, partnering with third-party assessors and internal stakeholders.

- Policy Development: Draft, maintain, and implement policies, procedures, and controls aligned with regulatory and industry standards.

- Risk Management: Conduct risk assessments, control gap analyses, and incident investigations to identify compliance weaknesses and mitigate risk.

- Cross-Functional Collaboration: Work closely with engineering, product, security, and legal to ensure new features and systems are compliant by design.

- Security & Privacy Oversight: Support the security team in managing vendor reviews, access controls, data handling policies, and encryption practices.

- Employee Training & Awareness: Develop and lead internal compliance education programs, including onboarding, role-based training, and refreshers.

- Regulatory Monitoring: Stay up to date with changes in relevant laws and standards and proactively adjust company practices to stay in alignment.

- Reporting: Prepare reports for leadership and external stakeholders demonstrating compliance posture, audit findings, and remediation efforts.

Requirements:

- 5+ years of experience in compliance, privacy, or security-related roles, ideally within tech, SaaS, or healthcare organizations.

- Deep understanding of HIPAA, SOC 2 ISO 27701 and HiTrust frameworks and certification processes.

- Strong knowledge of data privacy laws (e. g., GDPR, CCPA) and IT security principles.

- Experience working cross-functionally with product, security, legal, and engineering teams.

- Excellent writing, policy drafting, and documentation skills.

- High integrity and attention to detail, able to manage sensitive information and operate with discretion.

- Bonus: Certifications such as CIPP, CISA, CISSP, or HiTrust CCSFP.

- Bachelor's degree in a related field (Information Security, Law, Business, or equivalent experience).