Manager - IT Compliance - Healthcare Industry

Role Overview

Youll collaborate across engineering, legal, operations, and security to ensure our platform and internal practices meet industry, regulatory, and partner standards.

This is a critical, cross-functional role for someone who thrives at the intersection of regulation, systems thinking, and fast-moving tech environments.

Responsibilities

- Audit & Certification Readiness: Lead internal readiness efforts for audits and certifications, partnering with third-party assessors and internal stakeholders.

- Policy Development: Draft, maintain, and implement policies, procedures, and controls aligned with regulatory and industry standards.

- Risk Management: Conduct risk assessments, control gap analyses, and incident investigations to identify compliance weaknesses and mitigate risk.

- Cross-Functional Collaboration: Work closely with engineering, product, security, and legal to ensure new features and systems are compliant by design.

- Security & Privacy Oversight: Support the security team in managing vendor reviews, access controls, data handling policies, and encryption practices.

- Employee Training & Awareness: Develop and lead internal compliance education programs, including onboarding, role-based training, and refreshers.

- Regulatory Monitoring: Stay up to date with changes in relevant laws and standards and proactively adjust company practices to stay in alignment.

- Reporting: Prepare reports for leadership and external stakeholders demonstrating compliance posture, audit findings, and remediation efforts.

Qualifications

- Deep understanding of HIPAA, SOC 2, ISO 27701, and HiTrust frameworks and certification processes.

- Strong knowledge of data privacy laws (e.g., GDPR, CCPA) and IT security principles.

- Experience working cross-functionally with product, security, legal, and engineering teams.

- Excellent writing, policy drafting, and documentation skills.

- Bonus: Certifications such as CIPP, CISA, CISSP, or HiTrust CCSFP.

- Degree in a related field (Information Security, Law, Business, or equivalent experience).