Compliance Manager - Healthcare

Role Overview

Compliance Manager,

This is a critical, cross-functional role for someone who thrives at the intersection of regulation, systems thinking, and fast-moving tech environments.

Responsibilities

• Compliance Program Management:

  Own the strategy, execution, and tracking of compliance across frameworks like HIPAA, SOC 2, ISO 27701, and HiTrust

• Audit & Certification Readiness:

  Lead internal readiness efforts for audits and certifications, partnering with third-party assessors and internal stakeholders

• Policy Development:

  Draft, maintain, and implement policies, procedures, and controls aligned with regulatory and industry standards

• Risk Management:

  Conduct risk assessments, control gap analyses, and incident investigations to identify compliance weaknesses and mitigate risk

• Cross-Functional Collaboration:

  Work closely with engineering, product, security, and legal to ensure new features and systems are compliant by design

• Security & Privacy Oversight:

  Support the security team in managing vendor reviews, access controls, data handling policies, and encryption practices

• Employee Training & Awareness:

  Develop and lead internal compliance education programs, including onboarding, role-based training, and refreshers

• Regulatory Monitoring:

  Stay up to date with changes in relevant laws and standards and proactively adjust company practices to stay in alignment

• Reporting:

  Prepare reports for leadership and external stakeholders demonstrating compliance posture, audit findings, and remediation efforts

Qualifications

• 5+ years of experience in compliance, privacy, or security-related roles, ideally within tech, SaaS, or healthcare organizations

• Deep understanding of HIPAA, SOC 2, ISO 27701, and HiTrust frameworks and certification processes

• Strong knowledge of data privacy laws (e.g., GDPR, CCPA) and IT security principles

• Experience working cross-functionally with product, security, legal, and engineering teams

• Excellent writing, policy drafting, and documentation skills

• High integrity and attention to detail, able to manage sensitive information and operate with discretion

• Bonus: Certifications such as CIPP, CISA, CISSP, or HiTrust CCSFP

• Bachelor’s degree in a related field (Information Security, Law, Business, or equivalent experience)